Archive | March, 2010

PenTBox – Penetration Testing Security Suite

Cybertroopers storming your ship?


PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems. Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works.

It is free, licensed under GNU/GPLv3.

PenTBox Contains

Cryptography tools

  • Base64 Encoder & Decoder
  • Multi-Digest (MD5, SHA1, SHA256, SHA384, SHA512)
  • Hash Password Cracker (MD5, SHA1, SHA256, SHA384, SHA512)
  • Secure Password Generator
  • Files en/decryptor Rijndael (AES) 256 bits – GOST – ARC4

Network tools

  • TCP Flood DoSer
  • TCP Flood AutoDoSer
  • Spoofed SYN Flood DoSer [nmap – hping3]
  • Port scanner
  • Honeypot
  • PenTBox Secure Instant Messaging

Extra

  • L33t Sp3@k Converter
  • Fuzzer

An updated list of tools can be found here.

You can download PenTBox v1.3.2 here:

Windows version (Ruby included) – pentbox_1.3.2_win.zip
Linux version – pentbox_1.3.2.tar

Or read more here.


Posted in: Hacking Tools, Password Cracking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Password Cracking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,972,793 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,012 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,666 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Browser Fingerprints – How Unique Is Your Browser – Panopticlick

Cybertroopers storming your ship?


Now this is another interesting attack vector using little bits of data not many people consider. I have heard about this kind of technique before and considered how it’d be done myself.

Finally someone has put together a public version of a tool that can tell you how unique your browser footprint is. As for me I’m using a fairly standard Firefox install with a couple of plugins – but still Panopticlick tells me “Your browser fingerprint appears to be unique among the 764,828 tested so far”.

The people behind it are the EFF or Electronic Frontier Foundation.

Forget cookies — even the ultrasneaky, Flash-based “super cookies.” A new type of tracking may identify you far more accurately than any cookie — and you may never know it was there. The method pulls together innocuous data about your browser, such as plug-ins, system fonts, and your operating system. Alone, they don’t identify you. Together, they’re a digital fingerprint.

It’s like describing a person. Just saying “brown hair” won’t identify anyone. But add in “5 feet, 10 inches tall,” “chipped right front tooth,” “size 12 shoes,” and so on, and soon you have enough information to pull someone out of a crowd, even without their name, Social Security number, or any other of the usual identifiers.

Test your browser for unique identifiers without the risk: The Electronic Frontier Foundation, a privacy advocacy group, has set up an interesting online experiment at Panopticlick.eff.org. Panopticlick gathers little de­­tails about your browser and computer, mostly using Javascript. In my case, the information it gathered about my browser was enough to uniquely identify my surfing software out of more than 650,000 visitors.

I’d say the technique would work fairly well for tracking people on a large traffic site such as Google, but then again the amount of data that needs to be stored is quite staggering.

Either way it gives some insight into the kind of technology ad agencies or online ad networks could have been gathering about viewers so correlate statistics.

There’s currently no evidence that anyone has actually been using this kind of fingerprinting, but this demo shows it is technologically feasible.

Peter Eckersley, a staff technologist with the EFF, says he and his colleagues decided to create the site when he heard rumors about this kind of tracking. He wanted to see how accurate it might be. Well, it’s pretty accurate. And as it turns out, its use is more than a rumor.

Browser fingerprinting was developed for banks to employ to prevent fraud. But now one company, Scout Analytics, offers it as a service to Web sites, and it collects not just browser data but also data about how you type — things like your typing speed and typing patterns.

This biometric signature, like the identifiers collected from the browser and the computer, can be gathered using JavaScript alone, making this form of tracking hard to block. Matt Shanahan, senior vice president of strategy at Scout Analytics, says that the company sells its service primarily to paid subscription sites, such as those offering real estate listings, and that it is keen to expand into marketing and advertising by helping sites track visitors in a way that, as he notes, is more accurate than using cookies. (Cookies can be deleted, which makes a repeat visit look like a new person to the site.)

As with many things online, your privacy can be protected by running something like NoScript on Firefox.

EFF has provided a full list of how to protect against fingerprinting here – Self Defense.

You can check out the PoC here:

https://panopticlick.eff.org/

Source: Network World


Posted in: Privacy, Web Hacking

Tags: , , , , , , , , , , , ,

Posted in: Privacy, Web Hacking | Add a Comment
Recent in Privacy:
- Recon-ng – Web Reconnaissance Framework
- IPGeoLocation – Retrieve IP Geolocation Information
- The Panama Papers Leak – What You Need To Know

Related Posts:

Most Read in Privacy:
- Browse Anonymously at Work or School – Bypass Firewall & Proxy - 179,958 views
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,375 views
- Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies - 122,513 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Flint – Web-based Firewall Rule Scanner

Cybertroopers storming your ship?


Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:

  • CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic.
  • ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
  • SANITY CHECK CHANGES to see if new rules create problems.

Flint is absolutely free. There’s no catch. You can download the source from the git repository. This isn’t the “play at home” version; it’s their second product, and they want to do it open source.

Why You Need Flint

You have multiple firewalls protecting internal networks from the Internet and controlling access to customer data. Your business changes, and so do your firewalls, and not always at the same time. Firewalls can get out of step with policies.

Everybody makes mistakes. To understand a firewall configuration, you have to read hundreds of configuration lines, and then you have to think like a firewall does. People aren’t good at thinking like firewalls. So most firewalls are riddled with subtle mistakes. Some of those mistakes can be expensive:

  • INSECURE SERVICES might be allowed through the firewall, preventing it from blocking attacks.
  • LAX CONTROLS ON DMZs may expose staging and test servers.
  • FIREWALL MANAGEMENT PORTS may be exposed to untrusted networks.
  • REDUNDANT FIREWALL RULES may be complicating your configuration and slowing you down.

You can download Flint here:

VMWare Virtual Machine – FlintVM-current.zip
OVF Virtual Machine – FlintVM-current.ovf.zip
Source – flint-current.tgz

Or read more here.


Posted in: Countermeasures, Network Hacking, Security Software

Tags: , , , , , , , , , , , , , ,

Posted in: Countermeasures, Network Hacking, Security Software | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,025 views
- Password Hasher Firefox Extension - 117,718 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,707 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Website Auto-complete Leaks Data Even Over Encrypted Link

Cybertroopers storming your ship?


I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations.

This time some researcher type fellas focused on the digital noise autocomplete webforms make over an encrypted connection and how it can expose some pretty sensitive data such as medical histories, income, search queries and more.

Google, Yahoo, Microsoft’s Bing, and other leading websites are leaking medical histories, family income, search queries, and massive amounts of other sensitive data that can be intercepted even when encrypted, computer scientists revealed in a new research paper.

Researchers from Indiana University and Microsoft itself were able to infer the sensitive data by analyzing the distinct size and other attributes of each exchange between a user and the website she was interacting with. Using man-in-the-middle attacks, they could glean the information even when transactions were encrypted using the Secure Sockets Layer, or SSL, protocol or the WPA, or Wi-fi Protected Access protocol.

“Our research shows that surprisingly detailed sensitive user data can be reliably inferred from the web traffic of a number of high-profile, top-of-the-line web applications” offered by Google, Yahoo, and Bing as well as the leading online providers of tax, health and investments services, which the researchers didn’t name.

There’s a lot of inference going on but from what I understand of the attack it would only get more accurate as they collected more data and refined the pattern matching.

The attack can succeed over SSL (https connections) or WPA encrypted wireless sessions.

It’s like a rather complex puzzle piecing together different snippets of meta data to come out with an answer, which so far seems to be working well.


They also showed how the auto-suggestion features in Google, Yahoo!, and Bing can leak the search terms users enter, even when traffic is encrypted over WPA. That’s because the resulting packets are easy to identify by their “web flow vectors.”

The threat is significant because it stems from fundamental characteristics of software-as-a-service applications that have been in vogue for about a decade. Among other things, apps built on AJAX and other Web 2.0 technologies are usually “stateful,” meaning they keep track of unique configuration information. Such data often has “low entropy,” making it easy for attackers to make educated guesses about its contents.

While a variety of mitigations are available to prevent such attacks, the researchers warn they could come at a high cost. The most obvious solution is to “pad” responses with superfluous data that confuses attackers trying to make sense of the traffic. But the researchers showed the mitigation isn’t always effective and they also point out that it adds a considerable amount of traffic to each transaction, which in turn drives up the costs of operation.

Honestly as a real life attack, apart from corporate espionage or identity theft I don’t see how it is very practical or dangerous.

Plus mitigation will produce a lot of redundant data and increase operation costs, who wants that?

You can get the full white-paper here:

WebAppSideChannel-final.pdf [PDF]

Source: The Register


Posted in: Cryptography, Exploits/Vulnerabilities, Privacy

Tags: , , , , , , , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Privacy | Add a Comment
Recent in Cryptography:
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know
- ISIS Running 24-Hour Terrorist Crypto Help-desk

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,650 views
- Hackers Crack London Tube Oyster Card - 44,674 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 32,906 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


skipfish – Automated Web Application Security Reconnaissance Tool

Don't let your data go over to the Dark Side!


The safety of the Internet is of paramount importance to Google, and helping web developers build secure, reliable web applications is an important part of the equation. To advance this goal, Google has released projects such as ratproxy, a passive security assessment tool.

The latest is they have announced a new tool called skipfish – a free, open source, fully automated, active web application security reconnaissance tool.

Key Features

  • High speed: written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, the tool easily achieves 2000 requests per second with responsive targets.
  • Ease of use: the tool features heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: we incorporated high quality, low false positive, differential security checks capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.

You can download skipfish here:

skipfish-1.10b.tgz

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,972,793 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,012 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,666 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Vodafone Spain Distributing Mariposa Malware

Don't let your data go over to the Dark Side!


Just a week after supplying an infected Android phone to a worker at Panda Security, Vodafone Spain has once again managed to pass out a malware infected HTC Magic phone to a researcher at S21Sec.

The write-up on the Panda Research Blog, including technical analysis of the infector can be found here:

Vodafone distributes Mariposa botnet

How they managed to do it twice within the same month is beyond my comprehension, didn’t they learn anything the first time round – or do they just not care?

Vodafone Spain has again supplied a HTC Magic smartphone that came pre-infected with the Mariposa botnet client and other malware crud.

The second incident, involving an Android-based phone supplied to a researcher at S21Sec, comes a week after the mobile phone giant supplied the same type of infection on the identical model of phone to a worker at Spanish anti-virus firm Panda Security.

The S21Sec pre-pwned smartphone kerfuffle undermines Vodafone’s assurances at the time of the Panda flap that the incident was “isolated and local”. Both smartphones were ordered at around the same time towards the beginning of March.

It seems very likely the phone is from the same watch which rules out this being an isolated and local incident with the phone being infected outside of the delivery mechanism.

This second detection of an infection indicates that the phones are infected before delivery somehow, the infection is on the MicroSD card provided with the phone so the supplier of that item may be the culprit.

Yah there has been no infections outside of Spain..but then Vodafone UK did discontinue distribution of the HTC Magic in favour of supplying HTC Tattoo as its sole Android device.

The S21Sec worker detected the malware after he plugged it into his PC using a copy of AVG’s scanner. Aware of Panda’s previous work, he forwarded an infected microSD drive to PandaLabs Pedro Bustamante, who carried out an analysis published here.

“According to the dates of the files, it seems his Vodafone HTC Magic was loaded with the Mariposa bot client on March 1st, 2010 at 19:07, a little over a week before the phone was delivered to him directly from Vodafone,” Bustamante writes.

“The Mariposa botnet client itself is exactly the same as reported last week, with the same nickname and same Command & Control servers.”

The circumstances of the infection point to problems in Vodafone’s QA or with a specific batch of phones rather than a stray infection of a refurbished phone.

I wonder how many more of these infected phones are out there and how many people have been unwittingly turned into mariposa botnet zombies?

Not everyone works at an AV firm or a security research company and treats their devices so carefully.

It’ll be interesting to see if any more infections pop-up in the near future.

Source: The Register


Posted in: Hardware Hacking, Malware

Tags: , , , , , , , , , , , , , , , , ,

Posted in: Hardware Hacking, Malware | Add a Comment
Recent in Hardware Hacking:
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- The Jeep HACK – What You Need To Know
- Rowhammer – DDR3 Exploit – What You Need To Know

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 78,850 views
- Military Communications Hacking – Script Kiddy Style - 49,775 views
- Hackers Crack London Tube Oyster Card - 44,674 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


OWASP CodeCrawler – Static Code Review Tool

Don't let your data go over to the Dark Side!


CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project.

It provides automatic STRIDE classification a very simple DREAD calculator and few minor utilities. Direct links to WAST 2.0 Threat Classification, Secure Java Development Guidelines and OWASP Tools are also part of the package.

Requirements

  • .NET Framework 3.5 (Service Pack 1)
  • Visual Studio 2008
  • Windows Platform

You can download CodeCrawler here:

CODECRAWLER_2.5_RELEASE.zip

Or read more here.


Posted in: Countermeasures, Programming, Security Software

Tags: , , , , , , , , , , , , , , , ,

Posted in: Countermeasures, Programming, Security Software | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,025 views
- Password Hasher Firefox Extension - 117,718 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,707 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Google ‘99.9%’ Certain To Shut Down Google.cn

Cybertroopers storming your ship?


There’s been a lot of controversy with China recently, a lot of which we have documented here. With the Aurora attacks targeting Google too and the attack code originating from China Google stopped censoring it’s Google.cn search engine and is now almost certainly pulling out of China.

The latest report from the financial times is that Google can’t reach an agreement with the Chinese authorities so it looks like Google.cn will be shut down.

I guess the hope is that even if they shut down the search engine they will still be able to continue business operations in China as they have a good base there. They could suffer some pretty heavy losses if China pushes them out of the country completely.

Google is now “99.9 per cent” certain it will shut down its Chinese search engine, according to a report citing “a person familiar with the company’s thinking.”

The Financial Times reports that the web giant has drawn up detailed plans for closing Google.cn, saying the company’s discussions with Chinese authorities reached an impasse. The news came hours after a Chinese minister warned Google that it would “have to bear the consequences” if it stopped censoring results on Google.cn.

On January 12, after alleged Chinese hackers pilfered some sort of intellectual property from the company, Google announced it had decided to “no longer” censor search results in China, saying it would spend “the next few weeks” in talks with the government to determine “the basis on which we could operate an unfiltered search engine within the law, if at all.” As it discusses the issue with multiple Chinese ministries, the company continues to censor results in accordance with local law, but it has postponed the release of two Google-branded Android phones in China and suspended the use of Google mobile apps on all Android handsets from Chinese carriers.

Google was pretty brave to stop censoring search results as they surely know how strong China stands on such issues. Without a doubt they were already prepared for the repercussions and ready to close down the search engine.

It seems like a real danger however that Google may have to cease operations in China entirely with the employees of the search giant fearing reprisals from the Chinese government.

As with most stories it might just be a drama over nothing and they’ll work it out, but honestly speaking with the Chinese government involved…I don’t see a pleasant ending in sight.

Echoing comments Eric Schmidt made the first week in March, The FT says that a decision on the matter could come soon, but the pink ‘un also says the web giant may “take some time” to actually follow through with the closure and find ways of ensuring that local employees are protected from action by the government.

According to The FT’s sources, Google wants to continue running its other operations in the country, but apparently, some company execs feel that may not be possible, fearing government reprisals for the closure of Google.cn.

With its January 12 blog post, Google seemed to indicate it may leave the country entirely. “We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” the post read. But at one point, CEO Eric Schmidt told The FT: “It’s very important to know we are not pulling out of China…We have a good business in China. This is about the censorship rules, not anything else.”

They are playing hardball too though delaying the launch of 2 android based devices for the Chinese market and suspending the use of Android apps on all Chinese carriers.

China is somewhat of a captive market though, they are not so into Google, Facebook and MSN like the rest of the world..they use their own tools like Baidu, QQ and chinese language based social networking sites.

Either way something is going to go down and I’m pretty sure it involves Google clearing out of China.

Source: The Register


Posted in: Legal Issues, Privacy

Tags: , , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,689 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,594 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,599 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Vicnum – Lightweight Vulnerable Web Application

Cybertroopers storming your ship?


Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises.

Being a small web application with no complex framework involved, Vicnum can easily be invoked and tailored to meet a specific need. For example if a test vulnerable application is needed in evaluating a web security scanner or a web application firewall, you might want to control a target web application to see what the scanner can find and what the firewall can protect.

Ultimately the major goal of this project is to strengthen security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app. And of course it’s OK to have a little fun.

The guessing part of the game itself is quite fun too, there’s an online version of Vicnum hosted here:

http://vicnum.ciphertechs.com/

I can guess the number correctly with 1 try every time (that’s an easy one), also got an SQL injection to dump out all the scores recorded. Seeing what else can be done now.

It’s actually quite a fun one to play around with.

You can download Vicnum v1.4 here:

VMvicnum14.zip

Or read more here.


Posted in: Exploits/Vulnerabilities, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,314 views
- AJAX: Is your application secure enough? - 120,025 views
- eEye Launches 0-Day Exploit Tracker - 85,478 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Zeus-related Botnet Servers Taken Offline

Don't let your data go over to the Dark Side!


We wrote about Zeus a while back, a nasty trojan which can evade detection by Anti-virus software and is ranked as the number 1 trojan infector by numbers.

About a week ok a massive sting operation took down large parts of the Mariposa botnet in Spain and the USA and the latest news is large parts of Zeus-related botnets have been taken offline.

Most of the action in this case happened in Eastern Europe where once again network peers have pulled the plug on downstream ISPs serving dodgy customers.

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world’s most nefarious cyber operations.

The massive drop is the result of actions taken by two Eastern European network providers. On Tuesday, they pulled the plug on their downstream customers, including an ISP known a Troyak, according to Mary Landesman, a senior researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. That in turn severed the connections of servers used to control large numbers of computers infected by a do-it-yourself crime kit known as Zeus.

Landesman said she was able to confirm figures provided by Zeus Tracker that found the number of active control servers related to Zeus had dropped from 249 to 181. The takedown came on Tuesday around 10:22 am GMT and was heralded by a sudden drop off in the number of malware attacks ScanSafe blocks from affected IP addresses.

The most interesting part for me is that a few days prior to the take-down Zeus-related activity went up in intensity 10-fold (from 1% to 10% on the ScanSafe network). This to the paranoid would indicate forewarning and the bot herders pushing out more malware to make sure they still have a good infection base even after the ISP plug gets pulled.

Either way it’ll be interesting to see if these actions will have any lasting effect. Either way I’m pleased something is being done and all this network bandwidth wasting crapware is being taken offline.

The takedown is the result of two network service providers, Ukraine-based Ihome and Russia-based Oversun Mercury, severing their ties with Troyak, said Landesman, who cited data returned by Robotex.com. The move meant that all the ISP’s customers, law-abiding or otherwise, were immediately unable to connect to the outside world.

“That’s a pretty interesting development and I think a very positive one, because they’re now putting the shared costs on the network service provider,” Landesman told The Register. “There’s not always a lot of impetus for these network service providers to take action, but as soon as you have such a severe repercussion where they’re actually not able to serve any of their customers, legitimate or otherwise, they’re now sharing in that cost.”

The takedown comes a week after authorities in Spain and the United States clipped the wings of the Mariposa botnet. One of the world’s biggest botnets, it controlled almost 13 million infected computers and infiltrated more than half of the Fortune 1000 companies. Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace.

Back in November 2008 we covered the McColo case quite extensively when the ‘spam-friendly’ ISP was taken offline by it’s upstream peer. By April 2009 however, spam had reached back to 91% of its original mass..showing that you can’t stop them for long.

Honestly I’d imagine this is the case here too, there’s plenty more places they can peddle their malware and host their control servers. Plus the level of general awareness on infection vectors by the general public is extremely low.

People are still going to get infected and we are still going to have to put up with degraded networks.

Source: The Register


Posted in: Malware, Privacy

Tags: , , , , , , , , , , , , , , , ,

Posted in: Malware, Privacy | Add a Comment
Recent in Malware:
- PEiD – Detect PE Packers, Cryptors & Compilers
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- Veil Framework – Antivirus Evasion Framework

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,474 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,594 views
- US considers banning DRM rootkits – Sony BMG - 44,979 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95