Beware: 'Digmine' Cryptocurrency Bot Is Spreading Via Facebook Messenger

Cybersecurity firm Trend Micro has discovered a cryptocurrency bot that is being spread through Facebook Messenger. The bot, dubbed Digmine, was discovered in South Korea and has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. TechSpot explains: Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension. Extensions can only be downloaded from the Chrome Web Store, but this is bypassed using the command line. Once the malware infects a system, a modified version of XMRig -- a Monero mining tool -- is installed. This mines the cryptocurrency in the background using a victim's CPU, sending all profits back to the hackers. Additionally, the Chrome extension is also used to spread Digmine. If someone has their Facebook account set to log in automatically, the fake video file link will be sent to all their friends via Messenger. The malware could also be used to take over a Facebook account entirely. The good news is that Digmine only works through the Chrome desktop version of Messenger. Right now, opening the malicious file via the Facebook/Messenger app or mobile webpage won't have the same effect. After Trend Micro revealed its findings, Facebook said it had taken down any links connected to Digmine.

Old school is best school

[nitehawk214]

Mobile means we get to relive all the same attacks we saw decades ago.

Re:Old school is best school

[Actually,+I+do+RTFA]

No, see, it's totally different. Chrome sandboxes extensions so this cannot possibly be an attack. Now I'm to run some more arbitrary JavaScript from the internet without being asked first or even told what's running</sacrasm>

Easy to block using hosts files... apk

0.0.0.0 vijus.bid
0.0.0.0 ozivu.bid
0.0.0.0 thisdayfunnyday.space
0.0.0.0 thisaworkstation.space
0.0.0.0 mybigthink.space
0.0.0.0 mokuz.bid
0.0.0.0 pabus.bid
0.0.0.0 yezav.bid
0.0.0.0 bigih.bid
0.0.0.0 taraz.bid
0.0.0.0 megu.info

* SOURCE http://blog.trendmicro.com/trendlabs-security-intelligence/digmine-cryptocurrency-miner-spreading-via-facebook-messenger/

APK

P.S.=> You'd be in GOOD company (security pro):

"use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ BLEEPING COMPUTER ... apk

Re: Easy to block using hosts files... apk

Sure, you can block it until the attackers move to a new host and the old entries are useless. Hosts files will never be an effective solution to preventing attacks because they rely on blacklisting Hosts. The result is a game of whack-a-mole that could potentially consume considerable resources to implement all of the rules used. It's also completely ineffective if an IP is given and the host doesn't have to be resolved at all. A firewall is the appropriate tool for that. A better security solution is to reject requests by default and then whitelist trusted sources. It's potentially far less resource intensive than maintaining a blacklist of known malicious hosts. It's also more secure because it doesn't require a host to be identified as malicious prior to blocking. All the testimonials in the world won't change the fundamental issues with using a hosts file as a primary approach to security. Spamming Slashdot won't make hosts files any more effective, either.

Re: Easy to block using hosts files... apk

Nope, sorry. This is malware so the packets are coming from inside the firewall. A miner doesn't wait for instructions it just mines and fires off the results.

Try again smartass. At least with the domains blocked they can't make any use of the malware.

Re: Easy to block using hosts files... apk

Jesus Christ dude this worked in the 90s but what, youâ(TM)re gonna block all AWS, Azure etc space now? Fuck

Re: Easy to block using hosts files... apk

[mschwanke97402]

Nope, sorry. This is malware so the packets are coming from inside the firewall. A miner doesn't wait for instructions it just mines and fires off the results.

Try again smartass. At least with the domains blocked they can't make any use of the malware.

Good firewalls block traffic in and out. It’s just that most people have crap firewalls.

Re: Easy to block using hosts files... apk

[arth1]

It also doesn't do diddly squat for blocking URLs like https://translate.google.com/t...
Nor domains where some content is good and some is evil. It's all or nothing.
Nor randomly generated hostnames like f359db86.evil.com where the attacker points *.evil.com to the same A/AAAA (with a simple 8 nibble address like this, you'd need 4,294,967,296 host names).
Nor if using a proxy server that doesn't have a host list, because the proxy server does the resolving.
Nor if using a resolver that doesn't have file as the first lookup mechanism. (Mine have "dns [!UNAVAIL=return] files")
Nor can it block apk spamming slashdot.

It's almost 2018. You have to be pretty delusional to think that host files blocking is useful today.

Re: Easy to block using hosts files... apk

[Cito]

Well between my pfsense box in front of my modem, a smart switch behind the modem and a Pi-Hole box my Lan uses for dns I think I'm half assed alright. Any strangeness noticed, occasional paranoia or boredom, whichever it may be, then I do have a Kali box that only gets the network cable plugged in when Im actively using it, usually just for Wireshark nowadays. Since I haven't been quite as mischievous as I was in my youth in a long while...

Extensions can only be downloaded...

"Only", you keep using that word. I do not think it means what you think it means.

Sincerely,

Inigo Montoya

For more protection vs. more threats like this?

See subject & accept NO substitute for APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

* For more speed, security, reliability & anonymity online for FAR LESS resource use & complexity vs. "so-called security or speed 'solutions'"!

Especially depending on ones that are riddled w/ bugs &/or unneeded redundant complexity (DNS/AntiVirus) that slow you down OR bought off paid NOT TO DO THEIR JOB in full by default (addons, e.g. adblock)

Do more & do it BETTER via operating in kernelmode speed (vs. slower usermode) & only 1 part you already NATIVELY have (vs. illogically "Bolting on 'MoAr'") in hosts files.

APK

P.S.=> Merry Christmas & Happy New Year folks + enjoy... apk

fb users' computers useful for once!

[sittingnut]

we should rejoice!

Beware: .zip

[AHuxley]

Make sure you have good quality AV.
Try and find a better message app.

Chrome is a malware vector

Better stick with Edge

Re: Chrome is a malware vector

No need. Just follow the STIG and whitelist only extensions you use.

What's the problem again?

[arth1]

I can't see this being a problem for the /. crowd.
Really, who here uses Facebook Messenger, Google Chrome and open ZIP attachments?

Re: What's the problem again?

me, I also click every goatse link I can find

Re:What's the problem again?

[jrumney]

Personally, I think this was an obvious scam. Everyone knows that genuine porn videos only have three 'x's in the filename.

Re:What's the problem again?

[AHuxley]

Thought experiment :)
End a file in mp4? html? .zip?
What draws in very average social media users?
A boring old html page?
A mp4 file? Thats a movie and as they know the personality of the sender it will be boring, safe for work.
.zip, its a mystery and could have compressed fun files. Something found by their boring friend who might just have found something fun?

Some security researcher, a person in social media middle management must have that stat? The file type link most users actually click on most of the time?

Re:What's the problem again?

Me. I open all .zip attachments (but don't usually go further), and I'm still safe.

You don't know what you're talking about!

See subject & on several grounds: Any news ones turn up? They get blocked as the list in this article shows you & it works (even BLEEPING COMPUTER 2nd's me on that per my original post evidencing that much).

& yes, I've got TONS of testimonials from /. users liking + using my work with security pros galore stating hosts are effective layered security - you don't.

APK

P.S.=> IP addresses aren't used anywhere NEAR as much as host-domains are in malware (ask any security researcher)!

Firewalls also have layered filter driver overheads over the IP stack (hosts don't & are a part of them acting a a filter reference)... apk

Re: You don't know what you're talking about!

So what? Do you even know how a router switches a packet? It goes through all layers regardless of rules. Yes, a lot of rules will slow down the packet forwarding speed but so what? My router with all the firewall rules can forward packets at 320Mbps, while my internet connection is only 15Mbps. I lose nothing having the router perform its firewall duties and also intercept DNS traffic and serve the appropriate static entry to block bad domains. Doing it on host per host basis is bad. When you are on the host you need to protect the application and presentation layers. Leave the network layers to the router where they belong

...and double click a Microsoft Windows .exe file?

[pilaftank]

Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension.

How does opening a .zip run the contents? Does the user also have to run the i-know-you-want-to-double-click-me.exe file?

digimine bot

You know folks...I'm tired of the internet. It's no fun anymore.

I think I'll take my toys and go home now.

Good luck to you all.

Per this article's data & my post? It still do

See subject: Hosts act as a 2 way valve vs. inbound OR outbound communique back to botnet C&C servers...

* So even IF you had this thing inside your system & firewall now? It'd be CRIPPLED...

APK

P.S.=> You UNIDENTIFIABLE anonymous trolls are ridiculous & wastes of time - I've seen + overcome WEAK "arguments" like yours by the 100's here on /. alone & TONS MORE on other forums LONG before that on hosts value... apk

Re: Per this article's data & my post? It stil

hosts file doesnâ(TM)t work on inbound you IDIOT FUCK

how ur hosts file affect a remote C2 machine reaching out to u

it doesnâ(TM)t u SHITSTAIN

Everyone has hosts & they work in/out bound

See subject: Hosts act as a 2 way valve vs. inbound OR outbound communique back to botnet C&C servers...

* So even IF you had this thing inside your system & firewall now? It'd be CRIPPLED...

APK

P.S.=> Windows' firewall goes in/out bound BUT most malware uses host-domain names vs. IP addresses (latter's TOO EASY for ICANN/IANA to sinkhole) - host domain names can be put into 'fastflux' design etc. & can be ressurected to do more damage... apk

RoTfLmAo: Little troll gets knocked on his ass

RoTfLmAo: Little troll gets knocked on his ass & tosses a shitfit when he's proven wrong, hahahahaha!

APK

P.S.=> Awwww, "poo 'lil troll" - cry me a river, lol... apk

Re: RoTfLmAo: Little troll gets knocked on his ass

U didnâ(TM)t address my point shitlicker

arth1 prepare to be shot down in flames... apk

Randomly generated or not, once a hostname is blocked in hosts, it's blocked & I've even shown Tepples there are DGA lists (where names are generated thus) & I use them - so much for that bs from you.

IF a domain is compromised, "good" or not? I will block it - you can easily do so too OR NOT, up to you.

Depends on the proxy used - Proximitron can use & work with hosts files.

By default hosts ARE THE 1st RESOLVER (unless you use the faulty with large hosts files LOCAL usermode slower dnscache client service which is even MORE BUGGY on Windows 10 https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/

APK

P.S.=> Even BLEEPING COMPUTER agrees that vs. cryptominers like this one? HOSTS WORK "use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ ... apk

Re: arth1 prepare to be shot down in flames... apk

Stop being so delusional. Hosts cannot do .[*].domain.tld. Routers that intercept all DNS traffic can.

Re:arth1 prepare to be shot down in flames... apk

[arth1]

Randomly generated or not, once a hostname is blocked in hosts, it's blocked & I've even shown Tepples there are DGA lists (where names are generated thus) & I use them - so much for that bs from you.

bs from me?
A snippet of javscript code in a web page here shows:

var host = Math.random().toString(16).slice(2,10);
var domain = 'thrax.ru';
var url = 'https://' + host + domain + '/js/master.js';

How do you possibly block that with a host list without adding 4 billion entries? Answer HOW, please.

It should be obvious to anyone that it's using a hosts list that can't even handle wildcards like DNS can that's bs.

Routers = security issues & eat power/cost "$"

See subject & there is NO DENYING it! We've all seen near monthy bugs or security issues in routers/modems for years now here & a GOOD router costs money in unit cost + added power bill cost!

* Can a home modem or consumer router store e.g. 100mb of blocking data (hosts data = even vs. DNS data rules tables by far per line (even w/ wildcarding as each line demands tons more text in DNS rules))?

Doubt it.

IF it's "so bad" then WHY's BLEEPING COMPUTER + many other security pros I have that say so say hosts are good for blocking cryptominers like this "use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ , hmmm?

Answer that. You evade it.

APK

P.S.=> Keep "moving goalposts" from 1 inefficient or buggy "solution" & I'll swat you down 1 by 1 as always vs. hosts w/ UNIDENTIFIABLE anonymous trolls like you... apk

Hosts != security issue ridden like DNS

See subject & a FAR from complete partial only list of DNS security issues & bugs enumerated in this discussion tree https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075/ by the 100's!

Hosts line by line rules are FAR SMALLER PER LINE vs. DNS rules tables lists, even with wildcards & hosts aren't as many "moving parts" as DNS (even locally) too!

Remote DNS resolution is SLOWER than hosts & dns goes down (quite a lot) too! Hosts protect vs. that & redirect poisoned dns too!

APK

P.S.=> You UNIDENTIFIABLE anonymous trolls fail to realize 1 thing - I've utterly FLATTED chumps like you many times on these very topics, every single time for YEARS now on /. (& before that on other forums online), easily - keep "moving goalposts" from 1 buggy security issue riddled method to another, I will still BLOW YOU AWAY w/ ease, lol (I've done it before)... apk

WTF? I already said how (DGA lists)

See subject & this (per yours truly) makes it a snap APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ (you can change your sources in APKIniFile.ini to do so IF need be, but those DGA botnets get sinkholed or shutdown pretty fast USUALLY most times anyhow).

* GUI easy automated!

APK

P.S.=> Who cares if hosts don't do wildcards? It's near ZERO EFFORT per my program PLUS?

DNS = SECURITY ISSUE RIDDEN (proof = a partial only enumerated list BY THE 100's here https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075/ & hosts rules line by line = FAR smaller vs. dns rules & dns programs memory occupancy + hosts = native - DNS isn't on Windows clients & adds complexity for exploit (lots of that in that list in that link, lol)) & DNS is slower especially remotely... apk

Re:WTF? I already said how (DGA lists)

[arth1]

P.S.=> Who cares if hosts don't do wildcards? It's near ZERO EFFORT per my program PLUS?

To generate 4+ billion entries? Lol!

OMG, ok - an example... apk

If a botnet uses BotNetControlServer.bid as a domain/hostname I can't reach it outbound (neither can botnet to send to it) OR inbound (I can talk out OR in to it if host-domain names it uses are blocked in hosts (which my program protects above & BEYOND Windows ACL based WFP/SFP & I've tried in usermode (no way in) & IF it was overridden by say, a kernelmode driver & rewritten? Next day refresh via my program resets hosts perfectly via refresh (& removing kernelmode rootkits = ez via Windows Recovery Console commands listsvc & disable).

* "Here endeth the lesson" dunce...

APK

P.S.=> Now "shoo lil' troll", lol... apk

Re:...and double click a Microsoft Windows .exe fi

[Trax3001BBS]

Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension.

How does opening a .zip run the contents? Does the user also have to run the i-know-you-want-to-double-click-me.exe file?

That's an easy one, you count on users trusting Windows. Since the start Windows has screwed users with extensions. Either hiding them or only showing the first encountered.

MyFile.zip.exe was very popular awhile back, it would show as a MyFile or Myfile.zip file, yet run as the hidden .exe file.

As for asking to run it, many have most likely tired of saying yes to the requester and disabled it.

Let's see 'em PAY to use 4 billion

See subject & nobody can afford it for 4 billion (your obviously DIM brain failed to think that out, lol) & to import & load 'em to block them, yes - I've done it (alter APKIniFile.ini on source used) & voila: DGA botnets blocked off (& DGA trackers exist).

* Thank goodness the security community &/or DNS mgt. @ root level worldwide + ICANN/IANA concentrate on sinkholing those bogus machinations!

Lastly - DGA can GENERATE names all they want - let's see them PAY FOR THOSE "BILLIONS OF NAMES" TO USE THEM!

"Ain't happenin'"

APK

P.S.=> By the way arth1 - HAVE YOU DONE BETTER CREATING A MORE EFFECTIVE SECURITY SOLUTION that does more for less by FAR vs. ANY other single "so-called 'security solution'" that also SPEEDS YOU UP (most others slow you down or are full of security holes like antivirus & DNS or 'souled-out' & inefficient) yourself as I have, "talker" that you are behind a fake name?: Oh, HELL no, lol... apk

Re: Let's see 'em PAY to use 4 billion

You may well be right but with your posts formatted like they were written by a hyperactive child I would never touch any program you've written.

Re:Let's see 'em PAY to use 4 billion

Subdomains.. not domains. How can you fail at such simple reading comprehension. You pay zero for subdomains. People are pointing how you are wrong, and you close your eyes and years and repeat arguments to completely different questions.

Gotta do it: StarTrek TOS "Assignment URTH"

"In response to nuclear warhead placed in suborbit by other major power United States today launching suborbital platform w/ multi-warhead capacity" APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ "PURPOSE: To maintain balance of power..."

* That's my job & it does it BETTER + more efficiently w/ what you have natively operating in faster kernelmode doing FAR more for FAR less vs. any other "so-called 'solution'" (full of security issues in DNS/antivirus or 'souled-out' to NOT work like adblock) giving you more security, SPEED (others slow you down), reliability & anonymity online, bar-none.

APK

P.S.=> Whipslash I should create a registered 'luser' acc't. "Mr7" - your puny scripted barriers aren't stopping me as the crew couldn't vs. him via this quote "Try to override - SHUT IT OFF!" as he nullified their security too... apk

Re: Gotta do it: StarTrek TOS "Assignment URTH"

This post is completely unnecessary and totally delusional. Despite appearing immature and childish in some of your replies, at least you had discussed network and computer security up until now. I believe you overstate the value of your hosts file engine, which could be dangerous if users follow your implied advice and don't use other security software in addition to yours to protect themselves. But at least you were discussing security. Then you just had to make a delusional post like this. And this is why you should stick to discussing your usual idiotic crap like bump stocks and allegations of conspiracies by the Vatican.

How could the victims know?

[CustomSolvers2]

The true intention was well disguised! Who wouldn't have opened a file called "video_xxx" sent by a random person? A different story would have been a name like "warning_this_is_a_virus_never_ever_click_here"; even in that case, around 25% of people might click on it anyway. There are lots of unlucky individuals out there who cannot do anything to avoid this almost-perfect technique to succeed. LOL.

Re:How could the victims know?

[CustomSolvers2]

+1 Insightful?! I guess that the whole extremely evident text which even a really dumb kid should be able to immediately understand as a joke + "LOL" (I do expressly tag all my jokes here since some months ago as a public service to those with limited understanding skills) wasn't clear enough regarding my intention. LOL (-> this means that I am being sarcastic and that that previous post was evidently a joke and that the moderator +1ing it as insightful has some serious understanding problems).

Re:...and double click a Microsoft Windows .exe fi

[Bruinwar]

Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension.

How does opening a .zip run the contents? Does the user also have to run the i-know-you-want-to-double-click-me.exe file?

That's an easy one, you count on users trusting Windows. Since the start Windows has screwed users with extensions. Either hiding them or only showing the first encountered.

MyFile.zip.exe was very popular awhile back, it would show as a MyFile or Myfile.zip file, yet run as the hidden .exe file.

As for asking to run it, many have most likely tired of saying yes to the requester and disabled it.

The first thing I do when working on someone's computer is uncheck the box "Hide extensions of known file types".

APK is too retarded to understand packet headers

Looks like APK is too retarded to understand how packet headers actually work.
Here is a hint, they don't include a host name.
So please attempt to explain, in a non retarded way, how hosts file stops inbound traffic, not outbound traffic that requires a DNS lookup.
Or more likely continue to prove that you are a retard and get spanked like a retarded redheaded step-child by everyone here.
I guess APK will continue to deflect, change the subject, or be a whiny little bitch instead of actually addressing actual issues with his work.

Retard APK just thinks he knows security

Retard APK just thinks he knows about security.
Every time one of these stories comes out it show how his work always fails to prevent an attack.
Like I have said many times his work is like some shitty anti-virus software that matches based off of file name.
While it does offer some security it is minimal and about as effective as moving ports services listen on.
The only reason APK's stuff seems to offer any security is that it stops people who are dumber than him.
The simple fact that his software can't enumerate all possible hosts or even 1/(1x10^100) of them is proof enough that it is ineffective.
It is easily circumvented, and by easy I mean a small child could figure it out in a few minutes.
While his work does reduce the attack surface again it is by a value that easily rounds to 0, even when using 9 decimal places.
He will claim it does more but it can't stop entire classes of attacks like other solutions such as: no-script, a proper host/network firewall, a NIPS, etc. all do.
Then there is his misguided belief that it blocks incoming traffic because he is a retard and doesn't understand that packets headers don't include host names.
This doesn't even address the slow, bloated, overly complex, and manual nature of his software which has been picked apart numerous times too.

Quoted /.ers disagree #1/2... apk

"I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised" - by mmell on Thursday February 16, 2017

"I've never tried to belittle (APK's work), I've flat out said it's good" - by BronsCon on Thursday February 11, 2016

"his hosts program is actually pretty good" - by xenotransplant on Monday August 10, 2015

"his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg on Friday September 25, 2015

"I like your host file system." - by Karmashock on Wednesday September 09, 2015 (#50489401)

"I do use APK's host file on all my systems at home" by OrangeTide on Friday December 01, 2017

"I personally use a HOSTS file blocker produced from a genius called APK." by 110010001000 on Friday October 27, 2017

* Pay attention to the 1st one especially (on writing) - opinions clearly vary!

APK

P.S.=> More coming... apk

Quoted /.ers disagree #2/2... apk

"I've tried (APK's) hosts file generating software. It works." bmo (77928) Oct 15 2015

"I find your hosts file admirable" vel-ex-tech (4337079) Nov 24 2015

"I use (APK's) host file" rogoshen1 (2922505) Mar 03 2015

"APK's monolithic hosts file is looking pretty good" Culture20 (968837) Nov 17

"APK your posts on this and the hosts file posts and more have never been in error and/or bad advice" BlueStrat (756137) Jun 21 2017

"APK I know people give you a lot of shit regarding hosts, but please don't ever stop" nasredin (958927) Jun 12 2015

"I love APK!The power of the hostfile compels you!" ratboy666 (104074) Jan 29 2016

"APK solution STILL relevant" Thud457 ( 234763 ) Jun 11 2015

"APK is still right, a hosts file really does work. It even blocked a some of the video ads that were inserted into a stream." OrangeTide (124937) Feb 10 2016

"You need APK's hosts file" Teun (17872) Aug 06 2014

* Want more? Ask!

APK

P.S.=> Plus https://yro.slashdot.org/comments.pl?sid=11532533&cid=55814717/ ... apk

Re: Routers = security issues & eat power/cost

Are you, like, a crazy person?

LOL! I do but has zero to do w/ this

No DNS lookup needed. Hosts = 1st resolver & host-domain names used by botnet = BLOCKED in hosts nullifying need for remote DNS lookup as the IP address to hostname resolution was satisfied.

(or 2nd depending on TCP/IP registry setup & w/ large hosts I blow off buggy w/ large hosts faulty slower usermode clientside dnscache service (WORSE in Win10 w/ flaws https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/ ))

* So if botnet clients ask for IP address of C&C(s) they can't go outbound OR GET INFO INBOUND either!

APK

P.S.=> I didn't need to deflect a DAMN THING except your unnecessary bullshit here which I did perfectly, lol... apk

Re:LOL! I do but has zero to do w/ this

How do you not understand that HOSTS only affect name resolution. Not routing.

APK is RoTfLmAo because he is retarded

APK you are RoTfLmAo because you are retarded.
You laugh at your own statements like the retard who is the only one laughing at their own jokes.
What you type is so retarded it causes a local increase of entropy so great that it extends the rest of the universe's lifetime by several billion years.

Hypocrite you're offtopic 1st of all

See subject: ... & it was totally necessary serving its purpose (getting dolts like you to reply so I can laugh @ "your kind", unidentifiable anonymous trolls, to fall all over yourselves failing some more vs. me).

* Additionally - Apparently, your DULL brain can't handle an analogous comparison (ADHD probably on YOUR kind's end, lol - brain damaged) & yes, it fits well here (geeks like Trek & I spoke to all concerned in a language they understand using it).

After all & ABOVE all else? Hosts work vs. this threat (+ tons of others like it & unlike it).

APK

P.S.=> Lastly - I'll let security & web pros speak for me on hosts (as I have via BLEEPING COMPUTER & Trend Micro @ this point) just to FURTHER blow your kind away more, lol... apk

Congratulations! APK proved he is retarded again

Congratulations! You again proved you are retarded.
Not only do you not know how packet headers work you also don't know how connections work.
I said inbound traffic you retard.
Yet you replied with outbound connections doing a host look up and saying that the response back is stopped because the initial outbound connection was stopped so the response over the existing connection can't happen, not that an inbound connection was stopped by your shit software.
I guess you really can't defend your retard software and your even more retarded claims.
I could have a more meaningful conversation with a jar of mayonnaise than with you as it hasn't proven itself to be as dumb as you are.
Some day your parents may stop regretting not aborting you but today isn't that day and the rest of this century isn't looking so good either.
You must like continuously being proven wrong.
Besides I bet there is a new article up on InfoWars, or a new Trump tweet that you can jerk off to.
So why don't you go do that and leave the adults alone to have a real conversation.

EAT YOUR WORDS chump... apk

See subject & even BLEEPING COMPUTER says you are wrong per my initial post on botnets like this https://yro.slashdot.org/comments.pl?sid=11532533&cid=55812745/ in nullifying their communications chain, chump...

APK

P.S.=> Look, I know I've totally ANNIHILATED "your kind" (unidentifiable anonymous cowards) before & YOU specifically based on your current 'psycho-babble' you spewed that has no bearing here & is non-sequitur (vs. what's in my link above per TREND too) - but get over your 'butthurt' & unjustifiable ego - you're not in my class & never will be (you've done better more effective work YOURSELF like I have that works? No) - FACT (that your 'butthurt "ReAcTiOn" proves) - You WISH you were me "The Lord of hosts" so to speak... apk

I don't use Facebook

See how easy that was? Facebook is AOL at their peak, their 'kajillion' users are all people that moved from AOL. In case some of you younger folks are unaware, AOL was not the true web (just a curated online portal, but most never left its confines), just as Facebook isn't. They will not exist in this form in ten years, that is guaranteed. Neither will any other social network.

Nope. APK is just a retard

APK isn't a crazy person.
He is just our local resident retard.
He just likes to prove it to everyone on a regular basis to ensure that no new readers are unaware of that fact.

Holy shit you're dumb Khyber

See subject (yes I know it's you jailbird recidivist multiple felon psycho drunk): The botnet client can't ASK for inbound communique @ all via my method & yes, it works to CRIPPLE this botnet via that method.

Khyber = Alex McClown!

* You WISH you were me (the "Lord of hosts so to speak) & could invent tools that WORK (& minus such tools, menials like YOU couldn't operate @ all w/out programmers - period).

APK

P.S.=> QUESTION: Why'd BLEEPING COMPUTER 2nd me (as does Trend's data here too) then via "use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ , hmmm? Face facts weirdo (yes, I've been tracking you for a LONG time, lol - your dumb ass just doesn't know it but I do - looking for a way back to the BIG black men in jail that just LOVE your ass in stalking me online? Keep it up, see what happens)... apk

Re: Holy shit you're dumb Khyber

Take note of the bold text at the end of the parent.

It's a racist comment, in regard to the race of people in prison. It also makes light of prison rape, which is a very serious issue.

APK needs to apologize for his offensive remarks.

Re: Holy shit you're dumb Khyber

[cwatts]

It may be insensitive, and it's definitely offensive (as i believe it's supposed to be) but the fact is that in US prison populations, blacks outnumber latinos 2-1, and latinos outnumber whites by a further 2-1. The reasons for this are, to me, far more offensive than APK's comments, but are also way beyond the scope of what I wanted to point out. Sometimes the actual facts and figures agree with the numbers suggested by prejudice and stereotypes.

That doesn't really excuse APK's comments, but calling him racist based on this is a bit of a stretch, even if he was basing his imagery from nonfactual stereotypes. More likely it's something (unfortunately) ingrained in all of us by years of crime shows, and perhaps a Sublime song. And check out the website. It's a fascinating and awful look at incarceration in america. Its actually terrifying.

I don't need APK to resign from whatever he does, but maybe you both could take a spin through the site below and possibly channel some of that energy into something useful.

Or maybe just better insults.

http://static.prisonpolicy.org...
https://www.prisonpolicy.org/r...

Security & web pros disagree #1/2

Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/ "Host file accessing the Internet - particularly browsing the Web - is actually faster... Spybot Search & Destroy offer lists of known malicious servers to add a layer of defense against trojans & other forms of malware"

Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

Steve Gibson endorses hosts https://www.grc.com/sn/sn-045.htm/

"block known Bitcoin mining domains. One of the better options to do that is to add these to the hosts file" https://www.ghacks.net/2017/09/22/how-to-block-bitcoin-mining-in-your-browser/ GHacks

"use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

Malwarebytes hpHosts hosts & RECOMMENDS my program.

APK

P.S.=> More coming... apk

Security & web pros disagree #2/2

ZD NET "How to use a Hosts file to improve your internet experience" http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ (where Steven Vaughan Nichols says "Where Hosts files really shine is by letting you block ads, spyware sites, malware sites, and tracking sites" )

Brocke Wilders of WILDERS' SECURITY does inferior clone of MY work http://www.wilderssecurity.com/threads/hosts-block.378901/

OReilly hosts security -> http://oreilly.com/pub/a/windows/2004/03/30/hosts.html/ & hosts speed -> http://www.oreillynet.com/pub/a/network/excerpt/winxphacks_chap1/index1.html?page=3/

APK

P.S.=> See subject - Nations too: China = imitation = flattery http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/

You know what the 'infamous they' say

See subject: "genius & insanity" are closely related (I am the former per /.ers quoted) "I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 Friday October 27, 2017

as does BLEEPING COMPUTER per my initial post https://yro.slashdot.org/comments.pl?sid=11532533&cid=55812745/ (vs. botnet C&C crippling their communications) & via extrapolation basically? So does TREND via this article's data I used to nullify this threat!

* Don't YOU wish you were this 'crazy'? Bet you do...

APK

P.S.=> You are Khyber - no questions asked - only HE is a psycho loon recidivist deviant homosexual jailbird whacko multiple felon stupid enough to keep it up (which yes, I know for a fact & that he is you doing this stupidity stalking me) - why don't you STOP before you really get into trouble (think about it, I am not joking - you're doing it yourself again Alex McQuown/McCLOWN, digging your own ditch for trouble as you always have)... apk

WTF? My method works & do the math

Extrapolation = simple proportions math: Even if you pay $1 per domain & get 255 subdomains over 4 billion, ROI = weak!

* Don't EVER be a criminal - you're too stupid & certainly do NOT go into business (you'd be 'broke as a joke' shortly)...

(Let go of your unjustifiable 'ego' fool - your nigh constant 'stalking' me PROVES it via your "ReAcTiOnS" trying to 'save face' - you're destroying yourself vs. me (seriously)).

APK

P.S.=> There is NO SAVING YOURSELF arth1 (yes, I know it's you) - you blew it vs. me as always (& I've dozens of your FAILS vs. me recorded - which is WHY you are replying by ac now vs. your FAKE NAME for your FAKE LIE OF A LIFE "registered 'lusr'" acc't. (1 of many sockpuppets you STRAIGHT-UP FOOLS think you 'fool' others with) - too bad I blew you away AGAIN, eh? Not - "your kind" does it to themselves AND make ME look GOOD too (thanks)... apk

Re:WTF? My method works & do the math

[arth1]

Even if you pay $1 per domain & get 255 subdomains over 4 billion, ROI = weak!

You don't get 255 subdomains. Confusing subdomains with class C subnets is worrying if you attempt to sell network-related software.

With a single domain, you get the choice to create as many hostnames and subdomains on the domain as you want. Any number of hostnames or subdomains on a domain won't cost a dime more. What makes this feasible is that DNS servers take wildcard requests. Unlike your hosts file, they don't need an entry for every host, but can use wildcards, like:

.origin foo.ru.
* IN A 123.45.67.89

This will resolve any host in the foo.ru domain to the same address. It does not carry any cost per hostname. You don't need to know it in advance.
By using a very simple javascript, like what I posted before, the client generates a random hostname. Whatever it is, it can now be looked up in DNS,

You can do nothing to stop this with a hosts file, because you cannot possibly pregenerate every possible random hostname.

And for the record, no I do not use sockpuppets, nor do I post as AC. I have no need to. I don't feel a need to back up my claims with support from others - verifiable and reproducible information doesn't need that kind of support. That others also point out the same "flaws" doesn't mean that they are me. And the number of people who have done so over the years does not necessarily mean that there's something wrong with all of them. There could be a different explanation, just saying...

Re:Routers = security issues & eat power/cost

Oh my god.. You are.. un...effing..competent... I can buy for $50 routers with 256 mb ram and USB ports for flash drive or sd card slot or even load all rules via a script. See Mikrotik RB750gR3 or Ubiquity ER-X. Do you know how much power they use? 2W at full load, 0.5 W when being mostly idle. I can build a router from an old Chormebox ($80 on eBay, and a usb ethernet - $16 new). So for less than $100 I have a router that has 2gb ram, and 16gb flash. I can store tons of rules more than your suggested 100mb limit. And for $8 more I can get another 2gb ram on eBay. So for $104 I have a router that uses 4W of power when routing at full speed and 1.5W when mostly idle (checked with kill-a-watt and intelligent ups UPS) with 4gb of ram that can hold times and times more rules, and can do DPI. I will spell it out for you - deep packet inspection. It can decide to stop a connection if it does not like the content. It can also run flow collection and decide to drop traffic based on rules on how the packets look over time.

Do you think $50 is expensive? Most people these days buy routers without any capabilities for like $200 from net get and d-link and Asus and the like.

If you think bleeping computer are security professionals, my oh my, you don't know what a pro is. Bleeping computer a journalists, ZD are journalists. No professional has endorsed your badly written non-working application. Only journalists have done so.

User testimonials as you should understand, while nice, are not ultimate. Majority of users are less competent than you. At least you can write an application, compile and distribute. Most users cannot do even that.

I RoTfLmAo @ useless "ne'er-do-wells" like U

I RoTfLmAo @ useless "ne'er-do-wells" like U - you contribute zero here vs. my contributing what works https://yro.slashdot.org/comments.pl?sid=11532533&cid=55812745/ & even moreso vs. MORE threats via my creation (that a menial do-nothing by ROTE zero can never equal - prove otherwise behind your UNIDENTIFIABLE trolling loser posts (you can't))

Especially not vs. my APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ that proofs you vs. TONS more threats than this alone doing more for less by far vs. "so-called 'solutions'" FULL of security issues & slowing you down (I speed you up by comparison).

* You WISH you were me (The "Lord of hosts so-to-speak) & you KNOW it jealous 'jowie' that you clearly are, lol...

APK

P.S.=> Now, go on - 'shoo' little troll... apk

Do the math: My method = free, yours $200

Do the math: My method = free & works, yours $200++ (& are you quoting NEW equipment? That is more) - you LOSE on common-sense alone & being foolish alone!

Security pros + web pros second me - WHO seconds you of any repute? Nobody - only yourself doing unidentifiable stalking of me, lol...

Bleeping computer not enough?

Here's more SECURITY + WEB PROS & BY THE SCORE seconding me hosts = good layered security then so you can further EAT YOUR WORDS https://yro.slashdot.org/comments.pl?sid=11532533&cid=55815915/ + https://yro.slashdot.org/comments.pl?sid=11532533&cid=55815915/ you unidentifiable anonymous "ne'er-do-well"!

APK

P.S.=> Forums "ILLOGIC-LOGIC" abounds on /. & you PROVE it for me - thanks (for being illogical spending money you don't need to)... apk

Hack the malware

[mnemotronic]

How about a hacked version of the malware that returns incorrect results to the C&C? It doesn't even have to use a lot of CPU cycles ... just get the command to start, delay as long as possible and return a response with "Found the answer!" with some random pile of fluff. The idea is to get the C&C to trust the bogus results while making it wait as long as possible so that it essentially submits the wrong answer to the blockchain or at least loses the race to some other miner.

LMAO - how can YOU not admit this... apk

See subject: My methods work vs. this threat for FREE https://yro.slashdot.org/comments.pl?sid=11532533&cid=55812745/ & nothing more is needed?

* Oh, you 'get it' alright but you are LOATHE to admit it is all, hahahahaha!

(FOOL)

APK

P.S.=> Stalk & troll me ALL DAY long, doesn't change the facts & especially the FACT I create tools that work (above & beyond vs. botnets like this alone) that folks like + use WORLDWIDE (that a mere "jealous jowie" like YOU will never be able to manage (you lack skill & intestinal fortitude + ability is why) APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

I've seen diff. deals & answer 2 questions

See subject & a 255 subdomain limit - answer 2 questions: 1.) How much does 4 billion domains cost 2.) Does my approach work to STOP this threat??

CLUE: A botnet can't LOOKUP @ DNS for C&C if blocked in hosts (resolves locally prior to DNS & avoids Windows faulty w/ large hosts slower usermode dnscache service buggier on Win10 too https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/ )

(Domains/subdomains in a 4++ billion RANGE? Prohibitive & poor ROI!)

APK

P.S.=> I don't spend a FORTUNE in comparison to botnet herders to stall this via DGA tracking lists & changing my hosts program .ini in APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ configurable, bulletproof & bugfree to date after 5++ yrs. now & yes, users like & USE my work (not yours)... apk

Re:I've seen diff. deals & answer 2 questions

Show me the technical standard that says there is 255 subdomain limit. Show me the RFC please.

You have proven you don't understand how network packets are routed; demonstrated you don't understand how to merge and sort and de-duplicatee strings efficiently; now you are demonstrating you don't have an idea how name resolution works, both in the local stub resolver and in DNS.

What the other person is trying to explain is this.. There is only one DNS record - wildcard for domain.tld pointing to the same IP. A script generates connection URLs, for simplicity let's say numbers. The script can generate eually 1.domian.tld, 2.domain.tld, 4000000000.domain.tld and anything in between. To block all of these in a hosts file you need 4000000000 entries in HOSTS. Where a simple .[*].domain.tld is sufficient in DNS filter - one record. And there is only one record in the DNS domain - the single wildcard.

Re:I've seen diff. deals & answer 2 questions

[arth1]

1.) How much does 4 billion domains cost

You don't understand domain names at all. You don't need 4 billion domains. You need one, with any number of subdomains and hosts you want being free. 4 billion, 8 trillion, it doesn't matter. They're all yours for the price of a single domain.

2.) Does my approach work to STOP this threat??

Nope, it does not. That's the problem. You cannot block:
1f873bb2fed1.hostname.com
2953bfe64711.hostname.com ... where the first part is randomly generated.
These are legal domain names, by the way. Try them.

Because hosts doesn't take wildcards, you would have to enumerate the entire list of possible domains, and with a 63 character limit, you can't find a hard drive big enough to hold all the variations. So your host list is worthless for this, whereas a DNS server, firewall or adblocker can easily block it, because they support wildcards.

Too bad dnsmasq has security issues...apk

See subject: Dnsmasq security issue discovered Oct. 13th & afaik unpatched (& Pi-Hole=largely dnsmasq) https://www.bleepingcomputer.com/news/security/security-bugs-in-dnsmasq-affect-computers-smartphones-routers-iot-devices/ yet!

(... & again you STILL have to BUY the pihole hardware (unless you do a Linux box) & STILL you have security problems till patched - a "no-win"...)

APK

P.S.=> My method's completely native, works & is FREE APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ & the output result works across PRETTY MUCH everything (on smartphones rooted w/ a bit of small effort too)... apk

You = UNIDENTIFIABLE anonymous troll.. apk

See subject & I'm the one w/ a working solution defense vs. this botnet & TONS of others (even DGA type) https://yro.slashdot.org/comments.pl?sid=11532533&cid=55812745/ & a program that helps do that & FAR more for FAR less APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ & "your kind" per my subject? Never will!

* You're just EASILY BLOWN AWAY trolling "ne'er-do-well" nobodies either by UNIDENTIFIABLE anonymous posts (big man that takes (not)) or FAKE NAMES online for your FAKE LIVES as zero do-nothings!

APK

P.S.=> Truer words were NEVER SPOKEN on /. - & you KNOW it (proving it for me, loser)... apk

To menial jackass arth1 (I ultimately won)

Thanks to me they're safe (not you) vs. this botnet https://yro.slashdot.org/comments.pl?sid=11532533&cid=55812745/ & vs. other threats via my FREE work (which you tried to say I sell above you liar) APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

THANKS & WHY? Info.:

Deals changed on domain reg since last I looked (a decade++ ago) causing a cancer GoDaddy $1 reg & UNLIMITED domains - ASKING TO BE ABUSED for malware like this!

Plus - Wasn't "proximitron" proxy I correct myself now on, it wasPRIVOXY - it works w/ hosts that I dusted you on 3++ yrs. ago via it too https://yro.slashdot.org/comments.pl?sid=6395793&cid=48601533/ & then you tried "moving goalposts" to an EXTERNAL proxy!

APK

P.S.=> In the end I still win even vs. DGA = blockable via my ware (not yours menial)

Does it matter? My hosts method works

See subject: I never said there is a tech limit. Only a monetary one from hosting providers (which I tell arth1 about here https://slashdot.org/comments.pl?sid=11532533&cid=55818247/ ACTUALLY THANKING HIM for getting me to look @ costs & deals currently!

(Which yes I have seen 255 subdomain limits on in the past - smart actually - THAT stops HIS idea for DGA in limiting domains/subdomain counts & assholes like GoDaddy allow promoting crime of this nature via unlimited subdomains - I know, & heard tell of them being root of much of it)).

Routing isn't what stops it. Resolution is & hosts do thus I do.

APK

P.S.=> In the end MY METHOD WORKS & don't put words in my mouth I never said weasel & what you describe is FASTFLUX BOTNETS dimwit (I actually design things CHUMPS LIKE YOU merely use, user))... apk

Re:Does it matter? My hosts method works

Hosting providers have nothing to do with subdomains in general. You are confusing subdomain with virtual hosts.
This is a very corner case where a hosting provider is involved.

Would would I buy shared hosting, when I can get a VPS for $6 with 5 IPs and full configuration of the apache server - I can define as many virtual hosts as I want. I also put mu own DNS server on the VPS and point the authoritative servers to the IPs of the VPS. I have full control over the web server and over the DNS. I can even get a Let's encrypt HTTPs cert and make everything looking legit.

There has never been a 255 subdomains limit, ever, technical or monetary. Subdomains are free. I control the DNS authoritative server, I can enter as many hosts and subdomains I want, I only pay for the domain and the VPS once.

Hosts file cannot stop dynamically generated names. Period. Go and think a little.

Ultimately I win & how/why goalpost mover

Newsflash: DGA = DYNAMICALLY GENERATED & DGA tracking lists exist + I use them in hosts & it's easy via my program (change .ini entry temporarily & boom, blocked). Generate more? Same thing.

Hosts work vs. dynamically generated botnets, you are WRONG!

More NEW NEWS: THIS BOTNET does NOT use DGA or FastFlux (which I had to explain the term to you on).

I never said techlimit either - show where I did. You can't trying to put words in my mouth I never said!

Ultimiately, I win as always!

APK

P.S.=> Funny how you all use "moving goalposts" OR 'theoreticals' that don't apply on this botnet too - not, you KNOW you "f'd up" & my program works vs. ALL TYPES & does it better, cheaper & natively lighter vs. them all!

So - how come you 'big brains' (not) don't do better vs. "lil' ole' me" (you can't is why, you're not real coders - you're network menial scripters OR webchumps @ most)... apk

Arth1: This botnet isn't DGA or fastflux

See subject (you lose in your theoretical bs too) 0.0.0.0 1f873bb2fed1.hostname.com & 0.0.0.0 2953bfe64711.hostname.com = blocked (up to whatever via DGA tracker lists have changing a source in my APKIniFile.ini (change back once loaded & blocked))

I don't need wildcards!

Hosts = lighter + less security issues vs. DNS & addons using wildcards or 'souled-out' to NOT WORK like adblock!

Keep moving goalposts!

DNS, routers (both loaded w/ security issues hosts don't have by 100's), DNSMasq PiHole (bug in it https://www.bleepingcomputer.com/news/security/security-bugs-in-dnsmasq-affect-computers-smartphones-routers-iot-devices/ ), proxies (privoxy works w/ hosts & I dust you on it 3++ yrs. ago https://yro.slashdot.org/comments.pl?sid=6395793&cid=48601533/ & you tried "moving goalposts" to EXTERNAL proxies there too!

APK

P.S.=> U LOSE & Flush periodically vs. falsepostives/stale entries & a disk can't hold 'em? ROUTERS & DNS can't!

Re:Arth1: This botnet isn't DGA or fastflux

[arth1]

See subject (you lose in your theoretical bs too) 0.0.0.0 1f873bb2fed1.hostname.com & 0.0.0.0 2953bfe64711.hostname.com = blocked (up to whatever via DGA tracker lists have changing a source in my APKIniFile.ini (change back once loaded & blocked))

You completely miss the point. You blocked the two examples, but not the possible hosts. The entire point was that they were random. The host name part doesn't exist until generated, at which point it needs to be blocked. When a piece of js generates f4002db3688.hostname.com or any other random hostname in the .hostname.com domain, your hosts file does not have that never-before-seen hostname there.

And this is not just botnets as you seem to think - several ad trackers do the same these days, generating random hostnames, presented in URLs. Not only is it unblockable by fixed name lists, but it also gives them two pieces of information instead of one - both your IP, and the IP of your DNS server. This helps identify where users are, to better present ads that a user might actually click.

And you can do nothing to block them with your host list, because you have no idea what the name is before it is generated by a piece of javascript or server side code.

Re: For more protection vs. more threats like this

This thread needs to be summarized.

APK makes grandiose claims about the capabilities of his hosts file engine, as you can see in the parent post. He's essentially advertising it as a comprehensive replacement for other security solutions including firewalls, browser extensions, and antivirus software. Those claims have been challenged in this thread, and many errors have been found that undermine his claims. Hosts file entries can be a part of a security solution, but don't provide the comprehensive benefits that he claims. Removing other security measures would leave a system vulnerable, which is precisely why his claims should be challenged.

Again, few people would have a problem with this being presented as contributing to overall security. But that's not what's happening here.

When challenged and presented with evidence to the contrary, he has doubled down on his demonstrably incorrect claims. These behaviors could be explained as a lack of technical knowledge or through ulterior motives to encourage users to disable or remove other security measures. This is coupled with ad hominem logical fallacies to discredit anonymous coward posters participating in the discussion, unverified claims about the identity of one anonymous poster, and a variety of potentially offensive statements such as about prison rape. He has a history of continuing to attack the character and credibility of logged-in users in other discussions when they challenge his claims. This behavior is consistent with narcissism and psychopathy. It is not the behavior of someone you should trust with securing your system.

Were it not for this behavior, I would consider evaluating the usefulness of his software. Because the software is closed source, it is very difficult to independently validate the quality of the software and that it does not contain backdoors or other vulnerabilities. I highly recommend against using this hosts file engine for the aforementioned reasons.

It cannot be a comprehensive solution because it is incapable of blocking all potential subdomains that could be used as part of an attack, even from a single domain. It also relies on blacklisting rather than whitelisting, which limits its ability to block attacks. It also cannot block attacks that do not require a hostname to be resolved. Even with these limitations, it might be useful as a tool to contribute to the overall security of a system. However, the behavior you've witnessed in this thread undermines the trust necessary to run his closed source software on my system. You should he wary, as well, of using this software.

Does the article's botnet do DGA or Fastflux?

See subject: Answer the question (it's no but I want YOU TO ANSWER - you won't & EVADE it because hosts work vs. it).

You miss the point trying to 'move goalposts' to theoretical bullshit that doesn't even APPLY on topic, period. You always do like you did on proxies 3++ yrs. ago I tore you up on privoxy with.

* HOWEVER, on your bullshit 'theories'?

Hilarious - HOW can botnet herders store "4++ BILLION ENTRIES" themselves if I can't?? How could a router??? How could DNS???

"CLOUD" (totally insecure & untrustworthy) + SLOW or spending on 15gb * X disks?? Doable, but impractical costs-wise!

DGA trackers get filled, I use them in hosts (yet to see "4 billion" in ANY of them though)!

I could care less about generation algorithms.

I am not out to generate them.

I am out to block them & do as I have this botnet (that doesn't use your moving goalposts 'theories').

APK

P.S.=> Keep "moving goalposts" too topping off your UNREALISTIC 'theoreticals' which any ASS can do - I do REAL THINGS that work that others, even /.ers, LIKE & USE + I get the respect of even Malwarebytes' folks hosting & RECOMMENDING my work!

(See subject: In the end, I will always swat you & anyone else down as I showed in my last post on all comers + their 'theoretical bs' including yours, & you all lose https://yro.slashdot.org/comments.pl?sid=11532533&cid=55818891/ period)

Re:Does the article's botnet do DGA or Fastflux?

[arth1]

Hilarious - HOW can botnet herders store "4++ BILLION ENTRIES" themselves if I can't?? How could a router??? How could DNS???

They don't need to, because they can use wildcards.

In my router, I can block access to all hosts under .domain.com or *.ru with:

content-filter common-list forbid
  *.domain.com
  *.evildomain.ru

In my DNS, I can add a section where I state that I'm authoritative for these domains when queried from internal domains, and put a wildcard entry for each domain I want to block the lookup of every host.

$ORIGIN domain.com.
* IN A 127.2
$ORIGIN evildomain.ru.
* IN A 127.2

"Botnet herders" (you still can't get past the misconception that this is just botnets?) don't have to, because their web server will have a section in the web server for responding to *.domain.com or *.evildomain.ru. They don't need to know in advance that the hostname used is yaddafoo4713234523.domain.com

But your hosts list cannot do wildcards and must have an entry for every possible combination. Which is impossible even for a single domain, which can answer up to 1.95*10^98 different valid hostnames with a single wildcard.

Re: Does the article's botnet do DGA or Fastflux?

You are not getting it. Your solution is not valid in the general case. I would suggest that you read about VPN over DNS, so you can see how data can be exchanged over the host name, which, most importantly is absolutely random.

You called me a "shitstain"? You apologize

See subject & I proved how BOTH in/out bound botnet communication's snuffed via hosts. You're butthurt (probably used to prison rape on your end imo - so why would I apologize to you just looking for what you like by letting me CRUSH you easily? It's what you wanted, perhaps subconsciously, lol!).

* As far as "the 'racis' card"? Give me a break!

APK

P.S.=> I need to apologize for zero - - I'm polish & took more shit than ANY of you fools ever have on that note - I always tell blacks I know this as I have pals who are as an inner city product & dweller here now: "I might as well be a brother as all I am to many is one of you with white skin" & they understood... I know better on it though, so do they & they'd LAUGH @ me calling you their 'teddy bear' lol... apk

Re: You called me a "shitstain"? You apologize

APK, you clearly don't understand why your comment is offensive. If you understood, you wouldn't have doubled down on it.

It's a racially insensitive remark, and is highly offensive. Because you don't have any interest in apologizing, I'm going to continue my calls for you to do the right thing.

You should resign from developing your hosts file engine, and turn over the program to someone who will be a good steward of it. If a CEO of a company made such a remark, he or she would probably be given the option to resign or be removed by the board. You should resign from developing your hosts file engine and turn it over to someone else.

You made the offensive remarks. There needs to be consequences for that type of behavior. You need to resign.

Does this topic's botnet do DGA or Fastflux?

See subject & does my hosts file block it? Why are you evading answering that & using bs theoreticals that don't matter here on this topic??

Hosts, despite a lack of wildcards, use less RAM vs. DNS (& certainly FAR LESS security issues)

Especially as my program protects hosts above Windows' SFP/WFP!

Using your wildcard methods you'd block good spots too (I do also but not as totally indiscriminately).

Hosts despite no wildcards also use far less vs. browser addons (that don't do near as much).

Explain that too (regexp weight = why).

I get too many entries I remove false positive & extinct servers is all - easy & my program helps you do it (so do my datasources like hpHosts).

APK

P.S.=> Good routers than can store 100's of mb on them? Cost & so do higher electric bills on them - hosts don't & my program is free to populate them! apk

You evade 2 simple questions

1.) Does this topic's botnet do DGA or Fastflux? 2.) Does my hosts method STOP this botnet's communications?

* Answer those two questions - quit evading them!

(... & Hosts = native, free, lighter resource-wise & costs + security issues vs. anything else (DNS/antivirus/routers/browser addons etc.))

APK

P.S.=> You know if you answer NO to #1 & YES to #2, I win & you are going off on things that hosts STILL STOP anyway (& I can purge hosts easily - hpHosts even helps there with lists for removals I do)... apk

LOL - you called me names 1st

Shitstain & shitlicker etc. & on CEO's resigning? Take a look @ BizX whipslash's reviews (shall I post some here? He's ruined /.) from GlassDoor on BizX:

"the company was very big on black-hat SEO tactics"

"Everyone I talk to that has worked for this man (a good 7 or 8 employees), has had pretty much the same opinion of him (narcissistic, cheap, clueless, selfish, etc)" meaning whipslash

"fire people right before any bonus is paid"

"single source of revenue corporation -- google ads. If they have a bad month, they layoff people."

"You never knew when the boss would show up and threaten everyone's job""necessary to fire anyone at will because they don't agree with them. The fact that this has happened to well over a dozen people in the past year is evidence that something is deeply wrong"

"I would have to agree with the negative comments on this list the reviews are made up by the company. I've met the owner and he's a shady dude."

"I had a very bummer experience with Bizx, LLC"

"Don't work with them or for them â" BizX is not a company I'd ever trust. I was an employee there and the web content produced is written by doing minimal research and pushing advertisers rather than on actual experience"

"Often hostile leadership, micromanaging, and a feeling that your efforts are worthless. Leadership will often pit co-workers against each other, and there is a definite lack of cooperation within the departments, which leads to "each for themselves" type of company culture."

"During the time I was there, people were getting fired so often that people were always scared they were next. A day when the owner doesn't visit was a 'good day'"

"Don't waste your time with this company"

"NOT RECOMMENDED Respect is a two-way street, however you won't get any from upper management. Talking down to employees, yelling, cursing. There are better opportunities out there"

"the low pay wasn't worth it."

"dissent or differing opinions are absolutely not tolerated. Try it and you'll be fired."

"management has been known to yell at people as if they are children"

""have a quoata on Russian stories or else we get fired" BeauHD "SENIOR EDITOR" (that can't spell quota properly - some pro)

APK

P.S.=> "Read 'em & weep" & GET ON TOPIC... apk

Arth1 you TOTALLY lose, why?

"you would have to enumerate the entire list of possible domains... you can't find a hard drive big enough to hold all the variations" - by arth1 (260657) on Wednesday December 27, 2017 @06:17PM (#55818665)

I can't hold 4 billion names in hosts? A botnet herder can't either in a file Generating them's 1 thing storing 'em's another per YOUR OWN WORDS quoted!

* As I said - YOU LOSE!

APK

P.S.=> Your "theoreticals" are purest bullshit & you're also NOT ANSWERING IF MY METHOD USING HOSTS STOPS THIS BOTNET - CLUE: Hosts DOES STOP THIS BOTNET dumbass, easily (it does, this botnet only has 11 total domains/subdomains to stop & it does NOT USE DGA or even FastFlux stupid)... apk

I destroyed all naysayers

See subject & arth1 bs https://yro.slashdot.org/comments.pl?sid=11532533&cid=55833641/ dnsmasq security issues https://yro.slashdot.org/comments.pl?sid=11532533&cid=55817767/ (my program protects vs. hosts alteration above WFP/SFP + data refresh on next run) routers security issues + costs (unit & added powerbills) https://yro.slashdot.org/comments.pl?sid=11532533&cid=55816533/ & SECURITY + WEB PROS say hosts = good security https://yro.slashdot.org/comments.pl?sid=11532533&cid=55815881/ & https://yro.slashdot.org/comments.pl?sid=11532533&cid=55815915/ plus /.ers here https://yro.slashdot.org/comments.pl?sid=11532533&cid=55814717/ & here too https://yro.slashdot.org/comments.pl?sid=11532533&cid=55814765/ vs. UNIDENTIFIABLE anonymous bs

APK

P.S.=> My ware = safe per VirusTotal https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self check vs. infection built-in) + malwarebytes code audit