|
Full Disclosure
mailing list archives
Re: All China, All The Time
From: r00t <r00t () ellicit org>
Date: Fri, 15 Jan 2010 12:57:52 -1000
Can you explain how this is sophisticated. It looks to me like most
decent malware samples I've RE'd:
The result: triple encrypted shell code which downloads multiple
encrypted binaries used to drop an encrypted payload on a target machine
which then establishes an encrypted SSL channel to connect to a command
and control network.
If they are so sophisticated and organized, then why do they continually
get noticed shortly after the attack. A major element that you fail to
realize about these so called sophisticated attacks is stealth and
persistence, which this attack lacks.
On 1/15/10 12:33 PM, Densmore, Todd wrote:
Here is my 2 cents on both Google and iiScan
http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/01/15/china-google-and-web-security.aspx
~todd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: All China, All The Time Densmore, Todd (Jan 15)
- Re: All China, All The Time r00t (Jan 15)
Re: All China, All The Time Anders Klixbull (Jan 18)
(Thread continues...)
|
