dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
46

Sparrow
Crystal Sky
Premium Member
join:2002-12-03
Sachakhand

Sparrow to Link Logger

Premium Member

to Link Logger

Re: Nachi the new champion bad boy

One thing I would like to see is a more conclusive map of the worldwide infection as in the maps here: »www.hackerwatch.org/map/ ··· period=1 These maps are only showing participants in HackerWatch, which I would conclude to mean, "educated" users.

I think this is a pretty fair assessment of the indiscriminate browsing habits in the US, and parts of Western Europe. I know some countries (i.e.: India) can not stay online the amount of time the average US surfer does, simply to conserve electrical power. Fax machines are turned off at night to conserve energy. By the same token, less systems become infected and/or infect others.

How to educate the average user, especially in the "first world" countries should be the primary goal, but this is a near impossible task without interference from the powers that be (i.e.: governmental regulation). It would be a matter of privacy v. security, and we all know the uproar that would cause. Big Brother is already thinking along these lines, as they too understand the ramifications and destruction that can, in the not-so-distant future ensue.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

You might want to look into DeepSight at Symantec which my partner and myself designed and built while at SecurityFocus (my partner stayed on so now he is a Symantec kind of guy ). There is a free component that you can join (see »aris.securityfocus.com ) and there are all sorts of global reports and analysis available(most are in the $ side however, but still there is a lot that is free). The idea is you send your IDS logs (supported systems here »analyzer.symantec.com/re ··· ents.asp ) to DeepSight and you can use DeepSight to create all sorts of reports and such.

Blake

Sparrow
Crystal Sky
Premium Member
join:2002-12-03
Sachakhand

Sparrow

Premium Member

said by Link Logger:
You might want to look into DeepSight at Symantec which my partner and myself designed and built while at SecurityFocus (my partner stayed on so now he is a Symantec kind of guy ). There is a free component that you can join (see »aris.securityfocus.com ) and there are all sorts of global reports and analysis available(most are in the $ side however, but still there is a lot that is free). The idea is you send your IDS logs (supported systems here »analyzer.symantec.com/re ··· ents.asp ) to DeepSight and you can use DeepSight to create all sorts of reports and such.

Blake

I will assume that help will soon be on its way here.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to Sparrow

Premium Member

to Sparrow

Re: Nachi - map link

Hi CS,

As for a map, I have this one on a on the ol' browser Links bar... Data gathered from Housecall scans.

»www.trendmicro.com/map/

I *definitely* agree end users need to be educated! I've attended several meetings where FBI agents, US Attorneys, Law enforcement and military representatives are eagerly encouraging private industry folks like myself to work with them. Their efforts are quite remarkable.

We can make a difference - I intend to use all the resources they provide to do my small piece to work to a more secure, private, reliable and functional global system of communications.

I'll post all that's appropriate for public forums here ... Any non-public or restricted items will have to be distributed through channels authorized for same.

HTH

EG
Expand your moderator at work

Sparrow
Crystal Sky
Premium Member
join:2002-12-03
Sachakhand

Sparrow to EGeezer

Premium Member

to EGeezer

Re: Nachi - map link

said by EGeezer:
Hi CS,

As for a map, I have this one on an ol' browser Links bar... Data gathered from Housecall scans.

»www.trendmicro.com/map/
...................

We can make a difference - I intend to use all the resources they provide to do my small piece to work to a more secure, private, reliable and functional global system of communications.

HTH
EG

Thank you for the link, EG. I was surprised to see that Asia is in third place. This is precisely why I like the idea of the maps. It is a good learning and teaching tool to show worldwide internet habits.

The computer is not just a toy, and although we can still have fun with it, end-users need to understand the necessity of safe computing. No matter what the extra-curricular activity one is involved in there are risks involved, and understanding what those risks are and how to avoid them are all part of playing the game. Sometimes the old clichés just fit.

I think the fact that Nachi was almost (or was) designed as a counter-attack against W32/Blaster-A, requires some reading between the lines. Who knows what the creator of Nachi was thinking. They were even kind enough to apologize to Zhongli (perhaps the creator's wife?) in the hidden signature:
Once running, it will attempt to remove W32/Msblast.A from that system, as well as attempting to update the system with the security patch from Microsoft which addresses this vulnerability.

The worm contains the following string, never exposed to the end user:

"=========== I love my wife & baby ~~~ Welcome Chian~~~ Notice: 2004 will remove myself ~~ sorry zhongli~~~========== wins"
»www.f-prot.com/virusinfo ··· i_A.html
Hopefully we will all win in the end.

P.S. The smilies are part of the sig as well...