Billy,
As FD's foremost expert on virii, can you answer a question for me? Is
it possible that this is one of Polly Morfick's viruses? They can change ports,
right? After seeing your discovery, I too found a computer at home trying to infect
the Internet with the 443 virus. Though I too have
> 2) Make sure you buy the security option with the servers. The XOR
> isn't protected if you don't, and that's just basically bad. Security
> starts at the bottom.
that's right way down like the bottom of the some thing nasty like
> 3) Make sure those servers use 3-phase current, since data
"They brought a cave troll!"
-- Boromir
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Hi Bill!
Hey, if you've got a blank check and maybe starting from scratch,
here's a few tips to make sure everything goes smoothly! Free advice
from expert consultant since 2003!
1) When you buy those Sun computers, make sure they all weigh the
same. This is because you have to balance the load
On Thursday 10 June 2004 2:06 pm, Billy B. Bilano wrote:
> Since you can't get rid of a virus like this we are going to get rid of
> the Windows! The CEO told me to get rid of the virus and get the servers
> back up at whatever the cost! So now that I have a blank check I am
> going to do what's r
SCE, CCNA
<http://www.bilano.biz/>
Expert Sysadmin Since 2003!
'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS
- Original Message -----
From: "Sean Crawford" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 10, 2004 9:35 AM
Subject: RE: [Ful
On Fri, 11 Jun 2004 00:35:31 +1000, Sean Crawford <[EMAIL PROTECTED]> said:
> Does anyone keep track of the record number of bites in a thread to a
> Trolling run...this would have to be close to a record...
Maybe here in the minor leagues. Wander over to Slashdot or Usenet
sometime, where the p
Does anyone keep track of the record number of bites in a thread to a
Trolling run...this would have to be close to a record...
A rather successful fishing trip Bilanowhat's the catch weigh in as??...
--> Angoitia
-->
--> dont feed the clown!
-->
-->
>> I've been in IT for many years and I am now IT
>> Director here at
>> the bank... I would think that I would know what "ssl" would be. I don't
>> think this worm has anything to do with whatever "ssl" is. Does
>> anybody even
>> still use ssl? That's probably why the hackers chose it.
>is thi
dont feed the clown!
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> Steve,
>
> Sorry to say but it is not! I checked my incoming traffic again
> this morning
> and the attack on port 443 is still coming in full steam ahead! I
> don't know
COULDN'T THIS BE A SSL DENIAL OF SERVICE ATTACK? ssl requires quite a lot of resourses
and if u have a web server runn
> I've been in IT for many years and I am now IT
> Director here at
> the bank... I would think that I would know what "ssl" would be. I don't
> think this worm has anything to do with whatever "ssl" is. Does
> anybody even
> still use ssl? That's probably why the hackers chose it.
is this flaim
s/hope/sanity
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
(Lessions learned: You can save a lot of time by
- Having multiple cryptographically timestamped versions of every file
- Using BSD securelevels and append-only logfiles)
You can also save a lot of time by knowing what services you are running ;p
On that note, perhaps its time to let this thread
--On Tuesday, June 08, 2004 11:51:29 AM -0500 "Billy B. Bilano"
<[EMAIL PROTECTED]> wrote:
Mike,
I don't see anything funny about it! We could be looking at a virus the
likes of which we have never, ever seen before!
Hackers and scripter kiddies are getting crazier by the day! It was only a
matte
Actually, if anyone took the time to visit Mr. Balony's (sorry,
Bilano's) blog, they might just figure out that he is, in fact,
brilliantly funny. This little experiment in social engineering has
been extremely humorous, and I have to say, says a lot about the
reactive nature of security folks in
Hi,
> Also, right before I wrote this message I blocked port 443 in and out on our
> firewall at the bank! I will be going over these servers very carefully
> tonight to look for anything wacky or goofy.
This kind of reminds me of one fine day, when I was greeted by the words
"This system
mark wrote:
I found the fix for it.
http://tinyurl.com/37p35
Failing that, there is always the old trusty:
http://www.fiftythree.org/etherkiller/
Which, like yours, is a holistic solution..
--
dk
___
Full-Disclosure - We believe in it.
Charter: http://
On Tue, 08 Jun 2004 21:38:07 -0700
Jerry Heidtke <[EMAIL PROTECTED]> wrote:
> Crypto's not new. We had an outbreak in Milwaukee 11 years ago. It's not
> a virus, nor a worm, however. It's an amoeba!
>
> It caused a lot of "traffic" on certain "ports".
Hehehe...wasn't that in The Onion too? :)
On Tue, 2004-06-08 at 18:11, William Warren wrote:
> this is highly shortsighted..well maybe not..if you do not have any
> users who do not use https...:)
>
Sounds like a perfectly good idea to me.
If the OP is serious, then he will be taught, in one of the better,
longer lasting ways, a good dea
> -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Micah
> > McNelly
> > Sent: Tuesday, June 08, 2004 4:32 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Full-Disclosure] Possible First Crypto Virus
Definitely
> >
Crypto's not new. We had an outbreak in Milwaukee 11 years ago. It's not
a virus, nor a worm, however. It's an amoeba!
It caused a lot of "traffic" on certain "ports".
http://www.jsonline.com/news/metro/apr03/131542.asp
http://disted.mcw.edu/mpm/epidemic/milwaukee/Cryptosporidium/Chapter1/titlepa
I found the fix for it.
http://tinyurl.com/37p35
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Definitely
Discovered!
Greatest post of all time.
/me claps.
/m
- Original Message -
From: "Goudie, Derek" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 1:54 PM
Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
is it always this silly?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Micah
> McNelly
> Sent: Tuesday, June 08, 2004 4:32 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely
>
l Message -
From: "Goudie, Derek" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 09, 2004 6:54 AM
Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
> Thanks! I needed that
>
> -Original Message-
&
Greatest post of all time.
/me claps.
/m
- Original Message -
From: "Goudie, Derek" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 1:54 PM
Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
&g
, 2004 8:00 PM
Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
> Oliver! Hello!
>
> SSL is the same port as HTTPS ? OMFG then we have a bigger problem than I
> ever imagined!! HOLY SMOKES! I am going to block port 443 right now and I
> urge ALL of yo
uot;Oliver Welter" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "Billy B. Bilano" <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 12:43 PM
Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
> hi Guys,
>
> I'm new to the l
On Tue, 08 Jun 2004 10:53:29 CDT, "Billy B. Bilano" <[EMAIL PROTECTED]> said:
> Bill Bilano here, reporting in from the front-lines! I've got some
> disturbing news that I've got to get some answers about while I share. I
> think we're about to come under full hacker attack at any second! And to
>
The only thing funnier than this post are the responses to it.
Good show.
Cheers Billy, thanks for the laugh.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Billy B. Bilano
Sent: Tuesday, June 08, 2004 11:53 AM
To: [EMAIL PROTECTED]
Subject:
]
Asunto: RE: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
"Men like me, we need a room full of clues"
--Doug.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Harlan Carvey
Sent: Tuesday, June 08, 2004 12:40 PM
To: [EMAIL
Hi,
I just can admit to what Billy wrote. The Firewall of my PDA is getting
hot. It plays "Yellow Submarine" everytime I press the escape-key. It
has to be something like this crypto-thing. I don't know what "crypto"
means but it seems to be encrypted with EnglishLanguageProtocol.
Believe me, I ha
27;C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS
- Original Message -
From: "Ng, Kenneth (US)" <[EMAIL PROTECTED]>
To: "'Billy B. Bilano'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 1:51 PM
Subject: RE: [Full
How about renaming it to [EMAIL PROTECTED] More fitting methinks. :-)
-Original Message-
From: Billy B. Bilano
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 9:53 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
Salutations
Sent: Tuesday, June 08, 2004 2:46 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
> Whatever ssl is, I don't know but it's using the so-called "ssl" port on
> the web servers. I don't think it has anything to
hi Guys,
I'm new to the list, so hello first ;)
I really dont know if you are just kidding or if I missunderstod your
post...
Port 443 is the SecureHTTP protocol (https) - so it is correct that it
is bound to a webserver process and it is correct that SSL-encryptet
traffic goes in and out - so w
j00 d0nt f00l u5
"Billy B. Bilano" <[EMAIL PROTECTED]> wrote:
>
>Salutations, amigos!
>
>Bill Bilano here, reporting in from the front-lines! I've got some
>disturbing news that I've got to get some answers about while I share. I
>think we're about to come under full hacker attack at any second! A
I really hope this guy is not THIS retarded... her was certainly smart
enough to leave the XSS enabled on his guest book (which of course he
called a virus)...
6/8/04
Javascript hackers in my guestbook! GUESTBOOK UNDER SIEGE! I guess I
upset somebody with my finding out about their silly port
dles SSL but not TLS.
- Original Message -
From: "Billy B. Bilano" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 1:05 PM
Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
> Hi Harlan! Thanks for your rep
have you got any code or anything to substantiate this? Your site is
unreachable
Billy B. Bilano wrote:
Salutations, amigos!
Bill Bilano here, reporting in from the front-lines! I've got some
disturbing news that I've got to get some answers about while I share. I
think we're about to come under
> Whatever ssl is, I don't know but it's using the so-called "ssl" port on
> the web servers. I don't think it has anything to do with whatever ssl
> was back in the old days of UNIX. It has a lower port number and that
> means it's an older port! Probably from the 1970s!
>
> Besides, why should I
EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 11:34 AM
Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
Please tell me this is just a really bad joke?
-Original Message-
From: Billy B. Bilano
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 10:53 AM
On Tue, Jun 08, 2004 at 11:46:22AM -0500, Billy B. Bilano wrote:
> Sorry to say but it is not! I checked my incoming traffic again this morning
> and the attack on port 443 is still coming in full steam ahead! I don't know
> what's going on, but I am about to block that port on my firewall. Some
>
Hi Harlan! Thanks for your reply... hard to make heads or tails of what you
are saying though...
> Wouldn't it then be, by definition, a worm?
A worm or whatever you want to call it, that's cool. I just thought "virus"
sounds more alarming than worm! Everybody has had a worm or two, but a virus
i
Bill,
>From your post, you don't seem to have a great deal of
detailed information to share about this issue...
> The virus works on port 443.
Wouldn't it then be, by definition, a worm?
> It seems to accept inbound connections on that
> port as well and, presumably, awaits for commands
> fro
C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS
- Original Message -
From: "-, Steve" <--->
To: "Billy B. Bilano" <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 11:34 AM
Subject: RE: [Full-Disclosure] Possible First Crypto Virus Defin
lly B. Bilano, MSCE, CCNA
<http://www.bilano.biz/>
Expert Sysadmin Since 2003!
'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS
- Original Message -
From: "Michael R."
To: "'Billy B. Bilano'" <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 20
At 10:53 AM 6/8/2004 -0500, Billy B. Bilano wrote:
Bill Bilano here, reporting in from the front-lines! I've got some
disturbing news that I've got to get some answers about while I share. I
think we're about to come under full hacker attack at any second! And to
those people that said us folks tal
49 matches
Mail list logo
