Pages

Sunday, October 10, 2010

WarIntel Bot probe

Our COWs have been busy.


Cyber overwatch picked up some anomalies.
And turned it over to Counter Surveillance.



They identified it as a small probing bot attack.
Fewer than 100. This is at least their second
probe.

Under our self defense paradigm,
this is an attack, computers controlled
by a third party, and our "rules of Engagement"
apply.
Barb looked at some of the Bots and they
have been infected Via Binary Planting.

Called "binary planting" and "DLL load hijacking"
by others. This was discovered in the wild again
 a month ago.

Many Windows applications don't call DLLs using a full path name, but instead use only the filename, giving hackers wiggle room that they can then exploit by tricking an application into loading a malicious file with the same title as a required DLL. If attackers can dupe users into visiting malicious Web sites or remote shared folders, or get them to plug in a USB drive -- and in some cases con them into opening a file -- they can hijack a PC and plant malware on it.

Binary planting or DLL hijacking attacks have been known about for at least 10 years, and Microsoft was again informed of the problem in August 2009 by researchers at the University of California Davis.

This looks like a probing DOS attack, but as our
blog is on Google servers they will be handling it.

We have deployed BSUs and remain vigilant 
and are back tracking.
Cyber Weapons have been issued.
Barb is in a very good mood.


If you have trouble getting to our Blog,
you will know whats going on.




Gerald
Internet Anthropologist
Tactical Internet Systems analyst


Locations of Bots:




 United Telecom Of Georgia (77.92.241.xxx)

Georgia Tbilisi, Dushet'is Raioni, Georgia, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:20Page ViewNo referring link
magnify this user Nib (national Internet Backbone) (117.193.49.xxx)

India Madras, Tamil Nadu, India, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:13Page ViewNo referring link
magnify this user On-vol Cable Internet (92.251.100.xxx)

Malta Qala, Malta, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:11Page ViewNo referring link
magnify this user Sympatico (174.89.60.xx)

Canada Barrie, Ontario, Canada, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:11Page ViewNo referring link
magnify this user Telekom Malaysia Berhad (115.135.222.xxx)

Malaysia Kuala Terengganu, Terengganu, Malaysia, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:10Page ViewNo referring link
magnify this user Dynamic Ip For Broadband Service (182.52.46.xx)

Thailand Nakhon Si Thammarat, Thailand, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:09Page ViewNo referring link
magnify this user Uab Kauno Interneto Sistemos (87.239.83.xx)

Lithuania Kaunas, Kauno Apskritis, Lithuania, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:08Page ViewNo referring link
magnify this user Smart Broadband Incorporated (121.1.11.xxx)

Philippines Manila, Philippines, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:08Page ViewNo referring link
magnify this user Road Runner (174.108.28.xxx)

United States Salisbury, North Carolina, United States, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:08Page ViewNo referring link
magnify this user Mahanagar Telephone Nigam Ltd. (120.60.4.xxx)

India Mumbai, Maharashtra, India, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:07Page ViewNo referring link
magnify this user Pt. Telekomunikasi Selular (telkomsel) Indonesia (114.121.40.xxx)

Indonesia Jakarta, Jakarta Raya, Indonesia, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:06Page ViewNo referring link
magnify this user Tm, Adsl Service Provider, Malaysia (124.82.196.x)

Malaysia Betong, Sarawak, Malaysia, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:04Page ViewNo referring link
magnify this user Centurytel Internet Holdings (99.194.137.xxx)

United States Foley, Alabama, United States, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:03Page ViewNo referring link
magnify this user Digitelone (203.213.198.xx)

Philippines Manila, Philippines, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:03Page ViewNo referring link
magnify this user Cyberworld Di Carlone Massimo (78.5.89.xx)

Italy Procida, Campania, Italy, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:02Page ViewNo referring link
magnify this user Comcast Cable (98.251.66.xxx)

United States Ellenwood, Georgia, United States, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:01Page ViewNo referring link
magnify this user Sbc Internet Services (99.63.252.xxx)

United States Columbus, Ohio, United States, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:01Page ViewNo referring link
magnify this user Sbc Internet Services (99.106.203.xx)

United States New Haven, Connecticut, United States, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:01Page ViewNo referring link
magnify this user Zedteknoloji Internet Hizmetleri (178.211.49.xxx)

Turkey Istanbul, Turkey, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:01Page ViewNo referring link
magnify this user Com Hem Ab (213.89.204.xxx)

Sweden Bromma, Stockholms Lan, Sweden, 0 returning visits

DateTimeTypeWebPage
10th October 201012:09:01Page ViewNo referring link

One page.
IPs have been sanitized for privacy reasons.
We have 4 pages of these .
Barb


.
.
at

No comments:

Post a Comment