Crimeware

B

~BD~

Crimeware is still in its infancy with regard to the evolution of malware,
and does not have an official definition. However, as its name implies,
crimeware is malicious software used to initiate a crime that is typically
Internet-based. During the past two years, crimeware attacks have increased
at a far greater rate than the normal virus. International gangs of virus
writers, hackers and spammers are joining forces to steal information and
collect huge profits illegally.

Read here ........ and review the graph! http://www.kaspersky.com/crimeware

So ............... just *how* is it being done?

Dave
 
B

~BD~

Thanks for responding, Dan.

Interesting thought!

BD

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:4066BDA5-0C35-444C-913D-4623DD644426@microsoft.com...
> Well, you must remember, the hackers have computer experts on their side
> as
> well as their being computer experts on our side. There are a lot of
> different techniques that can be used in hacking that include such things
> as
> port scanning to look for vulnerable ports. Unfortunately, many of these
> port scans are coming from Chinese servers and whether the Chinese
> government
> is directly involved is unknown but would not be surprising. However, the
> hackers could indeed be smart enough to route themselves through China and
> make it appear the Chinese were to blame and that would indeed be really
> mean
> and malicious. I could go on and on but it would be too long a post.
>
> "~BD~" wrote:
>
>> Crimeware is still in its infancy with regard to the evolution of
>> malware,
>> and does not have an official definition. However, as its name implies,
>> crimeware is malicious software used to initiate a crime that is
>> typically
>> Internet-based. During the past two years, crimeware attacks have
>> increased
>> at a far greater rate than the normal virus. International gangs of virus
>> writers, hackers and spammers are joining forces to steal information and
>> collect huge profits illegally.
>>
>> Read here ........ and review the graph!
>> http://www.kaspersky.com/crimeware
>>
>> So ............... just *how* is it being done?
>>
>> Dave
>>
>>
>>
>>
>>
>>
>>

>
 
D

Dan

You are most welcome. I do like grc.com that you can use with Internet
Explorer to see if you have any ports that are not hidden on the first 1000+
ports by doing a scan. You can also check individual ports if you are
concerned about them.
 
R

Root Kit

On Sat, 28 Jun 2008 08:46:01 -0700, Dan
<Dan@discussions.microsoft.com> wrote:

>You are most welcome. I do like grc.com that you can use with Internet
>Explorer to see if you have any ports that are not hidden on the first 1000+
>ports by doing a scan.


If by hidden you mean "stealth", how do you (with the help of
mentioned tool) distinguish between a port which is filtered (or
"stealthed") and a port occupied by a malware waiting for instructions
on a UDP port?
 
V

VanguardLH

"~BD~" in <news:#4#JejS2IHA.6096@TK2MSFTNGP06.phx.gbl> wrote:

> Crimeware is still in its infancy with regard to the evolution of malware,
> and does not have an official definition. However, as its name implies,
> crimeware is malicious software used to initiate a crime that is typically
> Internet-based. During the past two years, crimeware attacks have increased
> at a far greater rate than the normal virus. International gangs of virus
> writers, hackers and spammers are joining forces to steal information and
> collect huge profits illegally.
>
> Read here ........ and review the graph! http://www.kaspersky.com/crimeware
>
> So ............... just *how* is it being done?
>
> Dave


First thing that came to mind when I saw Crimeware was my Smith &
Wession 5606 semi-auto .45 stainless see a picture at:

http://www.gundealersonline.com/members/users/dsofirearms/DSO_SW_4046_b.JPG

Not mine. Mine has a lasersight and extended magazine. BANG, my
crimeware works again. Dang, now I have to replace my monitor.
 
B

~BD~

"Root Kit" <b__nice@hotmail.com> wrote in message
news:eek:guc64d1g17d55iik4qgq28upb6664560n@4ax.com...
> On Sat, 28 Jun 2008 08:46:01 -0700, Dan
> <Dan@discussions.microsoft.com> wrote:
>
>>You are most welcome. I do like grc.com that you can use with Internet
>>Explorer to see if you have any ports that are not hidden on the first
>>1000+
>>ports by doing a scan.

>
> If by hidden you mean "stealth", how do you (with the help of
> mentioned tool) distinguish between a port which is filtered (or
> "stealthed") and a port occupied by a malware waiting for instructions
> on a UDP port?
>


I personally have no idea, John (I call people I don't know by that name
surprisingly, about 70% of the time it turns out to be correct! <g>)

I've used the grc.com site on many occasions (as have several million
others!) If you are aware of any other programme which can carry out a
similar safety check, perhaps you'll let us know Root Kit (John!). TIA

Dave
 
D

David H. Lipman

From: "~BD~" <BoaterDave@nospam.invalid>

| Crimeware is still in its infancy with regard to the evolution of malware,
| and does not have an official definition. However, as its name implies,
| crimeware is malicious software used to initiate a crime that is typically
| Internet-based. During the past two years, crimeware attacks have increased
| at a far greater rate than the normal virus. International gangs of virus
| writers, hackers and spammers are joining forces to steal information and
| collect huge profits illegally.

| Read here ........ and review the graph! http://www.kaspersky.com/crimeware

| So ............... just *how* is it being done?

| Dave

Most well known, RBN.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
B

~BD~

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uVQa5zV2IHA.5564@TK2MSFTNGP06.phx.gbl...
> From: "~BD~" <BoaterDave@nospam.invalid>
>
> | Crimeware is still in its infancy with regard to the evolution of
> malware,
> | and does not have an official definition. However, as its name implies,
> | crimeware is malicious software used to initiate a crime that is
> typically
> | Internet-based. During the past two years, crimeware attacks have
> increased
> | at a far greater rate than the normal virus. International gangs of
> virus
> | writers, hackers and spammers are joining forces to steal information
> and
> | collect huge profits illegally.
>
> | Read here ........ and review the graph!
> http://www.kaspersky.com/crimeware
>
> | So ............... just *how* is it being done?
>
> | Dave
>
> Most well known, RBN.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>


Is this the RBN to which you refer, David H Lipman?
The infamous Russian Business Network (RBN)
http://blog.trendmicro.com/rbn-goes-poof/

If so ............ thank you! :)

Dave
 
B

~BD~

Great response .............. 10/10 for you, Vanguard!

If you really do have such a weapon, for what do you use it? (Apart from
assasinations, that is!)

Dave

"VanguardLH" <V@nguard.LH> wrote in message
news:RL-dne-Cx5LvCvvVnZ2dnUVZ_q7inZ2d@comcast.com...
> "~BD~" in <news:#4#JejS2IHA.6096@TK2MSFTNGP06.phx.gbl> wrote:
>
>> Crimeware is still in its infancy with regard to the evolution of
>> malware,
>> and does not have an official definition. However, as its name implies,
>> crimeware is malicious software used to initiate a crime that is
>> typically
>> Internet-based. During the past two years, crimeware attacks have
>> increased
>> at a far greater rate than the normal virus. International gangs of virus
>> writers, hackers and spammers are joining forces to steal information and
>> collect huge profits illegally.
>>
>> Read here ........ and review the graph!
>> http://www.kaspersky.com/crimeware
>>
>> So ............... just *how* is it being done?
>>
>> Dave

>
> First thing that came to mind when I saw Crimeware was my Smith &
> Wession 5606 semi-auto .45 stainless see a picture at:
>
> http://www.gundealersonline.com/members/users/dsofirearms/DSO_SW_4046_b.JPG
>
> Not mine. Mine has a lasersight and extended magazine. BANG, my
> crimeware works again. Dang, now I have to replace my monitor.
>
 
D

David H. Lipman

From: "~BD~" <BoaterDave@nospam.invalid>


| Is this the RBN to which you refer, David H Lipman?
| The infamous Russian Business Network (RBN)
| http://blog.trendmicro.com/rbn-goes-poof/

| If so ............ thank you! :)

| Dave

Read ALL of the following. You like conspiracies, this will keep 'ya busy.

http://en.wikipedia.org/wiki/Russian_Business_Network

http://rbnexploit.blogspot.com/

http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Russian Business Network

http://www.crime-research.org/analytics/cybercrime1302/


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
R

Root Kit

On Sat, 28 Jun 2008 21:04:35 +0100, "~BD~" <BoaterDave@nospam.invalid>
wrote:

>
>"Root Kit" <b__nice@hotmail.com> wrote in message
>news:eek:guc64d1g17d55iik4qgq28upb6664560n@4ax.com...
>> On Sat, 28 Jun 2008 08:46:01 -0700, Dan
>> <Dan@discussions.microsoft.com> wrote:
>>
>>>You are most welcome. I do like grc.com that you can use with Internet
>>>Explorer to see if you have any ports that are not hidden on the first
>>>1000+
>>>ports by doing a scan.

>>
>> If by hidden you mean "stealth", how do you (with the help of
>> mentioned tool) distinguish between a port which is filtered (or
>> "stealthed") and a port occupied by a malware waiting for instructions
>> on a UDP port?
>>

>
>I personally have no idea, John (I call people I don't know by that name
>surprisingly, about 70% of the time it turns out to be correct! <g>)


Maybe it's because you can't. If you didn't deal with this foolish
"stealth" security theater, you would. What you want is to avoid
unnecessary open ports. Whether they are otherwise closed or
"stealthed" makes no difference in terms of security. "Stealth" only
makes you feel better.

>I've used the grc.com site on many occasions (as have several million
>others!)


Since when did volume say anything about quality?

ShieldsUp is mainly a promotion tool. SU is good for one thing and one
thing only: To quickly check if some kind of packet filter is in place
either on your machine or somewhere upstream. That's it. Nothing more.

>If you are aware of any other programme which can carry out a
>similar safety check, perhaps you'll let us know Root Kit (John!). TIA


Well, how about first of all checking your listening sockets on the
machine itself by using something as simple as the cmd netstat? - Or
for a more graphic experience use "TCPview" from MS-sysinternals or my
personal favorite "CurrPorts" from NirSoft.

These will tell you all you need to know about what services are
listening on what ports. For best security, you should have only the
ones absolutely necesaary. If you then want to check from the outside
to see if those are available or filtered, at least use an nmap-based
service like the one available at
http://www.linux-sec.net/Audit/nmap.test.gwif.html

And always remember that if you connect through some kind of gateway
(e.g. a router), that's the one being examined and not your machine
itself.
 
B

~BD~

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eBT$YPX2IHA.416@TK2MSFTNGP04.phx.gbl...
> From: "~BD~" <BoaterDave@nospam.invalid>
>
>
> | Is this the RBN to which you refer, David H Lipman?
> | The infamous Russian Business Network (RBN)
> | http://blog.trendmicro.com/rbn-goes-poof/
>
> | If so ............ thank you! :)
>
> | Dave
>
> Read ALL of the following. You like conspiracies, this will keep 'ya
> busy.
>
> http://en.wikipedia.org/wiki/Russian_Business_Network
>
> http://rbnexploit.blogspot.com/
>
> http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Russian Business Network
>
> http://www.crime-research.org/analytics/cybercrime1302/
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>

Many thanks for the links, David. I've had a brief look and will explore
further when time permits.

Others reading here may just be interested too!

Cheers

BD
 
B

~BD~

"Root Kit" <b__nice@hotmail.com> wrote in message
news:tsge645qsn674u3slk7e6ac5u4gi1uv4it@4ax.com...
> On Sat, 28 Jun 2008 21:04:35 +0100, "~BD~" <BoaterDave@nospam.invalid>
> wrote:
>
>>
>>"Root Kit" <b__nice@hotmail.com> wrote in message
>>news:eek:guc64d1g17d55iik4qgq28upb6664560n@4ax.com...
>>> On Sat, 28 Jun 2008 08:46:01 -0700, Dan
>>> <Dan@discussions.microsoft.com> wrote:
>>>
>>>>You are most welcome. I do like grc.com that you can use with Internet
>>>>Explorer to see if you have any ports that are not hidden on the first
>>>>1000+
>>>>ports by doing a scan.
>>>
>>> If by hidden you mean "stealth", how do you (with the help of
>>> mentioned tool) distinguish between a port which is filtered (or
>>> "stealthed") and a port occupied by a malware waiting for instructions
>>> on a UDP port?
>>>

>>
>>I personally have no idea, John (I call people I don't know by that name
>>surprisingly, about 70% of the time it turns out to be correct! <g>)

>
> Maybe it's because you can't. If you didn't deal with this foolish
> "stealth" security theater, you would. What you want is to avoid
> unnecessary open ports. Whether they are otherwise closed or
> "stealthed" makes no difference in terms of security. "Stealth" only
> makes you feel better.
>
>>I've used the grc.com site on many occasions (as have several million
>>others!)

>
> Since when did volume say anything about quality?



OK - you win! )


>
> ShieldsUp is mainly a promotion tool. SU is good for one thing and one
> thing only: To quickly check if some kind of packet filter is in place
> either on your machine or somewhere upstream. That's it. Nothing more.
>
>>If you are aware of any other programme which can carry out a
>>similar safety check, perhaps you'll let us know Root Kit (John!). TIA

>
> Well, how about first of all checking your listening sockets on the
> machine itself by using something as simple as the cmd netstat?



I'd never come across this before ............ I've found
http://technet.microsoft.com/en-gb/library/bb490947(TechNet.10).aspx and
will explore further IDC. Thanx.


- Or
> for a more graphic experience use "TCPview" from MS-sysinternals


I found this:- http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
and have downloaded same. I've had a quick look, but will study later. Many
thanks. :)


or my
> personal favorite "CurrPorts" from NirSoft.



I found it here: http://www.nirsoft.net/utils/cports.html Again, I've had
a quick look, but will study later. Many thanks. :)



>
> These will tell you all you need to know about what services are
> listening on what ports. For best security, you should have only the
> ones absolutely necesaary. If you then want to check from the outside
> to see if those are available or filtered, at least use an nmap-based
> service like the one available at
> http://www.linux-sec.net/Audit/nmap.test.gwif.html



I've had a quick look. Never seen it before! Lots to investigate. Thank you
once more! :)


>
> And always remember that if you connect through some kind of gateway
> (e.g. a router), that's the one being examined and not your machine
> itself.
>


I do use a router ............... and connect wirelessly.

There's a lot to learn about 'computing' - when I started to learn they had
thermionic valves and the transistor was in its infancy! How things have
changed!

I really appreciate your guidance, John. (That's Root Kit, aka Straight
Talk, I believe!)

Thank you.

BD
 
S

Steve Riley [MSFT]

A comment about the "Chinese threat." It's popular to lay blame on an
ambiguous thing called "the Chinese" whenever someone feels the need to
restoke fear and zealotry toward "the other." However, there is very little
real evidence that "the Chinese" are doing anything they get blamed for.

Latest example:
http://blog.wired.com/27bstroke6/2008/06/former-white-ho.html

I've been to Beijing and Shanghai several times. China can barely keep its
internal house in order, what with 1.3 billion people all migrating to the
cities, a rapidly growing middle class and its attendant exacerbation of
personal greed, and the never-before-seen blending of a market economy with
a communist government.

As another example of the sheer complexity at making something like modern
China work, check out James Fallows's chronicling of the environment in
Beijing as they prepare for the Olympics.
http://jamesfallows.theatlantic.com/


--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"~BD~" <BoaterDave@nospam.invalid> wrote in message
news:ORnz62S2IHA.1772@TK2MSFTNGP03.phx.gbl...
> Thanks for responding, Dan.
>
> Interesting thought!
>
> BD
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:4066BDA5-0C35-444C-913D-4623DD644426@microsoft.com...
>> Well, you must remember, the hackers have computer experts on their side
>> as
>> well as their being computer experts on our side. There are a lot of
>> different techniques that can be used in hacking that include such things
>> as
>> port scanning to look for vulnerable ports. Unfortunately, many of these
>> port scans are coming from Chinese servers and whether the Chinese
>> government
>> is directly involved is unknown but would not be surprising. However,
>> the
>> hackers could indeed be smart enough to route themselves through China
>> and
>> make it appear the Chinese were to blame and that would indeed be really
>> mean
>> and malicious. I could go on and on but it would be too long a post.
>>
>> "~BD~" wrote:
>>
>>> Crimeware is still in its infancy with regard to the evolution of
>>> malware,
>>> and does not have an official definition. However, as its name implies,
>>> crimeware is malicious software used to initiate a crime that is
>>> typically
>>> Internet-based. During the past two years, crimeware attacks have
>>> increased
>>> at a far greater rate than the normal virus. International gangs of
>>> virus
>>> writers, hackers and spammers are joining forces to steal information
>>> and
>>> collect huge profits illegally.
>>>
>>> Read here ........ and review the graph!
>>> http://www.kaspersky.com/crimeware
>>>
>>> So ............... just *how* is it being done?
>>>
>>> Dave
>>>
>>>
>>>
>>>
>>>
>>>
>>>

>>

>
>
 
D

David H. Lipman

From: "Steve Riley [MSFT]" <steve.riley@microsoft.com>

| A comment about the "Chinese threat." It's popular to lay blame on an
| ambiguous thing called "the Chinese" whenever someone feels the need to
| restoke fear and zealotry toward "the other." However, there is very little
| real evidence that "the Chinese" are doing anything they get blamed for.

| Latest example:
| http://blog.wired.com/27bstroke6/2008/06/former-white-ho.html

| I've been to Beijing and Shanghai several times. China can barely keep its
| internal house in order, what with 1.3 billion people all migrating to the
| cities, a rapidly growing middle class and its attendant exacerbation of
| personal greed, and the never-before-seen blending of a market economy with
| a communist government.

| As another example of the sheer complexity at making something like modern
| China work, check out James Fallows's chronicling of the environment in
| Beijing as they prepare for the Olympics.
| http://jamesfallows.theatlantic.com/

That's not entirely true.

There is a vast network of malware being created in China and it is ever increasing.

The Chinese are spamming Usenet to death.

I'll bet the Chinese syndicate will soon be as entrenched as the RBN a few years or so.

I won't even touch the concept [in a public forum] of what the PLA is doing!

http://www.networkworld.com/news/20...-chinese-malware-sites.html?fsrc=rss-security

Except for what the PLA is doing, it is all about one thing -- MONEY !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 

Similar threads

B
Replies
14
Views
319
David H. Lipman
D
A
Replies
1
Views
366
Pegasus \(MVP\)
P
C
Replies
3
Views
571
Bill Yanaire
B
N
Replies
0
Views
1K
NewsBot
N
Back
Top Bottom