Guest ~BD~ Posted June 28, 2008 Posted June 28, 2008 Crimeware is still in its infancy with regard to the evolution of malware, and does not have an official definition. However, as its name implies, crimeware is malicious software used to initiate a crime that is typically Internet-based. During the past two years, crimeware attacks have increased at a far greater rate than the normal virus. International gangs of virus writers, hackers and spammers are joining forces to steal information and collect huge profits illegally. Read here ........ and review the graph! http://www.kaspersky.com/crimeware So ............... just how is it being done? Dave Quote
Guest ~BD~ Posted June 28, 2008 Posted June 28, 2008 Thanks for responding, Dan. Interesting thought! BD "Dan" <Dan@discussions.microsoft.com> wrote in message news:4066BDA5-0C35-444C-913D-4623DD644426@microsoft.com...<span style="color:blue"> > Well, you must remember, the hackers have computer experts on their side > as > well as their being computer experts on our side. There are a lot of > different techniques that can be used in hacking that include such things > as > port scanning to look for vulnerable ports. Unfortunately, many of these > port scans are coming from Chinese servers and whether the Chinese > government > is directly involved is unknown but would not be surprising. However, the > hackers could indeed be smart enough to route themselves through China and > make it appear the Chinese were to blame and that would indeed be really > mean > and malicious. I could go on and on but it would be too long a post. > > "~BD~" wrote: ><span style="color:green"> >> Crimeware is still in its infancy with regard to the evolution of >> malware, >> and does not have an official definition. However, as its name implies, >> crimeware is malicious software used to initiate a crime that is >> typically >> Internet-based. During the past two years, crimeware attacks have >> increased >> at a far greater rate than the normal virus. International gangs of virus >> writers, hackers and spammers are joining forces to steal information and >> collect huge profits illegally. >> >> Read here ........ and review the graph! >> http://www.kaspersky.com/crimeware >> >> So ............... just how is it being done? >> >> Dave >> >> >> >> >> >> >></span> > </span> Quote
Guest Dan Posted June 28, 2008 Posted June 28, 2008 You are most welcome. I do like grc.com that you can use with Internet Explorer to see if you have any ports that are not hidden on the first 1000+ ports by doing a scan. You can also check individual ports if you are concerned about them. Quote
Guest Root Kit Posted June 28, 2008 Posted June 28, 2008 On Sat, 28 Jun 2008 08:46:01 -0700, Dan <Dan@discussions.microsoft.com> wrote: <span style="color:blue"> >You are most welcome. I do like grc.com that you can use with Internet >Explorer to see if you have any ports that are not hidden on the first 1000+ >ports by doing a scan. </span> If by hidden you mean "stealth", how do you (with the help of mentioned tool) distinguish between a port which is filtered (or "stealthed") and a port occupied by a malware waiting for instructions on a UDP port? Quote
Guest VanguardLH Posted June 28, 2008 Posted June 28, 2008 "~BD~" in <news:#4#JejS2IHA.6096@TK2MSFTNGP06.phx.gbl> wrote: <span style="color:blue"> > Crimeware is still in its infancy with regard to the evolution of malware, > and does not have an official definition. However, as its name implies, > crimeware is malicious software used to initiate a crime that is typically > Internet-based. During the past two years, crimeware attacks have increased > at a far greater rate than the normal virus. International gangs of virus > writers, hackers and spammers are joining forces to steal information and > collect huge profits illegally. > > Read here ........ and review the graph! http://www.kaspersky.com/crimeware > > So ............... just how is it being done? > > Dave</span> First thing that came to mind when I saw Crimeware was my Smith & Wession 5606 semi-auto .45 stainless; see a picture at: http://www.gundealersonline.com/members/us...O_SW_4046_b.JPG Not mine. Mine has a lasersight and extended magazine. BANG, my crimeware works again. Dang, now I have to replace my monitor. Quote
Guest ~BD~ Posted June 28, 2008 Posted June 28, 2008 "Root Kit" <b__nice@hotmail.com> wrote in message news:oguc64d1g17d55iik4qgq28upb6664560n@4ax.com...<span style="color:blue"> > On Sat, 28 Jun 2008 08:46:01 -0700, Dan > <Dan@discussions.microsoft.com> wrote: ><span style="color:green"> >>You are most welcome. I do like grc.com that you can use with Internet >>Explorer to see if you have any ports that are not hidden on the first >>1000+ >>ports by doing a scan.</span> > > If by hidden you mean "stealth", how do you (with the help of > mentioned tool) distinguish between a port which is filtered (or > "stealthed") and a port occupied by a malware waiting for instructions > on a UDP port? ></span> I personally have no idea, John (I call people I don't know by that name; surprisingly, about 70% of the time it turns out to be correct! <g>) I've used the grc.com site on many occasions (as have several million others!) If you are aware of any other programme which can carry out a similar safety check, perhaps you'll let us know Root Kit (John!). TIA Dave Quote
Guest David H. Lipman Posted June 28, 2008 Posted June 28, 2008 From: "~BD~" <BoaterDave@nospam.invalid> | Crimeware is still in its infancy with regard to the evolution of malware, | and does not have an official definition. However, as its name implies, | crimeware is malicious software used to initiate a crime that is typically | Internet-based. During the past two years, crimeware attacks have increased | at a far greater rate than the normal virus. International gangs of virus | writers, hackers and spammers are joining forces to steal information and | collect huge profits illegally. | Read here ........ and review the graph! http://www.kaspersky.com/crimeware | So ............... just how is it being done? | Dave Most well known, RBN. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest ~BD~ Posted June 28, 2008 Posted June 28, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:uVQa5zV2IHA.5564@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > From: "~BD~" <BoaterDave@nospam.invalid> > > | Crimeware is still in its infancy with regard to the evolution of > malware, > | and does not have an official definition. However, as its name implies, > | crimeware is malicious software used to initiate a crime that is > typically > | Internet-based. During the past two years, crimeware attacks have > increased > | at a far greater rate than the normal virus. International gangs of > virus > | writers, hackers and spammers are joining forces to steal information > and > | collect huge profits illegally. > > | Read here ........ and review the graph! > http://www.kaspersky.com/crimeware > > | So ............... just how is it being done? > > | Dave > > Most well known, RBN. > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > ></span> Is this the RBN to which you refer, David H Lipman? The infamous Russian Business Network (RBN) http://blog.trendmicro.com/rbn-goes-poof/ If so ............ thank you! style_emoticons/ Dave Quote
Guest ~BD~ Posted June 28, 2008 Posted June 28, 2008 Great response .............. 10/10 for you, Vanguard! If you really do have such a weapon, for what do you use it? (Apart from assasinations, that is!) Dave "VanguardLH" <V@nguard.LH> wrote in message news:RL-dne-Cx5LvCvvVnZ2dnUVZ_q7inZ2d@comcast.com...<span style="color:blue"> > "~BD~" in <news:#4#JejS2IHA.6096@TK2MSFTNGP06.phx.gbl> wrote: ><span style="color:green"> >> Crimeware is still in its infancy with regard to the evolution of >> malware, >> and does not have an official definition. However, as its name implies, >> crimeware is malicious software used to initiate a crime that is >> typically >> Internet-based. During the past two years, crimeware attacks have >> increased >> at a far greater rate than the normal virus. International gangs of virus >> writers, hackers and spammers are joining forces to steal information and >> collect huge profits illegally. >> >> Read here ........ and review the graph! >> http://www.kaspersky.com/crimeware >> >> So ............... just how is it being done? >> >> Dave</span> > > First thing that came to mind when I saw Crimeware was my Smith & > Wession 5606 semi-auto .45 stainless; see a picture at: > > http://www.gundealersonline.com/members/us...O_SW_4046_b.JPG > > Not mine. Mine has a lasersight and extended magazine. BANG, my > crimeware works again. Dang, now I have to replace my monitor. > </span> Quote
Guest David H. Lipman Posted June 28, 2008 Posted June 28, 2008 From: "~BD~" <BoaterDave@nospam.invalid> | Is this the RBN to which you refer, David H Lipman? | The infamous Russian Business Network (RBN) | http://blog.trendmicro.com/rbn-goes-poof/ | If so ............ thank you! style_emoticons/ | Dave Read ALL of the following. You like conspiracies, this will keep 'ya busy. http://en.wikipedia.org/wiki/Russian_Business_Network http://rbnexploit.blogspot.com/ http://www.spamhaus.org/rokso/listing.lass...iness%20Network http://www.crime-research.org/analytics/cybercrime1302/ -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Root Kit Posted June 29, 2008 Posted June 29, 2008 On Sat, 28 Jun 2008 21:04:35 +0100, "~BD~" <BoaterDave@nospam.invalid> wrote: <span style="color:blue"> > >"Root Kit" <b__nice@hotmail.com> wrote in message >news:oguc64d1g17d55iik4qgq28upb6664560n@4ax.com...<span style="color:green"> >> On Sat, 28 Jun 2008 08:46:01 -0700, Dan >> <Dan@discussions.microsoft.com> wrote: >><span style="color:darkred"> >>>You are most welcome. I do like grc.com that you can use with Internet >>>Explorer to see if you have any ports that are not hidden on the first >>>1000+ >>>ports by doing a scan.</span> >> >> If by hidden you mean "stealth", how do you (with the help of >> mentioned tool) distinguish between a port which is filtered (or >> "stealthed") and a port occupied by a malware waiting for instructions >> on a UDP port? >></span> > >I personally have no idea, John (I call people I don't know by that name; >surprisingly, about 70% of the time it turns out to be correct! <g>)</span> Maybe it's because you can't. If you didn't deal with this foolish "stealth" security theater, you would. What you want is to avoid unnecessary open ports. Whether they are otherwise closed or "stealthed" makes no difference in terms of security. "Stealth" only makes you feel better. <span style="color:blue"> >I've used the grc.com site on many occasions (as have several million >others!) </span> Since when did volume say anything about quality? ShieldsUp is mainly a promotion tool. SU is good for one thing and one thing only: To quickly check if some kind of packet filter is in place either on your machine or somewhere upstream. That's it. Nothing more. <span style="color:blue"> >If you are aware of any other programme which can carry out a >similar safety check, perhaps you'll let us know Root Kit (John!). TIA</span> Well, how about first of all checking your listening sockets on the machine itself by using something as simple as the cmd netstat? - Or for a more graphic experience use "TCPview" from MS-sysinternals or my personal favorite "CurrPorts" from NirSoft. These will tell you all you need to know about what services are listening on what ports. For best security, you should have only the ones absolutely necesaary. If you then want to check from the outside to see if those are available or filtered, at least use an nmap-based service like the one available at http://www.linux-sec.net/Audit/nmap.test.gwif.html And always remember that if you connect through some kind of gateway (e.g. a router), that's the one being examined and not your machine itself. Quote
Guest ~BD~ Posted June 29, 2008 Posted June 29, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:eBT$YPX2IHA.416@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > From: "~BD~" <BoaterDave@nospam.invalid> > > > | Is this the RBN to which you refer, David H Lipman? > | The infamous Russian Business Network (RBN) > | http://blog.trendmicro.com/rbn-goes-poof/ > > | If so ............ thank you! style_emoticons/ > > | Dave > > Read ALL of the following. You like conspiracies, this will keep 'ya > busy. > > http://en.wikipedia.org/wiki/Russian_Business_Network > > http://rbnexploit.blogspot.com/ > > http://www.spamhaus.org/rokso/listing.lass...iness%20Network > > http://www.crime-research.org/analytics/cybercrime1302/ > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > ></span> Many thanks for the links, David. I've had a brief look and will explore further when time permits. Others reading here may just be interested too! Cheers BD Quote
Guest ~BD~ Posted June 29, 2008 Posted June 29, 2008 "Root Kit" <b__nice@hotmail.com> wrote in message news:tsge645qsn674u3slk7e6ac5u4gi1uv4it@4ax.com...<span style="color:blue"> > On Sat, 28 Jun 2008 21:04:35 +0100, "~BD~" <BoaterDave@nospam.invalid> > wrote: ><span style="color:green"> >> >>"Root Kit" <b__nice@hotmail.com> wrote in message >>news:oguc64d1g17d55iik4qgq28upb6664560n@4ax.com...<span style="color:darkred"> >>> On Sat, 28 Jun 2008 08:46:01 -0700, Dan >>> <Dan@discussions.microsoft.com> wrote: >>> >>>>You are most welcome. I do like grc.com that you can use with Internet >>>>Explorer to see if you have any ports that are not hidden on the first >>>>1000+ >>>>ports by doing a scan. >>> >>> If by hidden you mean "stealth", how do you (with the help of >>> mentioned tool) distinguish between a port which is filtered (or >>> "stealthed") and a port occupied by a malware waiting for instructions >>> on a UDP port? >>></span> >> >>I personally have no idea, John (I call people I don't know by that name; >>surprisingly, about 70% of the time it turns out to be correct! <g>)</span> > > Maybe it's because you can't. If you didn't deal with this foolish > "stealth" security theater, you would. What you want is to avoid > unnecessary open ports. Whether they are otherwise closed or > "stealthed" makes no difference in terms of security. "Stealth" only > makes you feel better. ><span style="color:green"> >>I've used the grc.com site on many occasions (as have several million >>others!)</span> > > Since when did volume say anything about quality?</span> OK - you win! style_emoticons/ <span style="color:blue"> > > ShieldsUp is mainly a promotion tool. SU is good for one thing and one > thing only: To quickly check if some kind of packet filter is in place > either on your machine or somewhere upstream. That's it. Nothing more. ><span style="color:green"> >>If you are aware of any other programme which can carry out a >>similar safety check, perhaps you'll let us know Root Kit (John!). TIA</span> > > Well, how about first of all checking your listening sockets on the > machine itself by using something as simple as the cmd netstat?</span> I'd never come across this before ............ I've found http://technet.microsoft.com/en-gb/library...echNet.10).aspx and will explore further IDC. Thanx. - Or<span style="color:blue"> > for a more graphic experience use "TCPview" from MS-sysinternals</span> I found this:- http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx and have downloaded same. I've had a quick look, but will study later. Many thanks. style_emoticons/ or my<span style="color:blue"> > personal favorite "CurrPorts" from NirSoft.</span> I found it here: http://www.nirsoft.net/utils/cports.html Again, I've had a quick look, but will study later. Many thanks. style_emoticons/ <span style="color:blue"> > > These will tell you all you need to know about what services are > listening on what ports. For best security, you should have only the > ones absolutely necesaary. If you then want to check from the outside > to see if those are available or filtered, at least use an nmap-based > service like the one available at > http://www.linux-sec.net/Audit/nmap.test.gwif.html</span> I've had a quick look. Never seen it before! Lots to investigate. Thank you once more! style_emoticons/ <span style="color:blue"> > > And always remember that if you connect through some kind of gateway > (e.g. a router), that's the one being examined and not your machine > itself. ></span> I do use a router ............... and connect wirelessly. There's a lot to learn about 'computing' - when I started to learn they had thermionic valves and the transistor was in its infancy! How things have changed! I really appreciate your guidance, John. (That's Root Kit, aka Straight Talk, I believe!) Thank you. BD Quote
Guest Steve Riley [MSFT] Posted June 30, 2008 Posted June 30, 2008 A comment about the "Chinese threat." It's popular to lay blame on an ambiguous thing called "the Chinese" whenever someone feels the need to restoke fear and zealotry toward "the other." However, there is very little real evidence that "the Chinese" are doing anything they get blamed for. Latest example: http://blog.wired.com/27bstroke6/2008/06/f...r-white-ho.html I've been to Beijing and Shanghai several times. China can barely keep its internal house in order, what with 1.3 billion people all migrating to the cities, a rapidly growing middle class and its attendant exacerbation of personal greed, and the never-before-seen blending of a market economy with a communist government. As another example of the sheer complexity at making something like modern China work, check out James Fallows's chronicling of the environment in Beijing as they prepare for the Olympics. http://jamesfallows.theatlantic.com/ -- Steve Riley steve.riley@microsoft.com http://blogs.technet.com/steriley http://www.protectyourwindowsnetwork.com "~BD~" <BoaterDave@nospam.invalid> wrote in message news:ORnz62S2IHA.1772@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > Thanks for responding, Dan. > > Interesting thought! > > BD > > "Dan" <Dan@discussions.microsoft.com> wrote in message > news:4066BDA5-0C35-444C-913D-4623DD644426@microsoft.com...<span style="color:green"> >> Well, you must remember, the hackers have computer experts on their side >> as >> well as their being computer experts on our side. There are a lot of >> different techniques that can be used in hacking that include such things >> as >> port scanning to look for vulnerable ports. Unfortunately, many of these >> port scans are coming from Chinese servers and whether the Chinese >> government >> is directly involved is unknown but would not be surprising. However, >> the >> hackers could indeed be smart enough to route themselves through China >> and >> make it appear the Chinese were to blame and that would indeed be really >> mean >> and malicious. I could go on and on but it would be too long a post. >> >> "~BD~" wrote: >><span style="color:darkred"> >>> Crimeware is still in its infancy with regard to the evolution of >>> malware, >>> and does not have an official definition. However, as its name implies, >>> crimeware is malicious software used to initiate a crime that is >>> typically >>> Internet-based. During the past two years, crimeware attacks have >>> increased >>> at a far greater rate than the normal virus. International gangs of >>> virus >>> writers, hackers and spammers are joining forces to steal information >>> and >>> collect huge profits illegally. >>> >>> Read here ........ and review the graph! >>> http://www.kaspersky.com/crimeware >>> >>> So ............... just how is it being done? >>> >>> Dave >>> >>> >>> >>> >>> >>> >>></span> >></span> > > </span> Quote
Guest David H. Lipman Posted June 30, 2008 Posted June 30, 2008 From: "Steve Riley [MSFT]" <steve.riley@microsoft.com> | A comment about the "Chinese threat." It's popular to lay blame on an | ambiguous thing called "the Chinese" whenever someone feels the need to | restoke fear and zealotry toward "the other." However, there is very little | real evidence that "the Chinese" are doing anything they get blamed for. | Latest example: | http://blog.wired.com/27bstroke6/2008/06/f...r-white-ho.html | I've been to Beijing and Shanghai several times. China can barely keep its | internal house in order, what with 1.3 billion people all migrating to the | cities, a rapidly growing middle class and its attendant exacerbation of | personal greed, and the never-before-seen blending of a market economy with | a communist government. | As another example of the sheer complexity at making something like modern | China work, check out James Fallows's chronicling of the environment in | Beijing as they prepare for the Olympics. | http://jamesfallows.theatlantic.com/ That's not entirely true. There is a vast network of malware being created in China and it is ever increasing. The Chinese are spamming Usenet to death. I'll bet the Chinese syndicate will soon be as entrenched as the RBN a few years or so. I won't even touch the concept [in a public forum] of what the PLA is doing! http://www.networkworld.com/news/2008/0625...rc=rss-security Except for what the PLA is doing, it is all about one thing -- MONEY ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.