Comments on: Polish Takedown Targets ‘Virut’ Botnet

By: Jay Pfoutz

Jay Pfoutz — Fri, 25 Jan 2013 01:53:16 +0000

Take a look at all the records for the PTR: http://hosts-file.net/?s=148.81.111.111&view=history

By: Jay Pfoutz

Jay Pfoutz — Fri, 25 Jan 2013 01:42:57 +0000

Brian! I went to Piotr’s profile on Facebook that you linked to, and saw the website he had listed: http://www.sysplex.pl

I did Whois query on it. The nameservers at 89.163.172.186 have IP PTR pointing back to 148.81.111.111 which is the IP of irc.zief.pl.

Hopefully that helps, if you didn’t realize it.

By: RCL

RCL — Tue, 22 Jan 2013 21:23:03 +0000

I wonder why botnet authors did not use Google as one of failsafe mechanisms. It’s not hard to search for a several uncommon fragments and probe the results for being C&C servers. Bots could have randomized search words from a larger body of text to avoid detection.

By: voksalna

voksalna — Tue, 22 Jan 2013 18:37:52 +0000

Uzzi,

The way you put that it’s almost like you considered his suiciding a success story?

By: E.M.H.

E.M.H. — Mon, 21 Jan 2013 14:04:48 +0000

Wonder why they included a EULA? Either they thought it might absolve them in some nations of a crime, or they put it there as a joke. Either way, that’s an odd thing to do.

Minute point, true, but still an odd one.

By: Neej

Neej — Sun, 20 Jan 2013 15:08:25 +0000

“Therefore, you agree you will not deliver your bundled files to anyone who can be offended by the QuickBundle technology described earlier.”

Good to see them only infecting people who want their computer to become part of a spam spewing and God knows what else botnet!

And here was me thinking they were just criminals infecting anyone they could.

By: Uzzi

Uzzi — Sun, 20 Jan 2013 04:55:40 +0000

Sorry to say but your’re wrong: There’s heavy cooperation between NGOs, CERTs and authorities worldwide going on but it needs time and a lot of work to find, charge and convict a suspect. Took me two years of analysis and some luck to identify a bot herder and to convince state police to confiscate his machinery. He suicided a year and several month later – shortly before arraignment…
…on the other hand you just need some scripts to handle several millions of copyright infringers, basically. And every copyright infringer pays the copyright mafia more profit than a legal customer does. You may call that a business plan.

By: Tango Down

Tango Down — Sat, 19 Jan 2013 17:57:15 +0000

1 down 900 000 000 to GO . xa-xa-xa .

By: AndrzejL

AndrzejL — Sat, 19 Jan 2013 17:17:36 +0000

Now that’s funny… Botnet lovers disliked my previous post…

Teehee…

Regards.

Andrzej

By: Daniel Olive

Daniel Olive — Sat, 19 Jan 2013 11:16:42 +0000

The BBC has credited a skimmer picture (the keypad skimmer that headlines your skimmer series and shown at http://krebsonsecurity.com/2010/02/atm-skimmers-part-ii/) as coming from you. I thought the series were someone else’s shots? The BBC story is at http://www.bbc.co.uk/news/technology-21085738

Sorry to spam the comments on this story but comments are closed on the skimmer series post.