[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp7EtSEBDe5Ao8wU94GoJeqCsnnC7cNDzD=HFE3fEtVo+A@mail.gmail.com>
Date: Tue, 11 Oct 2011 21:11:10 +1100
From: xD 0x41 <secn3t@...il.com>
To: Christian Sciberras <uuf6429@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Wipe off, rub out, reappear...
screwit, im a bite, i know my shit here..
If i was not so smart, then i guess i would not have a modified ircd wich
is similar... wow i know.. just seems you dont know crap about c&c botnets ,
thats fo sure. I think i outlined a *good* setup, as i have seen it, or
would not bothered to state the mods made.. is that simple. wwether it is
hard t code or not, is not my business, nor i care for.. I just know, how
they run, and, dont try bs me about what i do and dont know, because on this
topic son, i have plenty of experience, and could easily match this with an
AV spokesperson, and would not hesitate to, but what gains it to me ? None.
I am here for those who give a crap, you sir, no nothing, atall, about even
the controlling side of a good botnet wich, spreads fast.
Most people, simply do not want you on them, then the better ones, simply
hide as users on irc anyhow ;)
Then again, i wouldnt know shit ey.
gnite :-)
have fun trying to pick apart anything with me in this area, i will enjoy
tearing your anus out, word by word if i have to.
xd
On 11 October 2011 20:29, Christian Sciberras <uuf6429@...il.com> wrote:
> If you ask me, you sound like bragging on something you wrote.
>
> Either that, or you're clueless to what you are saying.
>
> Just because my younger brother won't understand 5 lines of code I wrote
> doesn't make my 5 liner smart...
> Applying the analogy here, just because they're possibly clueless to how OS
> internals work doesn't mean the virus is doing anything particularly smart.
>
>
>
>
>
>
>
>
> On Tue, Oct 11, 2011 at 1:55 AM, xD 0x41 <secn3t@...il.com> wrote:
>
>> Is obvious, this is a very well made executable :)
>> Or, set up well to spread and then hide, and doing so with even its phone
>> home, wich is normal nowdays, for example consider an ircd, it uses
>> PING/PONG, what if you change the rfc, and use ascii characters,then do this
>> to the bot, remove USER mode completely only allow it for set modes/opers,
>> and then try take the thing down, if it is connected thru about 40 different
>> ips and does not rely on dynami dns...
>> it is not impossible, it is happening now, and, it is also visible,
>> however, these c7c centres are so advanced, Ids are just not getting enough
>> info...you cannot do a thing on the properly modified control centres, and,
>> i have seen that code, it is extremely modified version of ircd... it cannot
>> be used by a NOn operator, and uses a totally different rfc to phopne home
>> etc, thus making conventional methods used atm, useless... as they will
>> loook for the strings that they know, and always ids will perform some
>> string of commands, and, then slowly the operator sees the servers, and one
>> by one he blocks YOU out of his network.
>> This is a dog eat dog world, bot masters can be exceptionallt ingenious
>> when it comes to these things, and masking an exe nowdays, is not as simple
>> as some peoples SFX rar kits :)
>> So even kits nowdays, can be way more advanced than 2008/2009 even...
>> there has been a burst of tech, so there is also a burst in virus
>> numbers... but, smart c&c centres, you wont take down so easily, and they
>> will move before you can even decrypt theyre settings... wich is exactly why
>> stuxnet is non stoppable.. unless the owner shuuts it down, it wont be
>> killed..
>> xd
>>
>>
>>
>>
>> On 11 October 2011 10:45, Bob Dobbs <bobd10937@...il.com> wrote:
>>
>>> On Mon, Oct 10, 2011 at 4:31 PM, Michael Schmidt <mschmidt@...gstore.com
>>> > wrote:
>>>
>>>> If its bot net code and it is behind an air barrier then it will never
>>>> phone home. They
>>>>
>>>
>>> It already broke the "air wall" to get in. It can certainly do so to get
>>> out.
>>>
>>> Bob
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists