Slashdot Mirror
Heise Online Reveals Trojan / Spam Connection
yourruinreverse writes "Virus distributors have been caught red-handed selling IP addresses of trojan-infected machines by editors of the German IT magazine c't. Several individuals appear to have been arrested already after c't, revealing one of the virus writer's nationality as British, passed on the information to Scotland Yard. Check out the German article first, then its translation on Groklaw and maybe also same translation posted in the English section of the Heise website (in order of appearance)."
Although not quite what you wanted dshield has a page where you can see if your machine has been reported as scanning others.
They also has a banner you can add to your site that shows a warning if the viewers ip is in the list. But if fear that people will ignore that and mistake if for the "Warning, your machine is broadcasting an IP..." ad. that used to run.
also check out mynetwatchman
A few weeks ago I noticed a HUGE spike in the number of trojan scans against my firewall. I found that the scans were coming from pretty much everywhere (world-wide), and seem to start up almost as quickly as I connect to the net. I have been wondering what was behind such a spike in trojan scan activity; I guess this is my answer.
Fortunately, there are no known trojans on my system, the firewall and the virus checker are doing their jobs.
Be excellent to each other. And... PARTY ON, DUDES!
That's exactly what tools like nessus are for.
RTFA. c't ran a "sting" where the virus author sold them the IP addresses.
It's always a long day... 86400 doesn't fit into a short.
In the US vigilante justice has a history that is associated with racism. Lynchings of whites by whites in the south, Bernie Goetz shooting black kids who tried to rob him, Chinese curfew laws in the west being enforced by white mobs, and so on.
Vigilante justice is anti-democratic, it puts an unpopular minority at the mercy of the majority.
I'm sure the cultural cultists protesting gay marriage in California would love to string up some of those lawbreaking fags getting married right now.
The version I've always heard is that hundreds of years ago the only way to be educated was a private tutor. When they were introduced, "public schools" (schools where pupils' parents pay fees) were called that to differentiate between private tuition and a public school.
;-)
The terminology is a bit unfortunate, now that private tuition doesn't happen and state schools are more public than "public schools", but that's how the English language works
Schools entirely paid for by taxes are "state schools" (as in "separation of Church and State", not as in "Washington state").
Well, look at the site and see for yourself. :)
People return logs from their routers, there are clients for most system where you send back the list of denied packets. And they do record when the attacks took place. Example..
But the main focus for the single user is that it sends back daily reports of denied activity against your routers, such as port scanners.
They do have a block list, which is rather short and only contains the worst current offenders over the last 3 days. They are not anal about it like SPEWS.
I'll bet dollars for doughnuts Comcast and Road Runner never see their own IPs when they do queries on that spammer's domain. I first learned of this trick from NANAE poster "Spamless," so you can look it up for a more thorough explanation (can't find it myself just now). The short story is that the spammer's DNS responds differently depending on the IP that makes the request. When the ISP checks those DNS records, they get something in South America, or China, or another ISP, anything other than them. The cable modem machine is just a proxy.
It takes a little more effort to track down what is going on, and large broadband ISP's abuse desks are probably too swamped - which should be no excuse.
Beer wants to be free