2 March 2013. The BOA files malware alert should not detract from the value of the great release. Delete the pest, extoll the rest. 1 March 2013. Source of BoA malware email: http://par-anoia.net/assessment/us/bofa/allTexts/emails/55. 1_13_2012 - EWT - TACTO.txt Inactive link is deliberate. This email contains active malware, do not run if downloaded. AV may automatically delete if downloaded: Here is a neutered version in PDF (scanned OK by Norton AV): http://cryptome.org/2013/03/boa-malware-neutered.pdf It is peculiar that the BoA security team did not appear to recognize that attaching malware to an email, or including it in body text, can infect the email servers handling the email as well as networked servers and extended networks. The same peculiarity applies to HBGary, for example, which regularly exhanged malware attachments to email or within body text "for analysis" without isolation in secure containers for transmission. That shoot-in-the-foot negligence can apply to those posting malware to IRC, drop boxes and pastes. Ironically, it could apply to Par-AnoIA and downloaders of infected BoA files that were not blocked by AV programs. Whether the peculiarity, negligence and lack of oversight is due to skills vanity, ignorance, accidental or deliberate is ponderable. To be sure, some cybersecurity wizards distrust commercial security products in favor of business to promote their home brews of 24x7 staffing armed with classified research and secret means and methods, i.e., CyberCommand and its contractors. 1 March 2013 Malware in Bank of America Files A reports that Par-AnoIA's release of Bank of America files contained malware in the two BankOfSpooks files (and that there may be others): Cryptome confirmed the malware in BankOfSpooks.tar.gz, but its version of BankOfSpooks.tgz did not have that email, jumping from email 54 to email 56 (both files downloaded on 28 February 2013). It is to be expected that security reports reference malware and may contain the malware as examples, active or neutered. The HBGary files contained numerous examples of malware, including Stuxnet and other APTs. In addition, security experts plant malware, genuine and spoofed, as poison pills or APTs to trace, combat and counterattack attackers, to deceive and scare downloaders and to muddle publicity about attacks. Competitors plant malware to disparage products and services. AV firms plant malware to boost the market. Governments plant malware to increase fear, doubt and dependency on national security. Hackers plant malware for lulz and braggardy. Malware -- and reports of malware -- can be an attention-getting hoax as with any form of fear-driven security. Malware can be invented, planted and discovered by cybersecurity and AV experts to exploit fearful clients, governments, citizens, users and in complicity with other experts and their witting and unwitting hackers -- cyberwarfare is booming thus mostly war-time profligate waste, duplicity, treachery and chicanery. It has not been determined if the BoA malware is genuine, benign, spoofed, neutered, poison pill, APT or cyberwarfare run amok by dreams of BoA accumulated wealth. Cryptome reported the malware to Par-AnoIA: To: submissions@par-anoia.se

Date: February 28, 2013

Subject: Reported Virus in BoA Files You have probably heard already about a reported virus in your two BankOfSpooks files. Email infection is reported for: 55. 1_13_2012 - EWT - TACTO.txt Our copy of .tgz does not have 55, but it is in .tar.gz, both downloaded today. Someone reports the virus in both .tgz and .tar.gz. Great release, congrats John Young

Cryptome.org