yes ok dude..whatever.. i dun really care, i have my own opinion, you have yours. goodbye.,
On 11 October 2011 20:29, Christian Sciberras <[email protected]> wrote: > If you ask me, you sound like bragging on something you wrote. > > Either that, or you're clueless to what you are saying. > > Just because my younger brother won't understand 5 lines of code I wrote > doesn't make my 5 liner smart... > Applying the analogy here, just because they're possibly clueless to how OS > internals work doesn't mean the virus is doing anything particularly smart. > > > > > > > > > On Tue, Oct 11, 2011 at 1:55 AM, xD 0x41 <[email protected]> wrote: > >> Is obvious, this is a very well made executable :) >> Or, set up well to spread and then hide, and doing so with even its phone >> home, wich is normal nowdays, for example consider an ircd, it uses >> PING/PONG, what if you change the rfc, and use ascii characters,then do this >> to the bot, remove USER mode completely only allow it for set modes/opers, >> and then try take the thing down, if it is connected thru about 40 different >> ips and does not rely on dynami dns... >> it is not impossible, it is happening now, and, it is also visible, >> however, these c7c centres are so advanced, Ids are just not getting enough >> info...you cannot do a thing on the properly modified control centres, and, >> i have seen that code, it is extremely modified version of ircd... it cannot >> be used by a NOn operator, and uses a totally different rfc to phopne home >> etc, thus making conventional methods used atm, useless... as they will >> loook for the strings that they know, and always ids will perform some >> string of commands, and, then slowly the operator sees the servers, and one >> by one he blocks YOU out of his network. >> This is a dog eat dog world, bot masters can be exceptionallt ingenious >> when it comes to these things, and masking an exe nowdays, is not as simple >> as some peoples SFX rar kits :) >> So even kits nowdays, can be way more advanced than 2008/2009 even... >> there has been a burst of tech, so there is also a burst in virus >> numbers... but, smart c&c centres, you wont take down so easily, and they >> will move before you can even decrypt theyre settings... wich is exactly why >> stuxnet is non stoppable.. unless the owner shuuts it down, it wont be >> killed.. >> xd >> >> >> >> >> On 11 October 2011 10:45, Bob Dobbs <[email protected]> wrote: >> >>> On Mon, Oct 10, 2011 at 4:31 PM, Michael Schmidt <[email protected] >>> > wrote: >>> >>>> If its bot net code and it is behind an air barrier then it will never >>>> phone home. They >>>> >>> >>> It already broke the "air wall" to get in. It can certainly do so to get >>> out. >>> >>> Bob >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
