[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] All China, All The Time

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] All China, All The Time
From: r00t <r00t@xxxxxxxxxxx>
Date: Fri, 15 Jan 2010 12:57:52 -1000

Can you explain how this is sophisticated.  It looks to me like most 
decent malware samples I've RE'd:

The result: triple encrypted shell code which downloads multiple 
encrypted binaries used to drop an encrypted payload on a target machine 
which then establishes an encrypted SSL channel to connect to a command 
and control network.

If they are so sophisticated and organized, then why do they continually 
get noticed shortly after the attack.  A major element that you fail to 
realize about these so called sophisticated attacks is stealth and 
persistence, which this attack lacks.

On 1/15/10 12:33 PM, Densmore, Todd wrote:
> Here is my 2 cents on both Google and iiScan
>
> http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/01/15/china-google-and-web-security.aspx
>
> ~todd
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] All China, All The Time
  - From: Marc Maiffret

References:
- Re: [Full-disclosure] All China, All The Time
  - From: Densmore, Todd

Prev by Date: [Full-disclosure] [ MDVSA-2010:007 ] php
Next by Date: [Full-disclosure] [ MDVSA-2010:008 ] php
Previous by thread: Re: [Full-disclosure] All China, All The Time
Next by thread: Re: [Full-disclosure] All China, All The Time
Index(es):
- Date
- Thread