wE are coNNecteD
ZHadum writes: "9 February 2007, Moscow, Russian Federation.
He was tired. It is a long flight from the one part of country to the capital. They arrived to meet him, at Sheremet'evo. He looked over their heads.
- Supposing somebody else? - one of them asked, they call him - the mister Z. His tricky smile sometimes really irritates Alexander. Mister Z has created a mighty things in the past, but for now, he retired. As well as all others from the group. Alexander doesn't answer and pointed on others.
- I wouldn't say I am like to see most of us.
- Just leave it, 2002 is over, - said one of them - lame man with a small cane. He smiled just like the mister Z. Mister Z doesn't like it, because they were no friends and more - almost enemies.
13 February 2007, somewhere in Moscow.
- It is wonderful, - she said. She was standing right with window and can see a vista of the part of Moscow Kremlin.
- I saw photos, - Alexander doesn't looked into the window and moves to table where heap of equipment were located. Two notebooks (AMD Turion), several hard drives with overall capacity up to 1 Tb and a lot of wires.
- You lost all of your romantic, - she ascertained the fact.
- And you are not? - he asked by the way turning notebook power. The Windows 2003 R2 welcome screen appeared. Hard drives were blinking with blue lights. She moved and watched on login. R2 has launched, and restored network connection. He started cmd.exe and typed
ping http://******cops.com (actual name hidden, ZHadum remark)
They wait few second. Packets doesn't come. 50% lost.
He switched window and launched Miranda. They all were here. Waiting for assistance.
-Huh, - she told and has gone to the bathroom.
V: I'm getting 50% packet lost during ping
Z: checking from outside
Z: wait...
Z: 75% are lost
V: what is the peak of bandwidth?
A: around 700 M/bits per second
L: it is jumping through
Z: growing baby
V: can we locate the source of attack?
Z: suppose to be no for now :)
K: this attack isn't managed, fully automatic
Z: sync-flood and teardrop, guess
V: doesn't like that it is working, I'm still able to ping them
K: and what we suppose to be do? storm doesn't answers, it is fully automatic
Z: depends on the number of bots, guess this is not a network limit
L: more to go :)
He logged out and started Opera browser. Then typed a web resource address and begins wait, it was predictable slow. Network still hold the line. Alexander smiled and turned off R2.
1X February, the same place.
"All your base are belongs to us", lalala
He and she laughed a lot. Even mister L enjoyed such approach.
- Remembers old MSDOS times, - he said.
Alexander has noded and again start laughing.
On the Miranda screen they can see a last message
Peak bandwidth rate is 860 M/Bits per second
1X February, the same place.
"We are sorry, maintenance problems". F5 was pressed and site has been resolved to 127.0.0.1.
Network was almost dead, bandwidth was around 1G/bit.
- Can rdbot give the same results? - asked she (she always interested in network security) from mister L.
- If they will gain more resources it is possible to shutdown whole target network.
- It is depends on what kind of hardware they have, - noted Z. - If they are rich... you can continue.
- Guys and girls did you read the stuff they are posting around? - Alexander smiled. - They tracked several bots and went to the Moscow.
- Bugaga, - said mister Z. - They can reach this result with a lot of other captured bots.
- Computer Police is upcoming - she was in the high spirits state. "Computer Police" was a something unreal and unknown for this country, well because most of it members were totally lame and nobody doesn't really wanned to do his job, all doesn't matters.
- Thats a Storm problems, - mister L said.
- Attack strength will decrease its rate while bots will die - added mister L. - Three days maximum.
- Storm Manipulation stage complete - said Alexander and turned notebook power off."
http://www.rootkit.com/blog.php?newsid=859
http://snipurl.com/217xs
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
1. Is The Storm Worm Finally Blowing Over?
Spam report from Marshal says yes. But other security vendors have their doubts.
http://nl.internet.com/ct.html
------------------------------
2. 3/6: Monagrey Trojan Still in the Wild
Security vendors continue to issue alerts for W32/Monagrey, a Trojan that will infect
Windows systems, terminate applications and modify IE start page.
http://nl.internet.com/ct.html
------------------------------
3. 3/6: Wince_Infojack.A Worm Runs in Mobile Devices
Wince_Infojack.A is a worm that is designed to run in the Windows CE environment used in
mobile devices.
http://nl.internet.com/ct.html
------------------------------
4. 3/6: Backdoor.Sanjicom Trojan Uses Rootkit
Backdoor.Sanjicom is a Trojan horse that opens a back door on the compromised computer
and uses a rootkit to avoid detection.
http://nl.internet.com/ct.html
------------------------------
5. 3/5: Trojan.Mdropper.AA May Download Malicious Files
Trojan.Mdropper.AA is a Trojan horse that may download potentially malicious files on to
the compromised computer.
http://nl.internet.com/ct.html
------------------------------
6. 3/5: Mytob.SA Mass-Mail Worm Lowers Security Settings
W32.Mytob.SA@mm is a mass-mailing worm that opens a back door and lowers security
settings on the compromised computer.
http://nl.internet.com/ct.html
------------------------------
7. 3/5: Drop-J a Windows Trojan
Troj/Drop-J is a Windows Trojan.
http://nl.internet.com/ct.html
------------------------------
8. 3/5: Agent-GRI Trojan Installs Itself in Registry
Troj/Agent-GRI is a Trojan that installs itself in the system registry.
http://nl.internet.com/ct.html
------------------------------
9. 3/5: Delf.APB Trojan Drops Files, Deletes Hosts File
W32/Delf.APB is a Trojan that will infect Windows systems.
http://nl.internet.com/ct.html
------------------------------
10. 3/5: Banker.KTG Trojan Steals Passwords
Banker.KTG is a Trojan whose main objective is to steal passwords from the affected
computer.
http://nl.internet.com/ct.html
------------------------------
11. 3/5: SymbOS.Kizaha.A Trojan Dropped Into Compromised Devices
SymbOS.Kizaha.A is a Trojan that is dropped into compromised devices by
SymbOS.Multidropper.A.
http://nl.internet.com/ct.html
------------------------------
12. 3/5: PWSDla-Gen an Information-Stealing Trojan
Troj/PWSDla-Gen is an information-stealing Trojan for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
13. 3/5: PWSDlb-Gen Trojan Steals Information
Troj/PWSDlb-Gen is an information-stealing Trojan for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
14. 3/5: VirFire-A a Windows Virus
W32/VirFire-A is a virus for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
15. 3/5: Sdbot-DKE Worm Copies Itself, Creates Files
W32/Sdbot-DKE is a worm for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
16. 3/5: Dwnldr-ZLA Trojan Drops, Executes Files
Troj/Dwnldr-ZLA is a Trojan for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
17. 3/5: Monagrey Trojan Modifies IE Start Page
Monagrey is a Trojan that modifies IE start page and prevents common applications from
running.
http://nl.internet.com/ct.html
------------------------------
18. 3/4: Agent.FRV Trojan May be Unknowingly Downloaded
Troj_Agent.FRV is a Trojan that may be downloaded unknowingly by a user when visiting
certain malicious Web sites.
http://nl.internet.com/ct.html
------------------------------
19. 3/4: Agent-GRF Trojan Copies Itself
Troj/Agent-GRF is a Trojan for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
20. 3/4: Agent-GRE Trojan Installs FIle
Troj/Agent-GRE is a Trojan for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
21. 3/4: Repet-A a File Infector With Backdoor Functionality
W32/Repet-A is a file infector with backdoor functionality.
http://nl.internet.com/ct.html
------------------------------
22. 3/4: Agent.FRV Trojan May be Unknowingly Downloaded
Troj_Agent.FRV is a Trojan that may be downloaded unknowingly by a user when visiting
certain malicious Web sites.
http://nl.internet.com/ct.html
------------------------------
23. 3/4: OnLineGames.RYH Trojan Infects Windows Systems
W32/OnLineGames.RYH is a Trojan that infects Windows systems.
http://nl.internet.com/ct.html
------------------------------
24. 3/4: Vimm Virus Infects Executable Files on Local, Remote Drives
W32.Vimm is a virus that infects executable files on local and remote drives.
http://nl.internet.com/ct.html
------------------------------
25. 3/4: Trojan.Monagrey Displays Virus Message
Trojan.Monagrey is a Trojan horse that displays a message stating that the computer is
compromised by the "MonaRonaDona" virus.
http://nl.internet.com/ct.html
------------------------------
26. 3/4: SymbOS/Kiazha.A Trojan Attempts to Extort Money From Device User
SymbOS/Kiazha.A is a Trojan that attempts to extort money from device user.
http://nl.internet.com/ct.html
------------------------------
27. 3/4: SymbOS/MultiDropper.CR Trojan Signs User Up to QQ Account
SymbOS/MultiDropper.CR is a Trojan that attempts to sign the user up to a QQ account.
http://nl.internet.com/ct.html
------------------------------
28. 3/4: SymbOS/SmsSend.F Malware Sends Random SMS Messages
SymbOS/SmsSend.F is a malware that randomly sends SMS messages to a preset number.
http://nl.internet.com/ct.html
------------------------------
29. 3/4: SymbOS/SmsSend.G Trojan Forwards User's SMS to Number
SymbOS/SmsSend.G is a Trojan that forward user’s SMS to a phone number in a
configuration file.
http://nl.internet.com/ct.html
------------------------------
30. 3/4: SymbOS/Beselo Worm Spreads Via MMS
SymbOS/Beselo is a worm that is distributed in a SIS file named "beauty.jpg."
http://nl.internet.com/ct.html
------------------------------
31. 3/3: ExePage-A Trojan Detects Malicious Web Pages
Troj/ExePage-A Trojan detects malicious web pages that will attempt to automatically
download EXE files.
http://nl.internet.com/ct.html
------------------------------
32. 3/3: SillyW-A a Windows Virus
W32/SillyW-A is a virus for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
33. 3/3: Scrapkut-A a Windows Worm
W32/Scrapkut-A is a worm for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
34. 3/3: Diehard.EV.Downloader Trojan Drops Files, Modifies Registry
W32/Diehard.EV.Downloader is a Trojan that will infect Windows systems.
http://nl.internet.com/ct.html
------------------------------
35. 3/3: Mdrop-BQG a Windows Trojan
Troj/Mdrop-BQG is a Trojan for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
36. 3/3: Looked-EF an Executable File Virus
W32/Looked-EF is an executable file virus for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
37. 3/3: Anpir-A Worm Targets Windows
W32/Anpir-A is a worm for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
38. 3/3: ZlobDr-H Trojan Hits Windows
Troj/ZlobDr-H is a Trojan for the Windows platform.
http://nl.internet.com/ct.html
------------------------------
39. 3/3: Scrapkut.worm Sends Orkut Users Scraps of Itself
W32/Scrapkut.worm attempts to spread itself by sending orkut users scraps that contains
the link to the worm itself.
http://nl.internet.com/ct.html
Gerald
.
posted by gerald at
3/07/2008 02:03:00 PM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home