It was lunchtime last Saturday when my call center staff messaged me. She discovered malware infecting a SEC form. This GIS form was hosted by the Philippine Securities and Exchange Commission. Fortunately, she remembered to check all files for malware using the virustotal.com. We learned of this tool from RootCon Security conference in Tagaytay.
This screenshot shows the malware that virus total detected:
Fork! And Shirt!
SEC was unwittingly helping a cybercriminal somewhere spread their malware. Everyone’s PC would be infected every time they downloaded this GIS form. I posted this on my FB wall. I asked for my cybersecurity friends to help confirm what we were seeing. Almost immediately, Tzar Umang confirmed. Both Sam Jacoba and my editor, Art Samaniego tagged DICT ASEC for cybersecurity Allan S. Cabanlong.
Quick Response on a weekend
ASEC Cabanlong notified SEC Chairman Emilio B Aquino. Both happen to be schoolmates from Universidad De Zamboanga. This prior trust led to quick response from the SEC. By Sunday, SEC’s Director for IT Meonee Felizmenio shutdown the site for “maintenance’. By that time, the SEC was assisted by NCERT team lead Mr Alwell Mulsid. NCERT stands for National Computer Emergency Response Team.
Message to the Public
DICT ASEC Cabanlong thanks the public for alerting the government. Countless businesses were saved from being infected with Malware. The coordinated action by combined government units is a rare instance where government agencies worked together so well and so fast. (Again over a weekend).
We can reach out to them either by using CICCgovph Facebook page or by contacting them directly at +63 2- 920 0101 local 1002
Prayer to ICS
I do hope our friends at ICS (Integrated Computer System) can fast track the delivery of the Vulnerability Assessment and Penetration testing software to DICT. This will be greatly appreciated by the computing public.