dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
621
share rss forum feed


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

Governments disrupt botnet Gameover ZeuS and ransomware Cryptolocker

DOJ: Gameover Zeus is most sophisticated and damaging botnet "ever encountered."

quote:
WASHINGTON, DC—The Justice Department announced Monday that over the weekend an international law enforcement operation had effectively disrupted a sprawling botnet that delivered “Gameover ZeuS”—a trojan that siphoned passwords to online banking sites from Microsoft Windows computers—as well as the malicious ransomware “Cryptolocker,” which locks individuals out of their own files until they agree to pay ransom to the criminals.
»arstechnica.com/tech-policy/2014···olocker/

US accuses Russian hacker Evgeniy Bogachev of $100m fraud
Bogachev, accused of leading worldwide conspiracy that targeted hundreds of thousands of computers, is not in custody.
»www.theguardian.com/technology/2···0m-fraud


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1

Not in custody? I think we need Mr. Phelps' team, or maybe their grandchildren, to take a trip to Russia. Failing that, there's always SEAL Team 6.



Trihexagonal

join:2004-08-29
US
Reviews:
·AT&T U-Verse
·AT&T Midwest

said by DrStrange:

Not in custody? I think we need Mr. Phelps' team, or maybe their grandchildren, to take a trip to Russia. Failing that, there's always SEAL Team 6.

Yeah, right after we make them withdraw their troops from the Ukraine.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to DrStrange

U.S. officials said Bogachev was last known to be living in the Black Sea resort town of
Anapa.
»www.reuters.com/article/2014/06/···20140603



DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1
reply to Trihexagonal

We didn't make Pakistan do anything when we took out UBL. Send in a covert team, get the job done and get them out. If you want to think even bigger, have the team bring him back to the USA alive for prosecution. We even know where to start looking.

If our spooks weren't so busy spying on their own, maybe we could do this.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to siljaline

Cybercriminal Bogachev fesses to having written Zeus
»www.reuters.com/article/2014/06/···20140602



Parad0X787
"If U know neither the enemy nor yoursel
Premium
join:2013-09-17
Edmonton, AB

1 recommendation

reply to siljaline

Solution or defence 4 YOU "How to protect yourself against Gameover Zeus and other botnets" ....[ »www.pcworld.com/article/2357528/···ets.html ]



Trihexagonal

join:2004-08-29
US
Reviews:
·AT&T U-Verse
·AT&T Midwest

1 edit
reply to DrStrange

said by DrStrange:

We didn't make Pakistan do anything when we took out UBL. Send in a covert team, get the job done and get them out.

You're equating the guy who wrote this software to UBL and advocating "taking him out"?

Switch to Linux or BSD. Problem solved. I don't have an AV program, Flash, or Java on my FreeBSD box, or a cellphone either, so I'm not going to sweat it.


novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH

1 recommendation

Actually no problem not solved. Linux etc all have security flaws for one. And 2 and the biggest.
Bot nets can be re-purposed with ease to do pretty much any thing.
Sending out millions of spam emails for ______ fill in the blank to cracking pass words with the good old brute force method. When you have who knows how many bots in the bot net all working on any given password a pass that would take 1000s to 100s of 1000s of years to crack is suddenly cracked in weeks to hours depending on how many bots are involved.

Point is even if you do not get infected by a bot for a bot net they do effect you.
You think all the true spam that hits your email inbox daily is coming from one website or persons computer? Hell no. By true spam i mean non opted in for stuff. The random junk that hits every one. It all comes from botnets that are randomly creating emails addresses to send out to. Like randomly dialing a phone number (robo dialing). These bot nets do the same with strings of letters numbers and first and last name lists coupled with common domain names. The bot just assembles all the different bits of the email address and sends. Many bounce but many do not. It is why the email account i set up for my hackdroid kindle fire is starting to get hit with spam. I have not used that account for any thing but a google play log in. An yet it already gets 5 to 10 spam mails daily. It is about 3 weeks old now. Another couple months and it will get 30+ a day. If i was to click any link it would get hammered. As this would tell the bot net that it is a active email that is monitored. It would then step up it's game and sell my email addy to other companies. and we all know the rest.



novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
reply to Parad0X787

That will only protect you from becoming part of the bot net. It will not protect you from the botnet doing what ever it does. Spaming you etc.



Trihexagonal

join:2004-08-29
US
Reviews:
·AT&T U-Verse
·AT&T Midwest
reply to novaflare

I hate to disappoint you, but the spam folder on my ISP account email box (my only email box), is, and for years has been, empty. I don't use email at all and the only notices I ever get are from ebay or paypal.

Russia is not Pakistan, it spans 9 timezones, and Putin has already thumbed his nose at US. Just how is this Seal team going to make it in to "take him out", then get back home?

And what about the guy who writes the next exploit? Take him out? What about the guys who wrote all the past exploits? Sub7, BO, Trinoo, etc. Take them out too?

MS always has been, and always will be, vulnerable to exploits, and there always have been, and most likely always will be, people who can't control their clicking finger or just have to see that pic of Britney nakey.



Trihexagonal

join:2004-08-29
US
Reviews:
·AT&T U-Verse
·AT&T Midwest
reply to novaflare

quote:
Anti-virus pioneer Alan Solomon thinks anti-virus is dead. He uses Linux instead

Symantec has done a “Gerald Ratner”, quips Britain's other Doctor

British anti-virus pioneer Dr Alan Solomon is so convinced that AV software no longer works that he gave up using it a “long time ago” and solved his security worries by moving from Windows to Linux, the iconic figure has said in a blog.

John McAfee rubbishing the software that still carries his name was one thing but Solomon’s more clinical disassembly of an industry he helped create in the 1990s with Dr Solomon’s highly-regarded Anti-Virus Toolkit (bought by Network Associates in 1998 for $642 million) is more like a well-aimed punch in the solar plexus.

Describing Symantec’s recent declaration that antivirus is “dead” as a “Gerald Ratner” moment [see endnote], Solomon goes on to deliver the coup de grâce.

“I stopped using an antivirus a long time ago, because I couldn't see how it could work in a world where you would need daily updates, which means that each update is tested for ... how long? Not very long, obviously. Because these days, we're looking at around 100,000 new malware samples PER DAY. Or 200,000, depending on who you talk to.

In the AV industry’s early days in the late 1980s, viruses appeared so infrequently that he’d had telephone conversations with other experts when no new samples appeared for two months, he wrote

“Happy days!,” quips Solomon who then goes on to use the ‘L’ word.

“Instead, I switched to Linux. There doesn't seem to be much malware for Linux. I don't know why. Some say it's because Linux's security is better, some say it's because fewer people use it. I'm not really bothered.”

»blogs.techworld.com/war-on-error···ndex.htm

I.e: He's not sweating it either.


novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH

From the article quote. Ill say this it is because fewer people use it. I have had linux boxes on and off through the years (20 or more years) And many if not the majority of the updates were for security flaws. Many of those not all were for privilege escalation vulnerabilities. Sure ok most of those ones are applicable only to local users. But isn't a user logged in to a shell account in essence a local user? If so then those vulnerabilities can be used by said user if they have something more than a bare min access level. Even if this is not the case. There are plenty that could be exploited to allow root access to a linux box. The only reason why malware authors etc do not do so is a lack of market share. This is nothing more than security by obscurity. I ean seriously windows 3.11 hooked up to the net is likely as secure if not more secure than linux. After all who uses windows 3.1x? Point is only real protection linux or for that matter even apple has is it having to little market share. If when ither os hits a high enough market share the users of that os are going to get royally hosed with malware. To a huge degree. Added effect they will not have any way to get rid of the junk. Actually lets go further they will not even know it is on there.

There was a example a few years back of just such a case. IK always mix up the 2 worms now but there was code red and nimda. One effected apache servers regardless of os they ran on. I was working on a indie game with some friends one friend ran a web server and ftp server for us on his linux box. One day i was browsing the ftp and found some odd files in a directory. It turned out he was infected with the worm. Further snooping on his part showed his server was activly trying to infect other servers. Amount of user interaction for him to be infected was zero.

Yeh ms has had their own worms such as sasser and ms blaster. I was cleaning those nasties off manually before any tool existed to remove them. To keep the comp from auto rebooting i canceled the administrative shut down using a looping bat file then proceded to remove and replace the infected files. Was so freaking simple it wasn't even funny. Less than a hour to figure out how to fix and less than 5 minutes to fix. For my friend to clean up his linux box get the patches etc took hours. How long he was infected is any ones guess. It is impossible to know how many other servers were compromised by his server.

So go ahead and talk about how secure linux is and quote articles till the cows come home and leave again if you like. Fact is it is human made software and is just as flawed as the humans who made it. Just like windows just like ios ,mac os, bsd, dos and every single server or 200kb app in existence.

I have literally billions of programs for windows i can just download or buy and install and run with out any chasing of dependencies. You will always have to chase down such things on linux on a daily basis. There are just to many flavors of linux each missing files needed to run program x. And no reason to rehash the fact that many high end graphics programs just have no viable linux or even mac os counterpart. 3d max can run on a mac under boot camp with windows 7 but oops it is running on windows 7 on mac hardware. Good luck ever getting max or the like to run on linux with any form of emulation. 3d studio max is still the most widely used 3d program in games movies and tv shows and likely always will be. It is cheap compared to some others with its 3500 or under price point. Its power can not be matched for fine work or ruff in work.

The trade off moving to linux is far from worth it or moving to any other os for that matter. Android has some potential to make huge inroads in to the pc and laptop market and companies like autodesk already have apps that are mind boggling that run on it.With better input devices (touch screens keyboards mice etc) there's no reason why android in some form could not be used just like a pc. And guess what it will get its own serious malware infections just like windows when it does. Hell it already has its fair share. Android has the market share to be attractive to spyware vendors as does ios candy crush spyware any one? or any king game all candy crush with different graphics. On a funny note about candy crush etc. I have a beater obama phone that was given to me. I use its minutes up pretty quick. One day a friend calls me from his iphone with candy crush installed and running and next thing i know i get a txt wanting me to install candy crush saga.If that isn't malware i don't know what is.

But hey those oses are all super secure go figure. Rooted kindle fire hd 8.9 any one? how about a jail broken iphone with ios 7.11 don't want tethered ok then 7.04 or 7.06. Can even do them remotely. I think we can all see the point here. No os is secure by default. It is only secure as the person/s who made it. If they have flaws their program has flaws and sense we as humans are all flawed every thing we make is also flawed.

A genius friend of mine (he is certified genius) says this "as a genius im better in one way only. I know i screwed something up faster than a non genius" In other words him with his crazy high iq still makes just as many mistakes as any one else. Some times he just gets lucky and fixes them before he gets to actually making them.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

reply to DrStrange

said by DrStrange:

We didn't make Pakistan do anything when we took out UBL. Send in a covert team, get the job done and get them out. If you want to think even bigger, have the team bring him back to the USA alive for prosecution. We even know where to start looking.

If our spooks weren't so busy spying on their own, maybe we could do this.

Hmm.... Russia is not only a sovereign nation, but one possessing a significant modern military capability up to and including a major nuclear attack force. Going in uninvited with a military strike team to deal with anything on their soil would be... uhmm... distinctly 'un-cool'. Some might even say "hostile". Ponder the reaction of the US if a Russian Spetznaz unit showed up uninvited and unilaterally in Miami and took down some crime figure. All moral issues aside, that sort of approach is an excellent way to start a thermonuclear war.
--
The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- A. de Tocqueville


Trihexagonal

join:2004-08-29
US
Reviews:
·AT&T U-Verse
·AT&T Midwest

1 edit
reply to novaflare

Did I say Linux or BSD didn't have vulnerabilities or had never been exploited? There are rootkits and FreeBSD was vulnerable to the Li0n worm. I don't use Linux so I'm not that familiar with exploits for it.

I won't post another link or story, I'll just refer you to the OP:

quote:
WASHINGTON, DC—The Justice Department announced Monday that over the weekend an international law enforcement operation had effectively disrupted a sprawling botnet that delivered “Gameover ZeuS”—a trojan that siphoned passwords to online banking sites from Microsoft Windows computers—as well as the malicious ransomware “Cryptolocker,” which locks individuals out of their own files until they agree to pay ransom to the criminals
ZeuS and Cryptolocker both target Windows computers, not Linux or BSD, as I assume do most if not all all the 100,000-200,000 daily malware submissions to AV vendors mentioned in the article I already provided.

If you choose to stay with Windows, for whatever reason, that's your decision. I just hope you don't feel like you have to "take out" anyone who writes malware for it.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Parad0X787

quote:
The FBI has released a wanted notice for 30-year-old Russian national Evgeniy Mikhailovich Bogachev, whom they allege to be the mastermind behind both the Gameover ZeuS and the even more infamous CryptoLocker ransomware.
»www.theregister.co.uk/2014/06/03···akedown/

Keeping in mind the US has no extradition treaty with Russia & the shutdown of Gameover Zeus may not last. Other botnets have resurfaced as criminals regained at least partial control of their networks.


Parad0X787
"If U know neither the enemy nor yoursel
Premium
join:2013-09-17
Edmonton, AB

Right ..... & who knows, one day he want to see another part of the world { GAME_OVER }



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

What is Gameover Zeus and does ESET protect me from it?
»kb.eset.com/esetkb/index?page=co···SOLN3538

Further reading: GameOver Zeus and Cryptolocker: Law enforcement hits gang responsible -
»www.welivesecurity.com/2014/06/0···-wanted/



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable
reply to siljaline

The other story here is about the out of touch US laws regarding computer access issues.
The Gov't agents & operators that took control of the botnet got federal court authorization to act on the botnet as far as the court could allow under current law.

While the authorization sanctioned much of actions taken by the Federal team it still left a few necessary steps in the process technically illegal.

I don't imagine any flak will ever be seen about the technically illegal steps that absolutely needed to be taken to accomplish the task, this isn't the first or last time that Gov't sanctioned activity ran face first against current law but at some point the Gov't should honestly face the issue of updating computer access laws because a wink & a backroom isn't going to be sufficient forever.