Full Disclosure mailing list archives
Re: Wipe off, rub out, reappear...
From: Ferenc Kovacs <tyra3l () gmail com>
Date: Tue, 11 Oct 2011 12:26:42 +0200
"Is obvious, this is a very well made executable :)" On Tue, Oct 11, 2011 at 12:18 PM, xD 0x41 <secn3t () gmail com> wrote:
I dont care about *theyre* setup, and i said that, I only stated what CAN be done, in capable hands.. simple. You are reading deep into something, you seem to understand fkall about, seriously. On 11 October 2011 21:16, Christian Sciberras <uuf6429 () gmail com> wrote:I already beat you up to it - you know nothing about their setup. You don't know if their infection is the result of a botnet. I don't deny you know anything about botnets, I'm just saying from the looks of it you jumped to a load of conclusion without any proof whatsoever. On Tue, Oct 11, 2011 at 12:11 PM, xD 0x41 <secn3t () gmail com> wrote:screwit, im a bite, i know my shit here.. If i was not so smart, then i guess i would not have a modified ircd wich is similar... wow i know.. just seems you dont know crap about c&c botnets , thats fo sure. I think i outlined a *good* setup, as i have seen it, or would not bothered to state the mods made.. is that simple. wwether it is hard t code or not, is not my business, nor i care for.. I just know, how they run, and, dont try bs me about what i do and dont know, because on this topic son, i have plenty of experience, and could easily match this with an AV spokesperson, and would not hesitate to, but what gains it to me ? None. I am here for those who give a crap, you sir, no nothing, atall, about even the controlling side of a good botnet wich, spreads fast. Most people, simply do not want you on them, then the better ones, simply hide as users on irc anyhow ;) Then again, i wouldnt know shit ey. gnite :-) have fun trying to pick apart anything with me in this area, i will enjoy tearing your anus out, word by word if i have to. xd On 11 October 2011 20:29, Christian Sciberras <uuf6429 () gmail com> wrote:If you ask me, you sound like bragging on something you wrote. Either that, or you're clueless to what you are saying. Just because my younger brother won't understand 5 lines of code I wrote doesn't make my 5 liner smart... Applying the analogy here, just because they're possibly clueless to how OS internals work doesn't mean the virus is doing anything particularly smart. On Tue, Oct 11, 2011 at 1:55 AM, xD 0x41 <secn3t () gmail com> wrote:Is obvious, this is a very well made executable :) Or, set up well to spread and then hide, and doing so with even its phone home, wich is normal nowdays, for example consider an ircd, it uses PING/PONG, what if you change the rfc, and use ascii characters,then do this to the bot, remove USER mode completely only allow it for set modes/opers, and then try take the thing down, if it is connected thru about 40 different ips and does not rely on dynami dns... it is not impossible, it is happening now, and, it is also visible, however, these c7c centres are so advanced, Ids are just not getting enough info...you cannot do a thing on the properly modified control centres, and, i have seen that code, it is extremely modified version of ircd... it cannot be used by a NOn operator, and uses a totally different rfc to phopne home etc, thus making conventional methods used atm, useless... as they will loook for the strings that they know, and always ids will perform some string of commands, and, then slowly the operator sees the servers, and one by one he blocks YOU out of his network. This is a dog eat dog world, bot masters can be exceptionallt ingenious when it comes to these things, and masking an exe nowdays, is not as simple as some peoples SFX rar kits :) So even kits nowdays, can be way more advanced than 2008/2009 even... there has been a burst of tech, so there is also a burst in virus numbers... but, smart c&c centres, you wont take down so easily, and they will move before you can even decrypt theyre settings... wich is exactly why stuxnet is non stoppable.. unless the owner shuuts it down, it wont be killed.. xd On 11 October 2011 10:45, Bob Dobbs <bobd10937 () gmail com> wrote:On Mon, Oct 10, 2011 at 4:31 PM, Michael Schmidt <mschmidt () drugstore com> wrote:If its bot net code and it is behind an air barrier then it will never phone home. TheyIt already broke the "air wall" to get in. It can certainly do so to get out. Bob_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Ferenc Kovács @Tyr43l - http://tyrael.hu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Wipe off, rub out, reappear..., (continued)
- Re: Wipe off, rub out, reappear... xD 0x41 (Oct 10)
- Re: Wipe off, rub out, reappear... Michael Schmidt (Oct 10)
- Re: Wipe off, rub out, reappear... Bob Dobbs (Oct 11)
- Re: Wipe off, rub out, reappear... xD 0x41 (Oct 10)
- Re: Wipe off, rub out, reappear... Christian Sciberras (Oct 11)
- Re: Wipe off, rub out, reappear... xD 0x41 (Oct 11)
- Re: Wipe off, rub out, reappear... xD 0x41 (Oct 11)
- Re: Wipe off, rub out, reappear... Christian Sciberras (Oct 11)
- Re: Wipe off, rub out, reappear... xD 0x41 (Oct 11)
- Re: Wipe off, rub out, reappear... Christian Sciberras (Oct 11)
- Re: Wipe off, rub out, reappear... Ferenc Kovacs (Oct 11)
- Re: Wipe off, rub out, reappear... Michael Schmidt (Oct 10)
- Re: Wipe off, rub out, reappear... xD 0x41 (Oct 10)
- Re: Wipe off, rub out, reappear... Christian Sciberras (Oct 11)
- Re: Wipe off, rub out, reappear... seclist (Oct 12)
- Re: Wipe off, rub out, reappear... GloW - XD (Oct 10)
- Re: Wipe off, rub out, reappear... root (Oct 10)