Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: All China, All The Time
From: r00t <r00t () ellicit org>
Date: Fri, 15 Jan 2010 12:57:52 -1000

Can you explain how this is sophisticated.  It looks to me like most 
decent malware samples I've RE'd:

The result: triple encrypted shell code which downloads multiple 
encrypted binaries used to drop an encrypted payload on a target machine 
which then establishes an encrypted SSL channel to connect to a command 
and control network.

If they are so sophisticated and organized, then why do they continually 
get noticed shortly after the attack.  A major element that you fail to 
realize about these so called sophisticated attacks is stealth and 
persistence, which this attack lacks.



On 1/15/10 12:33 PM, Densmore, Todd wrote:
Here is my 2 cents on both Google and iiScan

http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/01/15/china-google-and-web-security.aspx

~todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault