During the last couple of days, I was getting harder to resist not publishing some of literally moronic commentary on the DDos attacks, thankfully not made
by people I know in person or virtually. From the "we know they did it but we don't have data to prove it", to the very latest and most disturbing commment
by a U.S intelligence
Why disturbing? Because that's exactly what the person -- controversial to the common wisdom you don't need a team to launch this old school amateur-ish http
request flooder --
Key summary points:
- if such a small botnet with such a noisy and amateur-ish request flooder can shutdown the U.S FCC for days, I wonder what would have happened to the rest
of the sites in the target list if the size of the botnet and sophistication of DDoS techniques improved
Let me continue in this line of thought - or they secretly brainwash the Teletubies and infiltirate he hearts and minds of children across the globe, a future
generation of pro-North Korean youngerts. Or they could secretly become a Russian Business Network franchise, now try sending an abuse notice to the non-existent
North Korean ISPs. They could,
The Web is abuzz with news reports regarding the ongoing DDoS (distributed denial of service attack)
The attacks which originally took off in the 4th of July weekend, target 26 Sourth Korean and American government sites and financial institutions.
The W32.Dozer comes in the form of an email attachment
Upon execution the trojan attempts to download the list of targets from three apparently compromised servers based in Germany, the U.S and Austria.
213.23.243.210 - Mannesmann Arcor Telecommunications AG & Co
216.199.83.203 - FDN.com
213.33.116.41 - Telekom Austria Aktiengesellschaft
75.151.32.182
92.63.2.118
75.151.32.182
202.14.70.116
201.116.58.131
200.6.218.194
163.19.209.22
122.155.5.196
newrozfm.com
text string “get/China/DNS
The word china within the malware code, the
http://www.virustotal.com/analisis/7dee2bd4e317d12c9a2923d0531526822cfd37eabfd7aecc74258bb4f2d3a643-1247001891
http://www.virustotal.com/analisis/1d1814e2096d0ec88bde0c0c5122f1d07d10ca743ec5d1a3c94a227d288f05a7-1246990042
http://www.virustotal.com/analisis/7c6c89b7a7c31bcb492a581dfb6c52d09dffca9107b8fd25991c708a0069625f-1246990249
http://www.virustotal.com/analisis/f9feee6ebbc3dc0d35eea8bf00fc96cf075d59588621b0132b423a4bbf4427d4-1247006555
Continue reading →
Following a series of successful data mining and OSINT enrichment successes in the face of OSINT and Law Enforcement operation called "Uncle George" including my recent attempt to take down approximately 3,000 ransomware emails which was quite a success including the recent and ongoing publication of various compilations of currently active high-profile cybercriminal email addresses and XMPP/Jabber accounts I had the privilege to get several of my blog posts censored and basically taken offline courtesy of Google which is actually good news in the face of the basic news that I'm currently sitting have been and will continue to be sitting on a treasure trove of threat intelligence and cyber attack attribution information on current and emerging cyber threats including to get actual legal threats from various individuals who appear to have been busy closing down their Twitter and Facebook accounts including LinkedIn accounts meaning quite a success for the actual data mining and technical collection process where the ultimate goal here would be to assist U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals.
Who wants to rock the boat with me? Request an invite-only reader access today! Sharing is caring.
It's been a privilege and an honor to serve everyone's needs for approximately 12 years as an independent contractor running this blog where I've actually had the chance to meet and actually get to know some of the security industry's leading companies and actual folks working within the security industry and it will continue to be a privilege and an honor to know and work with them in the future.
What's next? Always feel free to approach me at my dancho.danchev@hush.com where you can direct your "keep up the good work" "keep it cool" and "keep up the good spirit" including to actually inquire about my expertise and how I can jump on board on your cybercrime research and threat intelligence including OSINT research and analysis project in terms of fighting cybercrime.
I wanted to share with everyone the fact that I've started working on a high-profile personal memoir which basically encompasses a period of over 20 years in the field of computer and information security including the infamous Web 2.0 transition including my current career success and experienced in the world of security blogging cybercrime research and threat intelligence gathering up to present day.
I also wanted to let you know that there will be a lot of bonus content including never-published before personal account type of research activity and the true story that took place throughout the 90's in the world of hacking and computer security where I was a teenage hacker enthusiast today's leading expert in the field of security blogging cybercrime research and threat intelligence gathering.
My request? I'm currently accepting research and interview questions from my blog readers which I could properly answer and present in the form of book chapters where necessary in terms of my experience as a teenage hacker enthusiast including my current position as a leading expert in the field of cybercrime research and threat intelligence gathering.
Here are some sample research questions which you could direct to me for the purpose of assisting me on my way to write and finish the memoir.
Continue reading →
RSS Feed