Re: Wipe off, rub out, reappear...

[Ferenc Kovacs <tyra3l () gmail com>]

"Is obvious, this is a very well made executable :)"

On Tue, Oct 11, 2011 at 12:18 PM, xD 0x41 <secn3t () gmail com> wrote:
> I dont care about *theyre* setup, and i said that, I only stated what CAN be
> done, in capable hands.. simple.
> You are reading deep into something, you seem to understand fkall about,
> seriously.
>
>
> On 11 October 2011 21:16, Christian Sciberras <uuf6429 () gmail com> wrote:
> > I already beat you up to it - you know nothing about their setup.
> > You don't know if their infection is the result of a botnet.
> > I don't deny you know anything about botnets, I'm just saying from the
> > looks of it you jumped to a load of conclusion without any proof whatsoever.
> >
> >
> >
> > On Tue, Oct 11, 2011 at 12:11 PM, xD 0x41 <secn3t () gmail com> wrote:
> > > screwit, im a bite, i know my shit here..
> > > If i was not so smart, then i guess  i would not have a modified ircd
> > > wich is similar... wow i know.. just seems you dont know crap about c&c
> > > botnets , thats fo sure. I think i outlined a *good* setup, as i have seen
> > > it, or would not bothered to state the mods made.. is that simple. wwether
> > > it is hard t code or not, is not my business, nor i care for.. I just know,
> > > how they run, and, dont try bs me about what i do and dont know, because on
> > > this topic son, i have plenty of experience, and could easily match this
> > > with an AV spokesperson, and would not hesitate to, but what gains it to me
> > > ? None.
> > > I am here for those who give a crap, you sir, no nothing, atall, about
> > > even the controlling side of a good botnet wich, spreads fast.
> > > Most people, simply do not want you on them, then the better ones, simply
> > > hide as users on irc anyhow ;)
> > > Then again, i wouldnt know shit ey.
> > > gnite :-)
> > > have fun trying to pick apart anything with me in this area, i will enjoy
> > > tearing your anus out, word by word if i have to.
> > > xd
> > >
> > >
> > > On 11 October 2011 20:29, Christian Sciberras <uuf6429 () gmail com> wrote:
> > > > If you ask me, you sound like bragging on something you wrote.
> > > > Either that, or you're clueless to what you are saying.
> > > > Just because my younger brother won't understand 5 lines of code I wrote
> > > > doesn't make my 5 liner smart...
> > > > Applying the analogy here, just because they're possibly clueless to how
> > > > OS internals work doesn't mean the virus is doing anything particularly
> > > > smart.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Tue, Oct 11, 2011 at 1:55 AM, xD 0x41 <secn3t () gmail com> wrote:
> > > > > Is obvious, this is a very well made executable :)
> > > > > Or, set up well to spread and then hide, and doing so with even its
> > > > > phone home, wich is normal nowdays, for example consider an ircd, it uses
> > > > > PING/PONG, what if you change the rfc, and use ascii characters,then do this
> > > > > to the bot, remove USER mode completely only allow it for set modes/opers,
> > > > > and then try take the thing down, if it is connected thru about 40 different
> > > > > ips and does not rely on dynami dns...
> > > > > it is not impossible, it is happening now, and, it is also visible,
> > > > > however, these c7c centres are so advanced, Ids are just not getting enough
> > > > > info...you cannot do a thing on the properly modified control centres, and,
> > > > > i have seen that code, it is extremely modified version of ircd... it cannot
> > > > > be used by a NOn operator, and uses a totally different rfc to phopne home
> > > > > etc, thus making conventional methods used atm, useless... as they will
> > > > > loook for the strings that they know, and always ids will perform some
> > > > > string of commands, and, then slowly the operator sees the servers, and one
> > > > > by one he blocks YOU out of his network.
> > > > > This is a dog eat dog world, bot masters can be exceptionallt ingenious
> > > > > when it comes to these things, and masking an exe nowdays, is not as simple
> > > > > as some peoples SFX rar kits :)
> > > > > So even kits nowdays, can be way more advanced than 2008/2009 even...
> > > > > there has been a burst of tech, so there is also a burst in virus
> > > > > numbers... but, smart c&c centres, you wont take down so easily, and they
> > > > > will move before you can even decrypt theyre settings... wich is exactly why
> > > > > stuxnet is non stoppable.. unless the owner shuuts it down, it wont  be
> > > > > killed..
> > > > > xd
> > > > >
> > > > >
> > > > >
> > > > > On 11 October 2011 10:45, Bob Dobbs <bobd10937 () gmail com> wrote:
> > > > > > On Mon, Oct 10, 2011 at 4:31 PM, Michael Schmidt
> > > > > > <mschmidt () drugstore com> wrote:
> > > > > > > If its bot net code and it is behind an air barrier then it will
> > > > > > > never phone home. They
> > > > > >
> > > > > > It already broke the "air wall" to get in. It can certainly do so to
> > > > > > get out.
> > > > > >
> > > > > > Bob
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/