Full Disclosure mailing list archives
Re: Possible First Crypto Virus Definitely Discovered!
From: "dila" <dila () myrealbox com>
Date: Tue, 08 Jun 2004 18:09:14 +0100
j00 d0nt f00l u5 "Billy B. Bilano" <mr.bill.bilano () email server unix bill bilano biz> wrote:
Salutations, amigos! Bill Bilano here, reporting in from the front-lines! I've got some disturbing news that I've got to get some answers about while I share. I think we're about to come under full hacker attack at any second! And to those people that said us folks talking about crypto viruses were being chicken littles... let me tell you, the sky just fell! And it is HEAVY! I was sitting at my desk doing more research on the OPENBSD virus I discovered last week. I was watching ethereal and monitoring the traffic coming in and out of the facility and I saw a ton of traffic coming straight for our web servers! The routers, firewalls, and intrusion detraction systems were not sounding the red alarms like they should have been (we'll get to THAT one later). There appears to be a new virus in town and it's affecting Windows and UNIX web servers! I have not identified a pattern of infection yet but the virus is clearly advancing but it only affects web servers! The virus works on port 443. It seems to accept inbound connections on that port as well and, presumably, awaits for commands from some series of servers elsewhere. Perhaps taking orders? I also captured some of the traffic and attempted to analyze it up but it looks like -- you heard it here first, folks -- the payload is encrypted! Is this the first of a coming storm of crypto viruses we've all been eagerly fearing? (I have already sent a copy of the payload to the distributed.net people so they can try to use some of those wasting cycles to decipher it like they did the last one!) I have taken the liberty of naming the virus already. I looked in etc/services and saw that this port is for and it is something called "ssl" so I am calling it w32.ssl.b (b for bilano, since I discovered this wretched thing!) I called in our webmaster and showed him the data. He is either too stupid to know what's going on or he takes me for a fool. I got him in the conference room and showed him the print outs. He tried to convince me it was not a virus and just normal web traffic but web traffic is on port 80! No fooling old Bill! LOL! So I told him to gather his stuff up and gave him his marching orders. I have no time for this kind of bull, what with the OPENBSD virus last week (still picking up the pieces there). He must have known I was on to him because he was just laughing on his way out the front door. He may have even been involved with the infection! Good riddance, chump! At any rate, this is your heads up, folks! You heard it here first! Be on the lookout for this first, very nasty CRYPTO VIRUS! P.S. I wonder if this virus was from a spam-gang?! P.P.S. Check out my bloglog in my sig! -------- Mr. Billy B. Bilano, MSCE, CCNA <http://www.bilano.biz/> Expert Sysadmin Since 2003! 'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Possible First Crypto Virus Definitely Discovered!, (continued)
- Re: Possible First Crypto Virus Definitely Discovered! Oliver Welter (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Billy B. Bilano (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Jon (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! KF (lists) (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! VB (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! James Bliss (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Jakob Jünger (Jun 08)
- RE: Possible First Crypto Virus Definitely Discovered! Aditya, ALD [Aditya Lalit Deshmukh] (Jun 10)
- Re[2]: Possible First Crypto Virus Definitely Discovered! Thierry (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Nils Ketelsen (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! William Warren (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! ktabic (Jun 09)
- RE: Possible First Crypto Virus Definitely Discovered! Aditya, ALD [Aditya Lalit Deshmukh] (Jun 10)