lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 11 Oct 2011 12:25:03 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Wipe off, rub out, reappear...

No, I don't understand much. I'm only piecing together parts off this story.

One thing I really need to train myself on is understanding your text,
because two posts back I thought I read you saying their executable is a
part of a botnet.

You also sounded like implying that some virii are unstopable. As if! It
only take a knowledgeable engineer (erm...hacker) to stop such a thing
(well, maybe more than just one).

But, in all honest, bragging how some piece of god-almighty-code can't be
stopped, doesn't put you in good light... At the end of the day, it's just a
program.






On Tue, Oct 11, 2011 at 12:18 PM, xD 0x41 <secn3t@...il.com> wrote:

> I dont care about *theyre* setup, and i said that, I only stated what CAN
> be done, in capable hands.. simple.
> You are reading deep into something, you seem to understand fkall about,
> seriously.
>
>
>
> On 11 October 2011 21:16, Christian Sciberras <uuf6429@...il.com> wrote:
>
>> I already beat you up to it - you know nothing about their setup.
>> You don't know if their infection is the result of a botnet.
>>
>> I don't deny you know anything about botnets, I'm just saying from the
>> looks of it you jumped to a load of conclusion without any proof whatsoever.
>>
>>
>>
>>
>> On Tue, Oct 11, 2011 at 12:11 PM, xD 0x41 <secn3t@...il.com> wrote:
>>
>>> screwit, im a bite, i know my shit here..
>>> If i was not so smart, then i guess  i would not have a modified ircd
>>> wich is similar... wow i know.. just seems you dont know crap about c&c
>>> botnets , thats fo sure. I think i outlined a *good* setup, as i have seen
>>> it, or would not bothered to state the mods made.. is that simple. wwether
>>> it is hard t code or not, is not my business, nor i care for.. I just know,
>>> how they run, and, dont try bs me about what i do and dont know, because on
>>> this topic son, i have plenty of experience, and could easily match this
>>> with an AV spokesperson, and would not hesitate to, but what gains it to me
>>> ? None.
>>> I am here for those who give a crap, you sir, no nothing, atall, about
>>> even the controlling side of a good botnet wich, spreads fast.
>>> Most people, simply do not want you on them, then the better ones, simply
>>> hide as users on irc anyhow ;)
>>> Then again, i wouldnt know shit ey.
>>> gnite :-)
>>> have fun trying to pick apart anything with me in this area, i will enjoy
>>> tearing your anus out, word by word if i have to.
>>> xd
>>>
>>>
>>> On 11 October 2011 20:29, Christian Sciberras <uuf6429@...il.com> wrote:
>>>
>>>> If you ask me, you sound like bragging on something you wrote.
>>>>
>>>> Either that, or you're clueless to what you are saying.
>>>>
>>>> Just because my younger brother won't understand 5 lines of code I wrote
>>>> doesn't make my 5 liner smart...
>>>> Applying the analogy here, just because they're possibly clueless to how
>>>> OS internals work doesn't mean the virus is doing anything particularly
>>>> smart.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Oct 11, 2011 at 1:55 AM, xD 0x41 <secn3t@...il.com> wrote:
>>>>
>>>>> Is obvious, this is a very well made executable :)
>>>>> Or, set up well to spread and then hide, and doing so with even its
>>>>> phone home, wich is normal nowdays, for example consider an ircd, it uses
>>>>> PING/PONG, what if you change the rfc, and use ascii characters,then do this
>>>>> to the bot, remove USER mode completely only allow it for set modes/opers,
>>>>> and then try take the thing down, if it is connected thru about 40 different
>>>>> ips and does not rely on dynami dns...
>>>>> it is not impossible, it is happening now, and, it is also visible,
>>>>> however, these c7c centres are so advanced, Ids are just not getting enough
>>>>> info...you cannot do a thing on the properly modified control centres, and,
>>>>> i have seen that code, it is extremely modified version of ircd... it cannot
>>>>> be used by a NOn operator, and uses a totally different rfc to phopne home
>>>>> etc, thus making conventional methods used atm, useless... as they will
>>>>> loook for the strings that they know, and always ids will perform some
>>>>> string of commands, and, then slowly the operator sees the servers, and one
>>>>> by one he blocks YOU out of his network.
>>>>> This is a dog eat dog world, bot masters can be exceptionallt ingenious
>>>>> when it comes to these things, and masking an exe nowdays, is not as simple
>>>>> as some peoples SFX rar kits :)
>>>>> So even kits nowdays, can be way more advanced than 2008/2009 even...
>>>>> there has been a burst of tech, so there is also a burst in virus
>>>>> numbers... but, smart c&c centres, you wont take down so easily, and they
>>>>> will move before you can even decrypt theyre settings... wich is exactly why
>>>>> stuxnet is non stoppable.. unless the owner shuuts it down, it wont  be
>>>>> killed..
>>>>>  xd
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 11 October 2011 10:45, Bob Dobbs <bobd10937@...il.com> wrote:
>>>>>
>>>>>> On Mon, Oct 10, 2011 at 4:31 PM, Michael Schmidt <
>>>>>> mschmidt@...gstore.com> wrote:
>>>>>>
>>>>>>>  If its bot net code and it is behind an air barrier then it will
>>>>>>> never phone home. They
>>>>>>>
>>>>>>
>>>>>> It already broke the "air wall" to get in. It can certainly do so to
>>>>>> get out.
>>>>>>
>>>>>> Bob
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ