SEARCH RESULTS
 
Showing 1-10 of 12 records
 
Expand article

PAINTing a Botnet IRC Channel

The Article has images
2008-01-14 19:02:52 by HASH0x8a264c4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
I suppose that even for a script kiddie it takes extra time and patience to come up with such a spoofed IRC channel getting crowded with infected hosts. Drawing courtesy of a script kiddie's wishful thinking. Here are some screenshots from the real world , and some of the most recent developments I covered in previous posts
 
Tags: script kiddie, irc channel, takes extra time, recent developments, real world, previous posts, hosts, courtesy, wishful
 
 
 
 
Expand article

Romanian Script Kiddies and the Screensavers Botnet

The Article has images
2008-04-08 03:48:40 by HASH0x8ae5de0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IRC bot doesn't necessarily mean you posses a certain know-how, a know-how that experienced botnet masters have been outsourcing for years . Malware is obtained through links pointing to xhost.ro/filehost/phrame.php?action=saveDownload&fileId=15735 xhost.ro/filehost/phrame.php?action=editDownload&fileId=12923...
 
Tags: botnet, botnet masters, script kiddies, romanian script kiddies, botnet courtesy, ny2fw15, alternative botnet, irc, irc bot
 
 
 
 
Expand article

Inside the Chinese Underground Economy

The Article has images
2007-12-09 22:34:23 by HASH0x89e9090 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IRC (In-ternet Relay Chat). They typically use bulletin board systems on the Web or IM software like QQ tocommunicate with each other. Orthogonal to a study on the underground black market located within IRC networks, we measure the Chinese-specific underground black market on the Web. We focus onthe most important part located at...
 
Tags: chinese, chinese underground, underground, underground economy, chinese web, chinese red hackers, china, china eagle union, underground black market
 
 
 
 
Expand article

BlackEnergy DDoS Bot Web Based C&Cs

The Article has images
2008-02-12 18:46:35 by HASH0x8b1c6c4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IRC. Also, wedo not see any exploit activities from this bot, unlike a traditional IRC bot. This is a small(under 50KB) binary for the Windows platform that uses a simple grammar tocommunicate. Most of the botnets we have been tracking (over 30 at present) are locatedin Malaysian and Russian IP address space and have targeted Russian sites...
 
Tags: ddos, bot, blackenergy ddos bot, blackenergy, ddos extortion, ddos attacks, traditional irc bot, irc, botnet master
 
 
 
 
Expand article

The reason behind the "We're sorry..." message

2007-07-09 11:54:00 by Niels Provos in Google Online Security Blog
 
...IRC channel. Adversaries can then remotely control the compromised web servers and use them for DDoS attacks, spam or phishing. Over time, the adversaries have realized that even though a botnet consisting of web servers provides a lot of aggregate bandwidth, they can increase leverage by changing the content on the compromised web servers to...
 
Tags: web servers, vulnerable web servers, message, google, worms, google displays, worms pdf, queries, detect anomalous queries
 
 
 
 
Expand article

The Cybercrime Economy

2008-01-02 07:21:53 by Editor in Schneier on Security
 
Interesting article: While standard commercial software vendors sell software as a service, malware vendors sell malware as a service, which is advertised and distributed like standard software. Communicating via internet relay chat (IRC) and forums, hackers advertise Iframe exploits, pop-unders
 
Tags: malware, internet relay chat, malware vendors, software, standard software, service, pop-unders, forums, irc
 
 
 
 
Expand article

Pushdo - Web Based Malware as Usual

The Article has images
2007-12-19 18:01:44 by HASH0x89b80bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...irca 2004/2005 The possiblities with PHP and MySQL in respect to flexibility of the statistics, layered encryption and tunneling, and most importantly, decentralizing the command even improving authentication with port knocking are countless. Besides, with all the buzz of botnets continuing to use IRC, it's a rather logical move for botnet...
 
Tags: malware, web based malware, pushdo, botnet masters circa, botnet masters, nuclear malware kit, botnet, pushdo author, botnet communication platforms
 
 
 
 
Expand article

Process Doubling

2008-01-27 22:44:57 by RSnake in ha.ckers.org web application security lab
 
...IRC server or telnet or something else for back and forth real-time communication. We already have root access, so its easy enough to start and stop the process. Its also fairly easy with some programming to create a switch in the code, to look for a different string and jump into a different mode. It could be a clever way around a fairly...
 
Tags: web server, fairly complex set, set, fairly straight forward, egress, fairly easy, fairly common occurrence, easy, firewall egress
 
 
 
 
Expand article

Response Rate for an IM Malware Attack

The Article has images
2008-04-29 22:01:52 by HASH0x8ae6b08 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IRC channel. Keeping it Simple Stupid to directly spam the binary locations is still surprisingly working, taking Stormy Wormy's last several campaigns, but with the recent spamming of live exploit URls and malware using Google ads as redirector, for instance google.com/pagead/iclk?sa=l&ai=dhobOez&num=57486&adurl=http:// mpharm.hr/video...
 
Tags: google, google ads, malware, response, compageadiclk, live exploit urls, binary locations, simple stupid, directly spam