Phishing & BotNets Mode:
(Page 7 of 8)  < Prev  2 3 4 5 6 7 8  Next >
Re: valid problem 2005-11-10
Lance James (lancej securescience net)
I have a mailing list for what I call mal-aware (malicious activity awareness and response) if you want we can use that.
-----Original Message-----
From: "Stejerean, Cosmin" <cosmin (at) cti.depaul (dot) edu [email concealed]>
Date: Wed, 9 Nov 2005 23:28:09
To:"Lance James" <lancej (at) securescience (dot) net [email concealed]>, "Saeed Abu Nimeh" <

[ more ]  [ reply ]
RE: valid problem 2005-11-10
Stejerean, Cosmin (cosmin cti depaul edu)
Indeed. We should setup a secret organization to track phishing. Who should
be part of this list and who should we exclude?

Cosmin

-----Original Message-----
From: Lance James [mailto:lancej (at) securescience (dot) net [email concealed]]
Sent: Wednesday, November 09, 2005 11:06 PM
To: Stejerean, Cosmin; Lance James; Saeed A

[ more ]  [ reply ]
Re: valid problem 2005-11-10
Lance James (lancej securescience net)
I'm not debating info sharing but tracking phishers on a public forum is not wise.
-----Original Message-----
From: "Stejerean, Cosmin" <cosmin (at) cti.depaul (dot) edu [email concealed]>
Date: Wed, 9 Nov 2005 22:53:17
To:"Lance James" <lancej (at) securescience (dot) net [email concealed]>, "Saeed Abu Nimeh" <drellman (at) hotmail (dot) com [email concealed]>
Cc:<phishing@sec

[ more ]  [ reply ]
RE: valid problem 2005-11-10
Stejerean, Cosmin (cosmin cti depaul edu)
I think the problem with phishing is not any different that with other forms
of hacking. What about watching the honeypot mailing list? Wouldn't that
benefit a hacker? The same could go for almost any list. The purpose of the
list is to share information, and that information can be used for good or

[ more ]  [ reply ]
valid problem 2005-11-09
Lance James (lancej securescience net) (2 replies)
I think there is a valid problem with a "phishing (at) securityfocus (dot) com [email concealed]" list.

It's publicly available to everyone - including phishers. Why the hell
would anyone post on it?

--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securesc

[ more ]  [ reply ]
Re: valid problem 2005-11-09
Saeed Abu Nimeh (drellman hotmail com) (1 replies)
Re: valid problem 2005-11-09
Lance James (lancej securescience net) (1 replies)
Re: valid problem 2005-11-09
Byron L. Sonne (blsonne rogers com)
Re: valid problem 2005-11-09
Nick Bilogorskiy (nbilogorskiy fortinet com)
[News story] - Microsoft takes on spam zombies 2005-10-27
Nick Bilogorskiy (nbilogorskiy fortinet com)
Hoping to turn the tide on spam zombies, Microsoft has filed suit against
entities it said used compromised PCs to send millions of junk e-mail
messages. ...
Zombie PCs have become a serious problem that requires more industry action,
the Federal Trade Commission said earlier this year. Microsoft be

[ more ]  [ reply ]
Re: Tracking Botnets 2005-10-24
Guillaume Lovet (glovet fortinet com)
On Wed, 19 Oct 2005 20:29:12 +0200, Saeed Abu Nimeh <drellman (at) hotmail (dot) com [email concealed]>
wrote:

> Hi List,
> As for tracking botnets, I've read "Know your Enemy: Tracking Botnets"
> by the honeynet project. Does anyone know other resources (tools,
> papers, etc.) or even other techniques for tracking botne

[ more ]  [ reply ]
RE: Worm Origin 2005-10-24
dave kleiman (dave isecureu com)

> Since Norton AV should have restricted the download itself
> (or at least the RUNNING OF virus) that implicitly admit user
> tampered with AV.
> I don't know (maybe someone more expert than me here) if
> there is such a thing as a Norton AV eventlog entry for
> manual STOP and RESTART of AV, but

[ more ]  [ reply ]
Worm Origin 2005-10-23
Joel A. Folkerts (jfolkert hiwaay net) (3 replies)
List:

BACKGROUND
A user admitted to a confidential source she released a virus on her small
LAN. Before I was able to seize and image the user's machine, a local
sysadmin scanned the small LAN with NAV and found several machines were
infected with W32.Korgo.X
(http://securityresponse.symantec.com/

[ more ]  [ reply ]
RE: Worm Origin 2005-10-23
Omar A. Herrera (omar herrera oissg org)
Re: Worm Origin 2005-10-23
crazy frog crazy frog (i m crazy frog gmail com)
Re: Worm Origin 2005-10-23
Matteo G.P. Flora (lk lastknight com) (1 replies)
Re: Worm Origin 2005-10-26
Marco Monicelli (marco monicelli marcegaglia com)
Re: PE Headers 2005-10-21
keydet89 yahoo com
No wonder I'm not seeing this thread in the Binary Analysis forum...it's here in "Phishing and Botnets" for some reason...

Ugh.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

[ more ]  [ reply ]
RE: SF new article announcement: Two-factor banking 2005-10-19
Levenglick, Jeff (JLevenglick fhlbatl com)
Seems like this will be the next six month trend. For what it is worth:

1) Tokens have been around for a while already. They are expensive.

2) Like any fancy password system, there are programs out there to hack

them. (Cain and Able)

3) Very easy to Phish. Just call a person and you can get th

[ more ]  [ reply ]
Tracking Botnets 2005-10-19
Saeed Abu Nimeh (drellman hotmail com) (2 replies)
Hi List,
As for tracking botnets, I've read "Know your Enemy: Tracking Botnets"
by the honeynet project. Does anyone know other resources (tools,
papers, etc.) or even other techniques for tracking botnets and
identifying farms of bots.
Best,
Saeed

[ more ]  [ reply ]
Re: Tracking Botnets 2005-10-23
Marc Dacier (marc dacier eurecom fr)
Re: Tracking Botnets 2005-10-22
Thorsten Holz (thorsten holz mmweg rwth-aachen de)
what kinds of topics are welcomed here ? 2005-10-21
c.y. wang (wangchunying snda com)
hi

very glad to see this mailing list.

a main part of my work is around the win32 PE file analysis :-)

what kinds of topics are welcomed here ?

c.y. wang

Shanda Interactive Entertainment Co. Ltd, Shanghai, China.

Email: wangchunying (at) snda (dot) com [email concealed]

[ more ]  [ reply ]
Re: PE Headers 2005-10-20
Harlan Carvey (keydet89 yahoo com)
Jon,

> > Based on what you've said, given the information
> from
> > the .data section above, the calculation of
> > "sh.PointerToRawData - sh.VirtualAddress" is a
> > negative number.
>
> Negative corrections are expected.
[snip]
> If using negative values in file pointer
> calculations makes

[ more ]  [ reply ]
Re: PE Headers 2005-10-20
Harlan Carvey (keydet89 yahoo com) (1 replies)
Jonathon,

Thanks for the response.

> You're almost there. You just need to figure out how
> to calculate the
> value that you called image_base_address.
>
> What has worked for me as the base address is the
> section header
> PointerToRawData value minus the section header
> VirtualAddress valu

[ more ]  [ reply ]
Re: PE Headers 2005-10-20
Jonathon Giffin (giffin cs wisc edu)
Re: PE Headers 2005-10-20
Harlan Carvey (keydet89 yahoo com)

Thanks for the response...

> If you have the section headers, you should be able
> to identify the VirtAddr
> of each section and the raw data offset in the
> binary itself.

Yes, I can see that. For example, I've pulled this
information from netstat.exe:

Section Name : .text
Virtual Siz

[ more ]  [ reply ]
PE Headers 2005-10-19
keydet89 yahoo com (2 replies)
All,

I'm digging into the PE header format, writing a Perl script for parsing information.

I've gotten to the point where I can read the Import Table, obtaining the IMAGE_IMPORT_DESCRIPTORs (IID). What I'm looking for at this point is how to convert the RVAs in the IID to an offset within the bin

[ more ]  [ reply ]
Re: PE Headers 2005-10-19
Xman Security (xmansecurity gmail com)
Re: PE Headers 2005-10-19
Jonathon Giffin (giffin cs wisc edu)
(Page 7 of 8)  < Prev  2 3 4 5 6 7 8  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus