lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40C5FB8C.7080206@emmanuelcomputerconsulting.com>
From: hescominsoon at emmanuelcomputerconsulting.com (William Warren)
Subject: Possible First Crypto Virus Definitely Discovered!

have you got any code or anything to substantiate this?  Your site is 
unreachable

Billy B. Bilano wrote:

> Salutations, amigos!
> 
> Bill Bilano here, reporting in from the front-lines! I've got some
> disturbing news that I've got to get some answers about while I share. I
> think we're about to come under full hacker attack at any second! And to
> those people that said us folks talking about crypto viruses were being
> chicken littles... let me tell you, the sky just fell! And it is HEAVY!
> 
> I was sitting at my desk doing more research on the OPENBSD virus I
> discovered last week. I was watching ethereal and monitoring the traffic
> coming in and out of the facility and I saw a ton of traffic coming straight
> for our web servers! The routers, firewalls, and intrusion detraction
> systems were not sounding the red alarms like they should have been (we'll
> get to THAT one later).
> 
> There appears to be a new virus in town and it's affecting Windows and UNIX
> web servers! I have not identified a pattern of infection yet but the virus
> is clearly advancing but it only affects web servers!
> 
> The virus works on port 443. It seems to accept inbound connections on that
> port as well and, presumably, awaits for commands from some series of
> servers elsewhere. Perhaps taking orders? I also captured some of the
> traffic and attempted to analyze it up but it looks like -- you heard it
> here first, folks -- the payload is encrypted! Is this the first of a coming
> storm of crypto viruses we've all been eagerly fearing? (I have already sent
> a copy of the payload to the distributed.net people so they can try to use
> some of those wasting cycles to decipher it like they did the last one!)
> 
> I have taken the liberty of naming the virus already. I looked in
> etc/services and saw that this port is for and it is something called "ssl"
> so I am calling it w32.ssl.b (b for bilano, since I discovered this wretched
> thing!)
> 
> I called in our webmaster and showed him the data. He is either too stupid
> to know what's going on or he takes me for a fool. I got him in the
> conference room and showed him the print outs. He tried to convince me it
> was not a virus and just normal web traffic but web traffic is on port 80!
> No fooling old Bill! LOL! So I told him to gather his stuff up and gave him
> his marching orders. I have no time for this kind of bull, what with the
> OPENBSD virus last week (still picking up the pieces there). He must have
> known I was on to him because he was just laughing on his way out the front
> door. He may have even been involved with the infection! Good riddance,
> chump!
> 
> At any rate, this is your heads up, folks! You heard it here first! Be on
> the lookout for this first, very nasty CRYPTO VIRUS!
> 
> P.S. I wonder if this virus was from a spam-gang?!
> 
> P.P.S. Check out my bloglog in my sig!
> 
> --------
> Mr. Billy B. Bilano, MSCE, CCNA
> <http://www.bilano.biz/>
> Expert Sysadmin Since 2003!
> 'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL'  -- RMS
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

-- 
My "Foundation" verse:
Isa 54:17  No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ