Strange
Symantec has dyslexi or they want to give it there own name!
Researchers have unearthed two previously undetected botnets that exhibit sophisticated new capabilities that could significantly advance the dark art of cyber crime. One of them, dubbed MayDay by security firm Damballa, uses new ways to send and receive instructions to infected machines. One communication method uses standard …
I found a dastardly little php program running under apache today (cpanel/whm). Talking to a host, on port 80, with the name of apache2-emu.nariko.dreamh0st.c0m.
Tcptraces ran and the connection to that host appeared idle. A web connect from a linux browser shows the server to have some odd looking error, most likely designed to try to fool your average joe if they point a browser there.
now heres the weird part - no sign of anything in the logs. No strange FTP, no sign of XSS in httpd logs or suphp logs, mod_security is installed too, that caught nothing. With the vmsplice spoit in the wild, im getting quite concerned.
......Near Perfect Imperfect Perception/Near Imperfect Perfect Perceptions.
Dan Goodin in San Francisco, is Transporter Engage....? By amanfromMars
Posted Thursday 14th February 2008 05:58 GM, grey-listed? IT is Key CodeXXXX concealed.
new malware has apparently become as cryptic as our martian friend here. you have to admit though that these hackers are ingenious. too bad that such brilliant minds should so poison our networks for the wrong reasons. imagine the programs and games we could have if they applied themselves to less criminal projects. i suppose the common computer user like myself will just have to make do with the average rubbish said fortune 50 companies like to spew out. i'm still sore about my simsocieties crash mode. if i had enough money, could i enlist the services of these ruskies to create the ultimate game ??
I cannot help but notice that the name has different spelling (capitalization).
Now, that could be part of the "code" from the obfuscator, but does El Reg's comment posting user schema differentiate between users with the same "name", but different blends of upper and lower case in the user name?
IF so... how many MfM do we have in this darned thing?!
This post has been deleted by its author
Grey listing shouldn't dump any legit email, all it would do is delay it for an hour or two. A real email server will just retry later.
It's no different to when a destination SMTP server gets swamped, they send out a "busy, try later" reply then too. It's a perfectly legit part of the SMTP protocol.
If legit email is getting lost due to an SMTP server saying "busy, come back later" then it's a problem with the sending mail server not correctly handling this.
it's only a matter of time till these bots gain artificial intelligence and become "aware"...and then I'll say told you so, and then I'll be riding with Sarah Connor and Arnie, and we'll be like blowing up machines and traveling back in time and stuff.....erm...yeah, you get the point...
The big brains at work really must be on big money. Is there an easier way to check the cash flows eg: minor network engineer paid mucho kaboodles in cash by employer?
Cryptology springs to kind. For why?
Any code that has a false decipherability will surely pass most tests into thinking the code were cracked when all that happened was that a false and mislleading signature was displayed.
If so, that takes mucho mucho brains, resources and probably equally as much dosh.