Re: [botnets] danmec download point
Dancmec/Asprox more or less ripped off the automated SQL injection attack idea but this one is not Asprox/Danmec. Appears to be one of the Chinese malware sites. Successful exploit results in download of: hxxp://www.ppexe.com/csrss/rondll32.exe [b2691d9b4f5e6cd89d14cd4511dbe003] - which is relatively old file now We (mostly Mike with help from others) keep an updated list of the various SQL injected domains Asprox/Danmec or otherwise at this URL if you're interested: http://www.shadowserver.org/wiki/uploads/Calendar/sql-inj-list.txt Steven On Fri, 29 Aug 2008 11:48:11 -0500, "Brack o'Malley" <[EMAIL PROTECTED]> wrote: > I harvested > 1700 sql injection attempts by danmec related infectors. > targets included >200 exposed honeypots (er, oops , I mean "client > maintained servers") dispersed across widely varied address ranges. In > every case this URL was the download point: > http://www0.douhunqn.cn/csrss/w.js > > > > > brack > > ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] URL formats
hxxp:// for the most part is the standard. If people have reasons not to use it then they should provide it. That being said I did get an e-mail from someone earlier in response to my suggestions of hxxp:// stating that they had seen an HTML-aware client that attempted to help out and took a site like hxxp://www.site.com and turned the www.site.com into a hyperlink to the site and left the hxxp:// as-is. I haven't come across this, but if that's a widespread issue then maybe it's one to take into account. Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Lee Sent: Thursday, August 28, 2008 8:54 PM To: botnets@whitestar.linuxbox.org Subject: Re: [botnets] URL formats hxxp seems to be advantageous for a few reasons: 1. you can still cut and paste the url 2. the protocol handlers won't load it up if you accidently click on it 3. you can add a protocol handler for hxxp for whatever you want 4. easier to recognize domains and patterns (rather than rotted urls) 5. already widely accepted in spam fighting groups 6. trivial to do and undo with no exception cases I figured I'd put down my thoughts to try to help a standard to move forward. On Aug 28, 2008, at 7:07 PM, silky wrote: > On Fri, Aug 29, 2008 at 3:32 AM, Chris Burton <[EMAIL PROTECTED]> wrote: >> Hi, >> I was wondering if it would be more helpful if we could propose a >> "standard" >> for posting broken URLs with some form of start/end indicator to >> allow >> easier automated processing from the listings? > > I was thinking that it would be nice to post them just rot13'd. Still > trivially decoded (i use leetkey add-in in ff) but not picked up by > indexers/etc. Advantage is that it can still be searched for common > patterns. > > >> ChrisB. > > > -- > noon silky > http://www.themonkeynet.com/armada/ > ___ > botnets@, the public's dumping ground for maliciousness > All list and server information are public and available to law > enforcement upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] URL formats
heh I think this is a discussion that's been had many times. A lot of people use and I am in favor of obfuscating http links with: hxxp://urlformat then for any URLs that have sensitive info that you want to still post use , example: http://www.some.site/keylog.php?blah=1&IP=10.10.10.10 could be made into hxxp://www.some.site/keylog.php?blah=1&IP= Just a few suggestions. Maybe an RFC is in order? :D Steven On Thu, 28 Aug 2008 18:32:16 +0100, "Chris Burton" <[EMAIL PROTECTED]> wrote: > Hi, > I was wondering if it would be more helpful if we could propose a > "standard" for posting broken URLs with some form of start/end indicator > to > allow easier automated processing from the listings? > > ChrisB. > > > ___ > botnets@, the public's dumping ground for maliciousness > All list and server information are public and available to law > enforcement upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] [phishing] XP update phish/malware
It seems Imageshack with malicious or at least abusive Flash files is getting more popular. We saw a similar attack, yet far less malicious, on Facebook last week. User's walls were spammed with a messae about someone having a crush on them with a link to an Imageshack flash file. The file then did a full redirect to a dating website. The bad guys are both simply just using them as a jumping point and in some cases playing off of their [somewhat] trusted name. Steven On Thu, 28 Aug 2008 09:18:12 -0400, "Discini, Sonny" <[EMAIL PROTECTED]> wrote: > Here is another XP/Vista download link: > > ht tp://img 182.imageshack.us/img182/7145/47024671do7 .swf > > -- > Steve > > > > I had a bunch of that come through in 3 separate waves yesterday. > > The malware download pointed to: > Hxxp://89.187.49.18/install.exe > > Note that the payload is known to Sophos so I'm assuming that most of > the other big players also pick it up. Nothing new. > > Sonny > > Sonny Discini, Senior Network Security Engineer > Office of the CIO > Department of Technology Services > Montgomery County Government > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve Pirk > Sent: Thursday, August 28, 2008 7:13 AM > To: [EMAIL PROTECTED] > Cc: Botnets > Subject: Re: [phishing] XP update phish/malware > > > Equal bytes for women. > > On Wed, 27 Aug 2008, Steve Pirk wrote: > >> Here are some links related to a XP update phish/malware download. >> >> Image or payload? >> ht tp://img 504.imageshack.us/img504/6262/23031231ob0 .swf >> >> That was the only link in the email. >> -- >> Steve >> Equal bytes for women. ___ >> phishing mailing list >> [EMAIL PROTECTED] >> http://www.whitestar.linuxbox.org/mailman/listinfo/phishing >> > ___ > phishing mailing list > [EMAIL PROTECTED] > http://www.whitestar.linuxbox.org/mailman/listinfo/phishing > ___ > botnets@, the public's dumping ground for maliciousness > All list and server information are public and available to law > enforcement upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] reviving this list, allowing sharing
I agree here. It'd be a bit much and cause people to unsubscribe if there's not some digest type format. The malware would still have to be sandboxed in some fashion to be overly relevant. Just having information from nepenthes will give you limited information. Also, unless there's a way to keep duplicate information from making its way to the list, it would be extremely noisy with tons of reports on the same thing. Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Pleger Sent: Wednesday, August 27, 2008 9:56 PM To: Jeremy Cc: botnets@whitestar.linuxbox.org Subject: Re: [botnets] reviving this list, allowing sharing I think that is a bit too high volume for this list, maybe throwing honeypot logs to an aggregator and then sending a daily digest would be more appropriate. James Pleger e: [EMAIL PROTECTED] On Wed, Aug 27, 2008 at 6:10 PM, Jeremy <[EMAIL PROTECTED]> wrote: > I propose that each and every one of us on this list configure our > nepenthes boxes with the email address of this distribution list, so > we can share information about new botnet clients in real time. > > Thoughts? > > -Jeremy > > On Wed, Aug 27, 2008 at 4:41 PM, Gadi Evron <[EMAIL PROTECTED]> wrote: >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> -- >> Hi. When this list was started a while back a lot of sharing and discussion >> was happening. >> >> This make us take a step back at the time. Today, when most of this >> information can do far more good than harm, it is my strong belief open >> information sharing on botnets, malcious web sites and similar subjects will >> be useful. >> >> Feel free to share data, and let's see how it goes. We, on our end will work >> to mitigate the risks you send in. >> >> Who is first? >> >>Gadi. >> ___ >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> All list and server information are public and available to law enforcement >> upon request. >> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets >> > > > > -- > -BEGIN PGP SIGNATURE- > Version: 1.0 > > 5468657365206172656E27742074686520626F747320796F75277265206C6F6F > 6B696E6720666F722E2E2E746865792063616E20676F2061626F757420746865 > 697220627573696E6573732E2E2E6D6F766520616C6F6E672E2E2E00 > -END PGP SIGNATURE- > ___ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] (broadband routers) PC World: Flash Attack Could TakeOver Your Router
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- How are you defining network operators? Do you mean by the normal [in most cases home] user? Apparently flash is able to allow UPnP access per PDP's posting at www.gnucitizen.org. Apparently this is not a flaw and is a feature (we've heard that before) of Flash and works as advertised. However, most of the broadband routers have UPnP open by default, so all a malicious SWF file has to do is start taking action via UPnP from your Linksys/NetGear/D-Link/etc. home router. You might want to look into disabling this function as it apparently doesn't support any form of authentication. Steven On Wed, 16 Jan 2008 12:10:40 -0600 (CST), Gadi Evron <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > -- > Props to Jeff Chan who I saw it from. > > Yes, I still believe these ISP distributed machines called broadband > routers > are a network operators issue. But not all may agree on that. > > -- > http://news.yahoo.com/s/pcworld/20080116/tc_pcworld/141399 > > Flash Attack Could Take Over Your Router > > Robert McMillan, IDG News Service Tue Jan 15, 7:08 PM ET > > Security researchers have released code showing how a pair of widely used > technologies could be misused to take control of a victim's Web browsing > experience. > > The code, published over the weekend by researchers Adrian Pastor and > Petko > Petkov, exploits features in two technologies: The Universal Plug and Play > (UPnP) protocol, which is used by many operating systems to make it easier > for > them to work with devices on a network; and Adobe Systems' Flash > multimedia > software. > > By tricking a victim into viewing a malicious Flash file, an attacker > could use > UPnP to change the primary DNS (Domain Name System) server used by the > router > to find other computers on the Internet. This would give the attacker a > virtually undetectable way to redirect the victim to fake Web sites. For > example, a victim with a compromised router could be taken to the > attacker's > Web server, even if he typed Citibank.com directly into the Web browser > navigation bar. > > "The most malicious of all malicious things is to change the primary DNS > server," the researchers wrote. "That will effectively turn the router and > the > network it controls into a zombie which the attacker can take advantage of > whenever they feel like it." > > Because so many routers support UPnP, the researchers believe that "ninety > nine > percent of home routers are vulnerable to this attack." > > In fact, many other types of UPnP devices, such as printers, digital > entertainment systems and cameras are also potentially at risk, they added > in a > Frequently Asked Questions Web page explaining their research. > [...] > ___ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law > enforcement upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] New "Storm" variant
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi Chato, These two domains are part of the original 13 that were registered with ESTDOMAINS (not nic.ru) and they should currently all be in a suspended state. Steven On Tue, 08 Jan 2008 00:24:20 +0100, "Chato H. Flores" <[EMAIL PROTECTED]> wrote: > > I add two domains to the list: > > ptowl.com > yxbegan.com > > > Best regards, > > Chato Flores > > > > > On Mon, 07 Jan 2008 23:13:57 +0100 Steven Adair > <[EMAIL PROTECTED]> wrote: >>To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>-- >> >>Adriel, >> >>The quick goal would be to get them (nic.ru) to suspend the 15 >>domains that are currently active: >> >>* familypostcards2008.com >>* freshcards2008.com >>* happy2008toyou.com >>* happycards2008.com >>* happysantacards.com >>* hellosanta2008.com >>* hohoho2008.com >>* merrychristmasdude.com >>* newyearcards2008.com >>* newyearwithlove.com >>* parentscards.com >>* postcards-2008.com >>* santapcards.com >>* santawishes2008.com >>* uhavepostcard.com >> >>If I missed one, please feel free to add it. Other than that, the >>goal I supposed would be to have more open communication with them >>as it seems no one is getting a response back. I know I haven't >>received one. >> >>Steven >> >>On 1/7/08 5:07 PM, "Adriel Desautels" <[EMAIL PROTECTED]> >>wrote: >> >>> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>> -- >>> John, >>> I may know some people in Russia that can help. What would you >>like me >>> to request? >>> >>> Regards, >>> Adriel T. Desautels >>> Chief Technology Officer >>> Netragard, LLC. >>> Office : 617-934-0269 >>> Mobile : 617-633-3821 >>> http://www.linkedin.com/pub/1/118/a45 >>> a >>> --- >>> Netragard, LLC - http://www.netragard.com - "We make IT Safe" >>> Penetration Testing, Vulnerability Assessments, Website Security >>> >>> >>> John Draper wrote: >>>> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>>> -- >>>> Richard Cox wrote: >>>>> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>>>> -- >>>>> The new instance of the "Storm" worm launched on Christmas Eve >>is already >>>>> having a major impact (see >>http://www.spamhaus.org/news.lasso?article=624) >>>>> >>>>> Whoever planned this worm attack was clever - he ran all his >>malware >>>>> domains (which the victims click on to download their >>"greetings cards" >>>>> - aka trojans) on fast-flux (botnet) hosting, relying on the >>Russian >>>>> ccTLD (nic.ru) to do the updates. Unfortunately for all of >>us, nic.ru >>>>> is closed for Christmas and New Year - not returning until >>January 9th. >>>>> >>>>> Many people have tried to contact nic.ru, both by telephone >>(during their >>>>> advertised opening times) and by email but nic.ru do not >>reply. Ten more >>>>> days of infection - at the very least - will get that guy one >>huge botnet >>>>> and I know I don't need to mention what that sort of power >>could do. >>>>> >>>>> If anyone DOES know of an emergency process to contact nic.ru, >>could >>>>> they either use it, post it here, and/or mail me directly with >>it? >>>>> >>>>> Thanks - and seasonal greetings all round! >>>>> >>>>> Best regards >>>>> >>>>> >>>> Darn - my last Russian contact left the country last year... >>Don't know >>>> anyone who lives in Moscow anymore or I would have them >>physically >>>> go to there they are and contact them... >>>> >>>> Also, calling Russian ISP's (assuming you get around the >>language barrior) >>>> can be daunting... VIOP and other cheap means to call Russia >>aside, is >>>> still >>>> rather difficult. >>>> >>>> Also, I hear a lot of Russian ISP's are "on th
Re: [botnets] New "Storm" variant
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Adriel, The quick goal would be to get them (nic.ru) to suspend the 15 domains that are currently active: * familypostcards2008.com * freshcards2008.com * happy2008toyou.com * happycards2008.com * happysantacards.com * hellosanta2008.com * hohoho2008.com * merrychristmasdude.com * newyearcards2008.com * newyearwithlove.com * parentscards.com * postcards-2008.com * santapcards.com * santawishes2008.com * uhavepostcard.com If I missed one, please feel free to add it. Other than that, the goal I supposed would be to have more open communication with them as it seems no one is getting a response back. I know I haven't received one. Steven On 1/7/08 5:07 PM, "Adriel Desautels" <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > -- > John, > I may know some people in Russia that can help. What would you like me > to request? > > Regards, > Adriel T. Desautels > Chief Technology Officer > Netragard, LLC. > Office : 617-934-0269 > Mobile : 617-633-3821 > http://www.linkedin.com/pub/1/118/a45 > a > --- > Netragard, LLC - http://www.netragard.com - "We make IT Safe" > Penetration Testing, Vulnerability Assessments, Website Security > > > John Draper wrote: >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> -- >> Richard Cox wrote: >>> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>> -- >>> The new instance of the "Storm" worm launched on Christmas Eve is already >>> having a major impact (see http://www.spamhaus.org/news.lasso?article=624) >>> >>> Whoever planned this worm attack was clever - he ran all his malware >>> domains (which the victims click on to download their "greetings cards" >>> - aka trojans) on fast-flux (botnet) hosting, relying on the Russian >>> ccTLD (nic.ru) to do the updates. Unfortunately for all of us, nic.ru >>> is closed for Christmas and New Year - not returning until January 9th. >>> >>> Many people have tried to contact nic.ru, both by telephone (during their >>> advertised opening times) and by email but nic.ru do not reply. Ten more >>> days of infection - at the very least - will get that guy one huge botnet >>> and I know I don't need to mention what that sort of power could do. >>> >>> If anyone DOES know of an emergency process to contact nic.ru, could >>> they either use it, post it here, and/or mail me directly with it? >>> >>> Thanks - and seasonal greetings all round! >>> >>> Best regards >>> >>> >> Darn - my last Russian contact left the country last year... Don't know >> anyone who lives in Moscow anymore or I would have them physically >> go to there they are and contact them... >> >> Also, calling Russian ISP's (assuming you get around the language barrior) >> can be daunting... VIOP and other cheap means to call Russia aside, is >> still >> rather difficult. >> >> Also, I hear a lot of Russian ISP's are "on the take" and cater to a >> lot of fraud >> and other activities... >> >> Good luck in your venture... and find someone who speaks fluent Russian for >> starters... >> >> John >> ___ >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> All list and server information are public and available to law enforcement >> upon request. >> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > ___ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] mech config captured today
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Just taking a wild stab in the dark, I'd bet on SSH brute force. A number of groups on Undernet (Romanian ones especially) are known to SSH brute force attack boxes and then install mech and put up a bunch of clones in an IRC channel from the box. Here's a nice example of the classic scenario (sometimes it's more automated though): http://lists.virus.org/dshield-0407/msg00193.html Steven On Fri, 16 Nov 2007 12:08:49 -0500, Adriel Desautels <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > -- > ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] mac trojan in-the-wild
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- On Sat, 3 Nov 2007 13:54:44 -0400, "Mr. X" <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > -- > Dude, you gotta get over yourself. The fact that the mac os x > operating system has no viruses is not the "fault" of the user base. > And the tirades of the told-you-so's are petty and so OT let's just > get back to info on botnets. Anyone targeting the Mac or Linux base is I agree they are OT but technically isn't this entire thread, regardless of the view point? AFAIK there is not presently any botnet associated with this mac trojan or any variants of it as this time. There's definitely potential but no connection, otherwise we could be discussing any piece of malware on this list. > clearly doing it not to add bots (doesnt even make sense numbers wise) > but for exactly this response, seeing their handiwork talked about ad- > nauseum on CNN and with the shoe banging security websites and > slashdot windows users smugly yelling "I was right!" > > Sorry, but enough is enough gang. > > D > > On Nov 3, 2007, at 10:35 AM, "Dave Ellingsberg" > <[EMAIL PROTECTED] > > wrote: > >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> -- >> This is not so much a SE issue as it is a pure of heart issue. For >> way too long the Mac has been invincible, I can click on anything, >> you can not hurt me! This adds to the newbie issue as those buying >> into the gullible mac attitude are invincible! So it adds to the >> End-Loser problem. Now we see a shift in targeting and lo the >> invincible are to be subjected to the Kryptonite of the Internet >> underworld. And without the antibodies of common sense that those >> of us who have prowled the gutters of the mighty M$. >> >> There is no way to wake up those who have come to slurp up the >> invincible theme anymore than you can change that attitude of those >> who think M$ is better because it is a GUI interface to servers an >> therefore anyone can do it safe and secure [well I have not heard >> those last two things come up when it time to switch!]. >> >> Most on this list have years of experience supporting groups of the >> above, in all 4 categories. >> We are called on to clean up the messes after the clickers and >> planners. We are all reactive in one way or another. Keep thinking >> about it, ProActive is really not attainable, but its a good goal! >> >> bigfoot. >> >> >> >> ___ >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> All list and server information are public and available to law >> enforcement upon request. >> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > ___ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law > enforcement upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] re MAC trojan
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Not sure this is necessariyl true, but that's beside the point as I'm sure we could have hundreds of witty replies all day long going both ways. The point is this requires user interaction to infect a machine. I am not seeing the part where unpatched vulnerabilities come into play with this. This is no different than if someone had a malicious package sent for download. It requires the user to consent to install something bad.. this isn't a drive-by-exploit targeting all macs like MPack for primarily IE & Windows.. not yet anyway. It's a good thing to be on the look out for though, however it's not the end of the internets. Steven On Thu, 01 Nov 2007 16:35:11 +0200, Interspace System Department <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > -- > Gadi Evron пишет: >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> -- >> On Thu, 1 Nov 2007, Gary Flynn wrote: >> >>> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>> -- >>> >>> This is nothing more than simple downloadable malware exacerbated >>> somewhat by permissive configuration settings. It exploits no >>> security defects. >>> >>> As I understand it, the operator is given multiple opportunities >>> to refuse the program: >>> >> >> Yes, but it's who uses it and how that matters. >> > Relax. MAC users are not that stupid as MS users... > >> >> >>> http://www.jmu.edu/computing/security/#macmalware >>> >>> (I'm only subscribed to the archive so I apologize if this >>> has been already pointed out or already proven incorrect >>> today) >>> >>> ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
