Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: All China, All The Time

From: r00t <r00t () ellicit org>
Date: Fri, 15 Jan 2010 12:57:52 -1000
Can you explain how this is sophisticated.  It looks to me like most 
decent malware samples I've RE'd:

The result: triple encrypted shell code which downloads multiple 
encrypted binaries used to drop an encrypted payload on a target machine 
which then establishes an encrypted SSL channel to connect to a command 
and control network.

If they are so sophisticated and organized, then why do they continually 
get noticed shortly after the attack.  A major element that you fail to 
realize about these so called sophisticated attacks is stealth and 
persistence, which this attack lacks.



On 1/15/10 12:33 PM, Densmore, Todd wrote:

Here is my 2 cents on both Google and iiScan

http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/01/15/china-google-and-web-security.aspx

~todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: