Researchers have unearthed two previously undetected botnets that exhibit sophisticated new capabilities that could significantly advance the dark art of cyber crime. One of them, dubbed MayDay by security firm Damballa, uses new ways to send and receive instructions to infected machines. One communication method uses standard …
Symantec has dyslexi or they want to give it there own name!
I found a dastardly little php program running under apache today (cpanel/whm). Talking to a host, on port 80, with the name of apache2-emu.nariko.dreamh0st.c0m.
Tcptraces ran and the connection to that host appeared idle. A web connect from a linux browser shows the server to have some odd looking error, most likely designed to try to fool your average joe if they point a browser there.
now heres the weird part - no sign of anything in the logs. No strange FTP, no sign of XSS in httpd logs or suphp logs, mod_security is installed too, that caught nothing. With the vmsplice spoit in the wild, im getting quite concerned.
Shades of Opion..... Battles of Wills ...... Judicious Jousting..... Immaculate Conceptions...
......Near Perfect Imperfect Perception/Near Imperfect Perfect Perceptions.
Dan Goodin in San Francisco, is Transporter Engage....? By amanfromMars
Posted Thursday 14th February 2008 05:58 GM, grey-listed? IT is Key CodeXXXX concealed.
tip of the iceberg
new malware has apparently become as cryptic as our martian friend here. you have to admit though that these hackers are ingenious. too bad that such brilliant minds should so poison our networks for the wrong reasons. imagine the programs and games we could have if they applied themselves to less criminal projects. i suppose the common computer user like myself will just have to make do with the average rubbish said fortune 50 companies like to spew out. i'm still sore about my simsocieties crash mode. if i had enough money, could i enlist the services of these ruskies to create the ultimate game ??
I'm constantly amazed that these things not only exist, but there seems to be very little that either can be done coupled with little will to eliminate it/them. I sometime wonder if it not time to rip the whole thing down, and start again.
Hold a moment, MfM...
I cannot help but notice that the name has different spelling (capitalization).
Now, that could be part of the "code" from the obfuscator, but does El Reg's comment posting user schema differentiate between users with the same "name", but different blends of upper and lower case in the user name?
IF so... how many MfM do we have in this darned thing?!
@ Andrew Crystall
What kind of crapware are you running? "Greylisting now not only dumps 15-20% of legit email..."
Greylisting doesn't dump *any* legit email if the sending server follows the RFCs. Servers which don't follow the RFCs cannot be considered even remotely "legit."
Grey listing shouldn't dump any legit email, all it would do is delay it for an hour or two. A real email server will just retry later.
It's no different to when a destination SMTP server gets swamped, they send out a "busy, try later" reply then too. It's a perfectly legit part of the SMTP protocol.
If legit email is getting lost due to an SMTP server saying "busy, come back later" then it's a problem with the sending mail server not correctly handling this.
a matter of time
it's only a matter of time till these bots gain artificial intelligence and become "aware"...and then I'll say told you so, and then I'll be riding with Sarah Connor and Arnie, and we'll be like blowing up machines and traveling back in time and stuff.....erm...yeah, you get the point...
Big brains require big muni?
The big brains at work really must be on big money. Is there an easier way to check the cash flows eg: minor network engineer paid mucho kaboodles in cash by employer?
Cryptology springs to kind. For why?
Any code that has a false decipherability will surely pass most tests into thinking the code were cracked when all that happened was that a false and mislleading signature was displayed.
If so, that takes mucho mucho brains, resources and probably equally as much dosh.