Back to the articleStrange #
Posted Thursday 14th February 2008 04:16 GMT
Symantec has dyslexi or they want to give it there own name!
MayDay! MayDay! Ruskies reinvent cyber crime
hmm #
Posted Thursday 14th February 2008 04:23 GMT
I found a dastardly little php program running under apache today (cpanel/whm). Talking to a host, on port 80, with the name of apache2-emu.nariko.dreamh0st.c0m.
Tcptraces ran and the connection to that host appeared idle. A web connect from a linux browser shows the server to have some odd looking error, most likely designed to try to fool your average joe if they point a browser there.
now heres the weird part - no sign of anything in the logs. No strange FTP, no sign of XSS in httpd logs or suphp logs, mod_security is installed too, that caught nothing. With the vmsplice spoit in the wild, im getting quite concerned.
Shades of Opion..... Battles of Wills ...... Judicious Jousting..... Immaculate Conceptions... #
Posted Thursday 14th February 2008 12:42 GMT
......Near Perfect Imperfect Perception/Near Imperfect Perfect Perceptions.
Dan Goodin in San Francisco, is Transporter Engage....? By amanfromMars
Posted Thursday 14th February 2008 05:58 GM, grey-listed? IT is Key CodeXXXX concealed.
tip of the iceberg #
Posted Thursday 14th February 2008 13:43 GMT
new malware has apparently become as cryptic as our martian friend here. you have to admit though that these hackers are ingenious. too bad that such brilliant minds should so poison our networks for the wrong reasons. imagine the programs and games we could have if they applied themselves to less criminal projects. i suppose the common computer user like myself will just have to make do with the average rubbish said fortune 50 companies like to spew out. i'm still sore about my simsocieties crash mode. if i had enough money, could i enlist the services of these ruskies to create the ultimate game ??
Amazing #
Posted Thursday 14th February 2008 13:48 GMT
I'm constantly amazed that these things not only exist, but there seems to be very little that either can be done coupled with little will to eliminate it/them. I sometime wonder if it not time to rip the whole thing down, and start again.
Hold a moment, MfM... #
Posted Thursday 14th February 2008 14:37 GMT
I cannot help but notice that the name has different spelling (capitalization).
Now, that could be part of the "code" from the obfuscator, but does El Reg's comment posting user schema differentiate between users with the same "name", but different blends of upper and lower case in the user name?
IF so... how many MfM do we have in this darned thing?!
This post has been deleted by a moderator
So... #
Posted Thursday 14th February 2008 16:28 GMT
Greylisting now not only dumps 15-20% of legit email, it also is shortly to be utterly useless. Nice.
@ Andrew Crystall #
Posted Thursday 14th February 2008 17:13 GMT
What kind of crapware are you running? "Greylisting now not only dumps 15-20% of legit email..."
Greylisting doesn't dump *any* legit email if the sending server follows the RFCs. Servers which don't follow the RFCs cannot be considered even remotely "legit."
@Andrew Crystall #
Posted Thursday 14th February 2008 17:21 GMT
Grey listing shouldn't dump any legit email, all it would do is delay it for an hour or two. A real email server will just retry later.
It's no different to when a destination SMTP server gets swamped, they send out a "busy, try later" reply then too. It's a perfectly legit part of the SMTP protocol.
If legit email is getting lost due to an SMTP server saying "busy, come back later" then it's a problem with the sending mail server not correctly handling this.
a matter of time #
Posted Thursday 14th February 2008 18:56 GMT
it's only a matter of time till these bots gain artificial intelligence and become "aware"...and then I'll say told you so, and then I'll be riding with Sarah Connor and Arnie, and we'll be like blowing up machines and traveling back in time and stuff.....erm...yeah, you get the point...
Big brains require big muni? #
Posted Thursday 21st February 2008 21:28 GMT
The big brains at work really must be on big money. Is there an easier way to check the cash flows eg: minor network engineer paid mucho kaboodles in cash by employer?
Cryptology springs to kind. For why?
Any code that has a false decipherability will surely pass most tests into thinking the code were cracked when all that happened was that a false and mislleading signature was displayed.
If so, that takes mucho mucho brains, resources and probably equally as much dosh.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- Analyst Keynote: The Register Agile Data Center Summit
On-Demand: Audio with slides - Analyst Keynote: The Register Agile Data Center Summit
On-Demand: Audio Only - Dell PowerEdge M710 with Dell EqualLogic storage vs. HP ProLiant BL685c with HP StorageWorks EVA 4400
Virtualizaed Exchange workload performance comparison of end-to-end solutions - New storage architectures make SSDs more cost-effective
High-performance, cost-efficient storage infrastructures - Hosted CRM Can Be Your Secret Weapon to Success!
Hosted CRM comparison guide - Market Primer: ERP Systems
Still stuck in the clouds when in comes to ERP?
