Neutrino Exploit Kit Has a New Way To Detect Security Researchers

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.

Re:So spoof packets and find safety?

[klui]

The second link states passive OS fingerprinting, p0f, was developed by Michal Zalewski. http://lcamtuf.coredump.cx/p0f... shows your connection's fingerprint. It may be as easy as using a proxy such as Squid to perform the "spoofing."