Crimeware

~BD~ · Jun 28, 2008

Crimeware is still in its infancy with regard to the evolution of malware,

and does not have an official definition. However, as its name implies,

crimeware is malicious software used to initiate a crime that is typically

Internet-based. During the past two years, crimeware attacks have increased

at a far greater rate than the normal virus. International gangs of virus

writers, hackers and spammers are joining forces to steal information and

collect huge profits illegally.

Read here ........ and review the graph! http://www.kaspersky.com/crimeware

So ............... just how is it being done?

Dave

~BD~ · Jun 28, 2008

Thanks for responding, Dan.

Interesting thought!

BD

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:4066BDA5-0C35-444C-913D-4623DD644426@microsoft.com...

> Well, you must remember, the hackers have computer experts on their side

> as

> well as their being computer experts on our side. There are a lot of

> different techniques that can be used in hacking that include such things

> as

> port scanning to look for vulnerable ports. Unfortunately, many of these

> port scans are coming from Chinese servers and whether the Chinese

> government

> is directly involved is unknown but would not be surprising. However, the

> hackers could indeed be smart enough to route themselves through China and

> make it appear the Chinese were to blame and that would indeed be really

> mean

> and malicious. I could go on and on but it would be too long a post.

>

> "~BD~" wrote:

>

>> Crimeware is still in its infancy with regard to the evolution of

>> malware,

>> and does not have an official definition. However, as its name implies,

>> crimeware is malicious software used to initiate a crime that is

>> typically

>> Internet-based. During the past two years, crimeware attacks have

>> increased

>> at a far greater rate than the normal virus. International gangs of virus

>> writers, hackers and spammers are joining forces to steal information and

>> collect huge profits illegally.

>>

>> Read here ........ and review the graph!

>> http://www.kaspersky.com/crimeware

>>

>> So ............... just how is it being done?

>>

>> Dave

>>

>>

>>

>>

>>

>>

>>

>

Dan · Jun 28, 2008

You are most welcome. I do like grc.com that you can use with Internet

Explorer to see if you have any ports that are not hidden on the first 1000+

ports by doing a scan. You can also check individual ports if you are

concerned about them.

Root Kit · Jun 28, 2008

On Sat, 28 Jun 2008 08:46:01 -0700, Dan

<Dan@discussions.microsoft.com> wrote:



>You are most welcome. I do like grc.com that you can use with Internet

>Explorer to see if you have any ports that are not hidden on the first 1000+

>ports by doing a scan. 

If by hidden you mean "stealth", how do you (with the help of

mentioned tool) distinguish between a port which is filtered (or

"stealthed") and a port occupied by a malware waiting for instructions

on a UDP port?

VanguardLH · Jun 28, 2008

"~BD~" in <news:#4#JejS2IHA.6096@TK2MSFTNGP06.phx.gbl> wrote:



> Crimeware is still in its infancy with regard to the evolution of malware,

> and does not have an official definition. However, as its name implies,

> crimeware is malicious software used to initiate a crime that is typically

> Internet-based. During the past two years, crimeware attacks have increased

> at a far greater rate than the normal virus. International gangs of virus

> writers, hackers and spammers are joining forces to steal information and

> collect huge profits illegally.

>

> Read here ........ and review the graph! http://www.kaspersky.com/crimeware

>

> So ............... just how is it being done?

>

> Dave

First thing that came to mind when I saw Crimeware was my Smith &

Wession 5606 semi-auto .45 stainless; see a picture at:

http://www.gundealersonline.com/members/us...O_SW_4046_b.JPG

Not mine. Mine has a lasersight and extended magazine. BANG, my

crimeware works again. Dang, now I have to replace my monitor.

~BD~ · Jun 28, 2008

"Root Kit" <b__nice@hotmail.com> wrote in message

news

guc64d1g17d55iik4qgq28upb6664560n@4ax.com...

> On Sat, 28 Jun 2008 08:46:01 -0700, Dan

> <Dan@discussions.microsoft.com> wrote:

>

>>You are most welcome. I do like grc.com that you can use with Internet

>>Explorer to see if you have any ports that are not hidden on the first

>>1000+

>>ports by doing a scan.

>

> If by hidden you mean "stealth", how do you (with the help of

> mentioned tool) distinguish between a port which is filtered (or

> "stealthed") and a port occupied by a malware waiting for instructions

> on a UDP port?

>

I personally have no idea, John (I call people I don't know by that name;

surprisingly, about 70% of the time it turns out to be correct! <g&gt

I've used the grc.com site on many occasions (as have several million

others!) If you are aware of any other programme which can carry out a

similar safety check, perhaps you'll let us know Root Kit (John!). TIA

Dave

David H. Lipman · Jun 28, 2008

From: "~BD~" <BoaterDave@nospam.invalid>

| Crimeware is still in its infancy with regard to the evolution of malware,

| and does not have an official definition. However, as its name implies,

| crimeware is malicious software used to initiate a crime that is typically

| Internet-based. During the past two years, crimeware attacks have increased

| at a far greater rate than the normal virus. International gangs of virus

| writers, hackers and spammers are joining forces to steal information and

| collect huge profits illegally.

| Read here ........ and review the graph! http://www.kaspersky.com/crimeware

| So ............... just how is it being done?

| Dave

Most well known, RBN.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

~BD~ · Jun 28, 2008

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:uVQa5zV2IHA.5564@TK2MSFTNGP06.phx.gbl...

> From: "~BD~" <BoaterDave@nospam.invalid>

>

> | Crimeware is still in its infancy with regard to the evolution of

> malware,

> | and does not have an official definition. However, as its name implies,

> | crimeware is malicious software used to initiate a crime that is

> typically

> | Internet-based. During the past two years, crimeware attacks have

> increased

> | at a far greater rate than the normal virus. International gangs of

> virus

> | writers, hackers and spammers are joining forces to steal information

> and

> | collect huge profits illegally.

>

> | Read here ........ and review the graph!

> http://www.kaspersky.com/crimeware

>

> | So ............... just how is it being done?

>

> | Dave

>

> Most well known, RBN.

>

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

>

Is this the RBN to which you refer, David H Lipman?

The infamous Russian Business Network (RBN)

http://blog.trendmicro.com/rbn-goes-poof/

If so ............ thank you! style_emoticons/

Dave

~BD~ · Jun 28, 2008

Great response .............. 10/10 for you, Vanguard!

If you really do have such a weapon, for what do you use it? (Apart from

assasinations, that is!)

Dave

"VanguardLH" <V@nguard.LH> wrote in message

news:RL-dne-Cx5LvCvvVnZ2dnUVZ_q7inZ2d@comcast.com...

> "~BD~" in <news:#4#JejS2IHA.6096@TK2MSFTNGP06.phx.gbl> wrote:

>

>> Crimeware is still in its infancy with regard to the evolution of

>> malware,

>> and does not have an official definition. However, as its name implies,

>> crimeware is malicious software used to initiate a crime that is

>> typically

>> Internet-based. During the past two years, crimeware attacks have

>> increased

>> at a far greater rate than the normal virus. International gangs of virus

>> writers, hackers and spammers are joining forces to steal information and

>> collect huge profits illegally.

>>

>> Read here ........ and review the graph!

>> http://www.kaspersky.com/crimeware

>>

>> So ............... just how is it being done?

>>

>> Dave

>

> First thing that came to mind when I saw Crimeware was my Smith &

> Wession 5606 semi-auto .45 stainless; see a picture at:

>

> http://www.gundealersonline.com/members/us...O_SW_4046_b.JPG

>

> Not mine. Mine has a lasersight and extended magazine. BANG, my

> crimeware works again. Dang, now I have to replace my monitor.

>

David H. Lipman · Jun 28, 2008

From: "~BD~" <BoaterDave@nospam.invalid>

| Is this the RBN to which you refer, David H Lipman?

| The infamous Russian Business Network (RBN)

| http://blog.trendmicro.com/rbn-goes-poof/

| If so ............ thank you! style_emoticons/

| Dave

Read ALL of the following. You like conspiracies, this will keep 'ya busy.

http://en.wikipedia.org/wiki/Russian_Business_Network

http://rbnexploit.blogspot.com/

http://www.spamhaus.org/rokso/listing.lass...iness%20Network

http://www.crime-research.org/analytics/cybercrime1302/

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Root Kit · Jun 29, 2008

On Sat, 28 Jun 2008 21:04:35 +0100, "~BD~" <BoaterDave@nospam.invalid>

wrote:



>

>"Root Kit" <b__nice@hotmail.com> wrote in message

>news

guc64d1g17d55iik4qgq28upb6664560n@4ax.com...

>> On Sat, 28 Jun 2008 08:46:01 -0700, Dan

>> <Dan@discussions.microsoft.com> wrote:

>>

>>>You are most welcome. I do like grc.com that you can use with Internet

>>>Explorer to see if you have any ports that are not hidden on the first

>>>1000+

>>>ports by doing a scan.

>>

>> If by hidden you mean "stealth", how do you (with the help of

>> mentioned tool) distinguish between a port which is filtered (or

>> "stealthed") and a port occupied by a malware waiting for instructions

>> on a UDP port?

>>

>

>I personally have no idea, John (I call people I don't know by that name;

>surprisingly, about 70% of the time it turns out to be correct! <g&gt

Maybe it's because you can't. If you didn't deal with this foolish

"stealth" security theater, you would. What you want is to avoid

unnecessary open ports. Whether they are otherwise closed or

"stealthed" makes no difference in terms of security. "Stealth" only

makes you feel better.



>I've used the grc.com site on many occasions (as have several million

>others!) 

Since when did volume say anything about quality?

ShieldsUp is mainly a promotion tool. SU is good for one thing and one

thing only: To quickly check if some kind of packet filter is in place

either on your machine or somewhere upstream. That's it. Nothing more.



>If you are aware of any other programme which can carry out a

>similar safety check, perhaps you'll let us know Root Kit (John!). TIA

Well, how about first of all checking your listening sockets on the

machine itself by using something as simple as the cmd netstat? - Or

for a more graphic experience use "TCPview" from MS-sysinternals or my

personal favorite "CurrPorts" from NirSoft.

These will tell you all you need to know about what services are

listening on what ports. For best security, you should have only the

ones absolutely necesaary. If you then want to check from the outside

to see if those are available or filtered, at least use an nmap-based

service like the one available at

http://www.linux-sec.net/Audit/nmap.test.gwif.html

And always remember that if you connect through some kind of gateway

(e.g. a router), that's the one being examined and not your machine

itself.

~BD~ · Jun 29, 2008

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:eBT$YPX2IHA.416@TK2MSFTNGP04.phx.gbl...

> From: "~BD~" <BoaterDave@nospam.invalid>

>

>

> | Is this the RBN to which you refer, David H Lipman?

> | The infamous Russian Business Network (RBN)

> | http://blog.trendmicro.com/rbn-goes-poof/

>

> | If so ............ thank you! style_emoticons/

>

> | Dave

>

> Read ALL of the following. You like conspiracies, this will keep 'ya

> busy.

>

> http://en.wikipedia.org/wiki/Russian_Business_Network

>

> http://rbnexploit.blogspot.com/

>

> http://www.spamhaus.org/rokso/listing.lass...iness%20Network

>

> http://www.crime-research.org/analytics/cybercrime1302/

>

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

>

Many thanks for the links, David. I've had a brief look and will explore

further when time permits.

Others reading here may just be interested too!

Cheers

BD

~BD~ · Jun 29, 2008

"Root Kit" <b__nice@hotmail.com> wrote in message

news:tsge645qsn674u3slk7e6ac5u4gi1uv4it@4ax.com...

> On Sat, 28 Jun 2008 21:04:35 +0100, "~BD~" <BoaterDave@nospam.invalid>

> wrote:

>

>>

>>"Root Kit" <b__nice@hotmail.com> wrote in message

>>news

guc64d1g17d55iik4qgq28upb6664560n@4ax.com...

>>> On Sat, 28 Jun 2008 08:46:01 -0700, Dan

>>> <Dan@discussions.microsoft.com> wrote:

>>>

>>>>You are most welcome. I do like grc.com that you can use with Internet

>>>>Explorer to see if you have any ports that are not hidden on the first

>>>>1000+

>>>>ports by doing a scan.

>>>

>>> If by hidden you mean "stealth", how do you (with the help of

>>> mentioned tool) distinguish between a port which is filtered (or

>>> "stealthed") and a port occupied by a malware waiting for instructions

>>> on a UDP port?

>>>

>>

>>I personally have no idea, John (I call people I don't know by that name;

>>surprisingly, about 70% of the time it turns out to be correct! <g&gt

>

> Maybe it's because you can't. If you didn't deal with this foolish

> "stealth" security theater, you would. What you want is to avoid

> unnecessary open ports. Whether they are otherwise closed or

> "stealthed" makes no difference in terms of security. "Stealth" only

> makes you feel better.

>

>>I've used the grc.com site on many occasions (as have several million

>>others!)

>

> Since when did volume say anything about quality?

OK - you win! style_emoticons/



>

> ShieldsUp is mainly a promotion tool. SU is good for one thing and one

> thing only: To quickly check if some kind of packet filter is in place

> either on your machine or somewhere upstream. That's it. Nothing more.

>

>>If you are aware of any other programme which can carry out a

>>similar safety check, perhaps you'll let us know Root Kit (John!). TIA

>

> Well, how about first of all checking your listening sockets on the

> machine itself by using something as simple as the cmd netstat?

I'd never come across this before ............ I've found

http://technet.microsoft.com/en-gb/library...echNet.10).aspx and

will explore further IDC. Thanx.

- Or

> for a more graphic experience use "TCPview" from MS-sysinternals

I found this:- http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx

and have downloaded same. I've had a quick look, but will study later. Many

thanks. style_emoticons/

or my

> personal favorite "CurrPorts" from NirSoft.

I found it here: http://www.nirsoft.net/utils/cports.html Again, I've had

a quick look, but will study later. Many thanks. style_emoticons/



>

> These will tell you all you need to know about what services are

> listening on what ports. For best security, you should have only the

> ones absolutely necesaary. If you then want to check from the outside

> to see if those are available or filtered, at least use an nmap-based

> service like the one available at

> http://www.linux-sec.net/Audit/nmap.test.gwif.html

I've had a quick look. Never seen it before! Lots to investigate. Thank you

once more! style_emoticons/



>

> And always remember that if you connect through some kind of gateway

> (e.g. a router), that's the one being examined and not your machine

> itself.

>

I do use a router ............... and connect wirelessly.

There's a lot to learn about 'computing' - when I started to learn they had

thermionic valves and the transistor was in its infancy! How things have

changed!

I really appreciate your guidance, John. (That's Root Kit, aka Straight

Talk, I believe!)

Thank you.

BD

Steve Riley [MSFT] · Jun 30, 2008

A comment about the "Chinese threat." It's popular to lay blame on an

ambiguous thing called "the Chinese" whenever someone feels the need to

restoke fear and zealotry toward "the other." However, there is very little

real evidence that "the Chinese" are doing anything they get blamed for.

Latest example:

http://blog.wired.com/27bstroke6/2008/06/f...r-white-ho.html

I've been to Beijing and Shanghai several times. China can barely keep its

internal house in order, what with 1.3 billion people all migrating to the

cities, a rapidly growing middle class and its attendant exacerbation of

personal greed, and the never-before-seen blending of a market economy with

a communist government.

As another example of the sheer complexity at making something like modern

China work, check out James Fallows's chronicling of the environment in

Beijing as they prepare for the Olympics.

http://jamesfallows.theatlantic.com/

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

http://www.protectyourwindowsnetwork.com

"~BD~" <BoaterDave@nospam.invalid> wrote in message

news:ORnz62S2IHA.1772@TK2MSFTNGP03.phx.gbl...

> Thanks for responding, Dan.

>

> Interesting thought!

>

> BD

>

> "Dan" <Dan@discussions.microsoft.com> wrote in message

> news:4066BDA5-0C35-444C-913D-4623DD644426@microsoft.com...

>> Well, you must remember, the hackers have computer experts on their side

>> as

>> well as their being computer experts on our side. There are a lot of

>> different techniques that can be used in hacking that include such things

>> as

>> port scanning to look for vulnerable ports. Unfortunately, many of these

>> port scans are coming from Chinese servers and whether the Chinese

>> government

>> is directly involved is unknown but would not be surprising. However,

>> the

>> hackers could indeed be smart enough to route themselves through China

>> and

>> make it appear the Chinese were to blame and that would indeed be really

>> mean

>> and malicious. I could go on and on but it would be too long a post.

>>

>> "~BD~" wrote:

>>

>>> Crimeware is still in its infancy with regard to the evolution of

>>> malware,

>>> and does not have an official definition. However, as its name implies,

>>> crimeware is malicious software used to initiate a crime that is

>>> typically

>>> Internet-based. During the past two years, crimeware attacks have

>>> increased

>>> at a far greater rate than the normal virus. International gangs of

>>> virus

>>> writers, hackers and spammers are joining forces to steal information

>>> and

>>> collect huge profits illegally.

>>>

>>> Read here ........ and review the graph!

>>> http://www.kaspersky.com/crimeware

>>>

>>> So ............... just how is it being done?

>>>

>>> Dave

>>>

>>>

>>>

>>>

>>>

>>>

>>>

>>

>

>

David H. Lipman · Jun 30, 2008

From: "Steve Riley [MSFT]" <steve.riley@microsoft.com>

| A comment about the "Chinese threat." It's popular to lay blame on an

| ambiguous thing called "the Chinese" whenever someone feels the need to

| restoke fear and zealotry toward "the other." However, there is very little

| real evidence that "the Chinese" are doing anything they get blamed for.

| Latest example:

| http://blog.wired.com/27bstroke6/2008/06/f...r-white-ho.html

| I've been to Beijing and Shanghai several times. China can barely keep its

| internal house in order, what with 1.3 billion people all migrating to the

| cities, a rapidly growing middle class and its attendant exacerbation of

| personal greed, and the never-before-seen blending of a market economy with

| a communist government.

| As another example of the sheer complexity at making something like modern

| China work, check out James Fallows's chronicling of the environment in

| Beijing as they prepare for the Olympics.

| http://jamesfallows.theatlantic.com/

That's not entirely true.

There is a vast network of malware being created in China and it is ever increasing.

The Chinese are spamming Usenet to death.

I'll bet the Chinese syndicate will soon be as entrenched as the RBN a few years or so.

I won't even touch the concept [in a public forum] of what the PLA is doing!

http://www.networkworld.com/news/2008/0625...rc=rss-security

Except for what the PLA is doing, it is all about one thing -- MONEY !

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Crimeware

~BD~

Guest

~BD~

Guest

Dan

Guest

Root Kit

Guest

VanguardLH

Guest

~BD~

Guest

David H. Lipman

Guest

~BD~

Guest

~BD~

Guest

David H. Lipman

Guest

Root Kit

Guest

~BD~

Guest

~BD~

Guest

Steve Riley [MSFT]

Guest

David H. Lipman

Guest