| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4B50F2F0.6010206@ellicit.org> Date: Fri, 15 Jan 2010 12:57:52 -1000 From: r00t <r00t@...icit.org> To: full-disclosure@...ts.grok.org.uk Subject: Re: All China, All The Time Can you explain how this is sophisticated. It looks to me like most decent malware samples I've RE'd: The result: triple encrypted shell code which downloads multiple encrypted binaries used to drop an encrypted payload on a target machine which then establishes an encrypted SSL channel to connect to a command and control network. If they are so sophisticated and organized, then why do they continually get noticed shortly after the attack. A major element that you fail to realize about these so called sophisticated attacks is stealth and persistence, which this attack lacks. On 1/15/10 12:33 PM, Densmore, Todd wrote: > Here is my 2 cents on both Google and iiScan > > http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/01/15/china-google-and-web-security.aspx > > ~todd > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists