full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] All China, All The Tim

Re: [Full-disclosure] All China, All The Time

From: r00t <r00t_at_nospam>
Date: Fri Jan 15 2010 - 22:57:52 GMT
To: full-disclosure@lists.grok.org.uk


Can you explain how this is sophisticated. It looks to me like most decent malware samples I've RE'd:

The result: triple encrypted shell code which downloads multiple encrypted binaries used to drop an encrypted payload on a target machine which then establishes an encrypted SSL channel to connect to a command and control network.

If they are so sophisticated and organized, then why do they continually get noticed shortly after the attack. A major element that you fail to realize about these so called sophisticated attacks is stealth and persistence, which this attack lacks.

On 1/15/10 12:33 PM, Densmore, Todd wrote:
> Here is my 2 cents on both Google and iiScan
>
> http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/01/15/china-google-and-web-security.aspx
>
> ~todd
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/