That's exactly what I was thinking. Some Slashdot mod went around and modded all my posts today to either flamebait or troll.. I think I've pissed someone on staff off somehow. Any comments mods??
That's not what the article said, it said UP UNTIL 1954 it was used for those purposes:
"In 1954, the research took a more aggressive turn, with scientists looking to cook up ways to inflict damage on Soviet livestock"
"President Clinton to include Plum Island in his expanded bioterrorism program based on the possibility of a biological attack on the nation's agricultural base. Last year the administration of the island's research facilities was transferred from USDA to the Department of Homeland Security. "
Here's WSU's view on Viral Glass, they seem to think it's real:
"A realistic view of the botox situation is that many of the problems of dispersal were likely solved by the >3,000 US scientists that reportedly worked on biological warfare during W.W. II & the cold war. It is also reasonable to assume that the botox can be fused by common molecular biology technology with other proteins that stabilize it for dispersal without decreasing its lethality or it can be mixed with other protective agents (e.g. trehalose, viral-glass) or that it can be encapsulated in protective material (timed release) that dissolves once it is in the digestive system. It should also be possible to clone the botox gene into common bacteria that inhabit the human gut (e.g. E. coli), which would establish themselves there long enough to produce a quantity of botox sufficient to disable the victim before their immune system responded; a natural condition seen in young babies who ingest the spores in foods like honey. For a chilling description of how this might be done visit the Cal Poly site."
http://www.slic2.wsu.edu:82/hurlbert/micro101/pa ge s/101biologicalweapons.html
Perhaps I should read less and get out more, your right... Then again, perhaps you should read more.
"Labs such as the one at Plum Island investigate the effects of disease-causing agents and bioweapons in the hopes that remedies/cures/vaccines/treatments might be discovered. "
Yes, that is what your government would like me to believe....
We have enough WMD to destroy the earth 1000 times over, that's PLENTY to wipe out 100% of life (not including cockroaches I guess..).
http://www.bullatomsci.org/issues/1996/ja96/ja96 nr dc.html
Assuming that START I and II will be fully implemented, the operational stockpile in the year 2003 is scheduled to be 5,000 warheads, composed of some 3,500 strategic and 950 non-strategic weapons, plus about 500 spares (see the table at right). This total will be split in half between the air force and the navy, with 79 percent overall in strategic forces.
That's _JUST_ Nuclear. Add Chemical, Biological, and X-type unknown weapons, and you've got A HELL OF LOT of death power.
I recently read a book named "The Cobra Event" by Richard Preston. It was one of the best book's I've ever read, it was about germ warfare, and most of it was based around real technology (such as Viral Glass). I won't say anymore, so I don't ruin the book, but I strongly recommend it.
No this is not off-topic. The last few chapters of the book, all take place on Plum Island, and they talk in detail about the facilities on this island. Great reading, and it made it better after I read this article.
At first I was scared, but a little calculation shows me I'm at least 500 miles away here in Toronto, pheew. This stuff is completely insane, why do we need 802412904158132951249812 weapons that are all capable of destroying life on earth, I mean, isn't 1 enough???
"If you hear the thunder, that means the lighting didn't kill you.
When struck by lightning people hardly ever die immediately. Most of the time the residual effects will kill you over the duration of a year or so."
Either way, your ear drums explode, and people never hear (they hardly even remember) the "lighting".
"If you hear the gunshot, the bullet didn't kill you.
So if I shoot you in the heart, you die immediately? The soundwaves would likely hit you at seemingly the same time as the bullet. I seemed to think that a gunshot wound to the heart or lungs that went untreaed wouldn't kill you for at least 5 minutes. "
You need to study what happens with sound waves more, if the bullet is supersonic, and it hits you in the brain, there isn't a chance you'd hear it, even if you survived, you wouldn't hear it due to the fact your in the noise "cone".
"If you smell the engine burning, the car wreck didn't kill you.
Once again, the vital organ thing. Unless your brain suffers damage, fatal damage to your vital organs takes a few minutes to kill you."
I think he meant as in instant death. If your brain is squishyed, you wouldn't hear anything, even if you survived, if your neck is broken, you wouldn't smell anything.
"If you are still reading, the asteroid missed.
Actually, the asteroid just hit me. you lose."
Doubtful, the asteroid of this size would explode in the atmosphere, demolitioning everything underneath it. This happen in Siberia a few years back, looked like someone dropped a N-bomb, but it was from the shockwaves. A direct hit would be possible if your in that new high altitude plane..
I had a similar thing happen to me. It's great! Less work!! "No I didn't get the alert, my cell phone is at my, company policy". "No I don't want to break rules, I _REFUSE_ to bring my cell phone until I get a WRITTEN statement from the company". More work for them, a break for you.
Reminds me of my teenage years, working in the factory, the Butol machine burst into flames, what did I do? Scream? Run? Try and escape? NOPE! I cheered, "Yeah, no work tonight!! And let the damn machine burn." Nightshift can be a biotch.
Your correct, it was Outlook Express, same shit different pile.. I doubt I could get everyone to change, but seriously, he doesn't get email from more then 2 people, he never opens attachments (unless they are from me), he doesn't even use his computer very often, which means he should be fairly safe. (He has disabled HTML viewing in outlook)
I do see your point, it's a good one, unfortuntately getting people to change is always hard..
Dude you quoted nothing, I didn't write "Then he noticed in Outlook" anywhere, you just made that up. It has nothing to do with outlook, as a poster just mentioned, it happened to him with Yahoo...
Okay, NAT only allows outbound traffic (unless configured otherwise) hense, it would stop inbound scans/virus. Does that explain it for you?
You get a virus by surfing porn by hitting an infected HTTP server, for example the JS.Exploit virus, HTTP overruns, etc. I can't believe your on slashdot and you don't know that IE can be vulnerable?? wtf?
"Bouncebacks? Most of us have other ways of monitoring our systems for viruses. Like...Running OS X, or Linux...oh I dunno...running regular scans with AV software maybe?"
Good for you.. Too bad my friend likes Windows. Too bad all the games he plays are windows only. Too bad his company uses windows, so in order for him to work at home, he needs windows. And as for running the scans with AV, you obviously need to RTFA because it states it's morphing and many AV software DON'T PICK IT UP YET.
While you're explaining things...try explaning the difference between 'there' and 'their' chief.
You couldn't figure anything else out on your own, I'll leave this one up to you.. Grammer king.
http://news.yahoo.com/fc?tmpl=fc&cid=34&in=tech& ca t=hackers_and_crackers
http://www.f-secure.com/v-descs/agobot_fo.shtml
Detailed Description
First of all, this new variant has 'Phatbot3' identifier and there are a few 'phat' string in its body. This may indicate that this version was not made by the original Agobot backdoor author, who calls himself TheAgo, but by a different person/group who got the source code of this backdoor.
The backdoor's file is a PE executable 115738 bytes long compressed with PE-Diminisher file compressor. The unpacked file's size is over 245 kilobytes.
Installation to system
The Agobot.FO backdoor copies itself as NVCHIP4.EXE file to Windows System folder and creates startup keys for this file in System Registry: [HKLM\Software\Microsoft\Windows\Curren tVersion\Ru n]
"nVidia Chip4" = "nvchip4.exe" [HKLM\Software\Microsoft\Windows\Cu rrentVersion\Ru nServices]
"nVidia Chip4" = "nvchip4.exe"
This allows the backdoor's file to start with every Windows session. On Windows NT-based systems the backdoor can start as a service. Scanning for vulnerable computers
The backdoor can scan subnets for exploitable computers and send a list of their IPs to the bot operator. The scan is performed on ports 80, 135 and 445 for RPC/DCOM (MS03-026), RPC/Locator (MS03-001) and WebDAV (MS03-007) vulnerabilities. The backdoor can also scan for computers infected with MyDoom worm (port 3127), Bagle worm (port 2745) and also for computers where DameWare remote system management software is installed (port 6129).
Performing a DDoS attack The backdoor can perform the following types of DDoS (Distributed Denial of Service) attacks:
* HTTP flood * SYN flood * UDP flood * ICMP flood When performing a DDoS attack, the backdoor uses 33 unique client identifiers including Mozilla, Wget, Scooter, Webcrawler and Google bot.
The backdoor sends 256000 bytes of random data to the following websites and checks the response times:
www.schlund.net
www.utwente.nl
www.xo.net
www.stanford.edu
www.lib.nthu.edu.tw
www.st.lib.keio.ac.jp
Collecting e-mail addresses The bot can harvest e-mail addresses. It has the functionality to read user's Address Book and send the list of e-mail addresses to the bot operator.
Obtainint Registry info The backdoor has the functionality to obtain System Registry info from an infected computer. This is a new feature for Agobot backdoor. Information obtained from the Registry can give a hacker a full overview of an infected system.
Spreading to local network Agobot backdoor can scan computers on local network and copy itself there. The scan is initiated by a remote hacker. When spreading to local network, Agobot.FO probes the following shares:
admin$ c$ d$ e$ print$ c
Agobot.FO tries to connect using the following account names:
(SEE LINKS AT TOP FOR INFORMATION)
When connecting, Agobot.FO uses the following passwords: (SEE LINKS AT TOP FOR DETAILS)
If the worm succeeds connecting to the above listed shares, it copies itself to a remote share and attempts to start that file as a service. The alternative way of infecting a remote host is to create a scheduled task on a remote computer that will start the backdoor's file.
Teminating processes of security and anti-virus programs Agobot.FO has a huge list of process file names hardcoded in its body. The backdoor tries to terminate processes that have the following names:
(NAMES REMOVED SO POST WOULD WORK, FOLLOW LINKS AT TOP)
This functionality allows the backdoor to successfully disable anti-virus and security software that can not detect this backdoor before it's file is started. In most cases special tools are required to clean a computer infected with this backdoor.
A friend of mine recently sent me a funny email he had received, it indicated that Yahoo was bouncing back some emails to him because the receiver couldn't be found. Well, he didn't send any of these messages, but someone had spoofed there REAL NAME into the TO: field. His virus protection software was up-to-date, he didn't know what was going on, then he noticed in outlook the "save password" button no longer worked. Finally today, it's all starting to make sense. Don't know how he got the virus though, he's behind a firewall (NAT router), he doesn't go through much email. I have to guess it's all the porn he surfs.. Anyone else getting bounce backs?
Ahh, the little AC that could. Why do you keep following me around? Is it because you find my views enlightening maybe??
Canadian is how it is spelled, as I am _not_ french. Thanks.
And if you think I'm lacking in the area's of travel, you are mistaken. I don't know why you'd think that, but obviously you don't know me very well. I have travelled Europe quite a bit, and honestly, Holland is by far the best country I've been too. The views, the people, the freedom, it was, eye opening to say the least. I always though Canada was a very free liberal country, until that point. I still love Canada, don't get me wrong.
_EVERY_ Satellite used for communication purposes has Echechlon and/or Carnivore watching. Time magazine had a good article on the setup, if only I could find it.
I'm a Canadian. Big Brother is here, watching. CSIS works hand-in-hand with the CIA.
We now have anti-biker laws that go wayyyyy beyond what is happening in USA right now. Being part of a criminal organization here is harmful to your health! The CIA/DEA/FBI _ALL_ have offices in Toronto, Vancouver, Montreal, Halifax, etc.
If I could suggest a place to move it would be Holland, so far they are BY FAR the most Liberal, free country on earth. I'm not talking about drug laws either.
"I guessed you hated the USA very incorrectly, for instance, because of several posts you had made about the US privacy intrusion "
I read too much.. I'm glad you agree that it is getting out of control though.
" I recalled a survey of people who live in Toronto who visit the US a lot. That's what "psychics" and psychologists do all the time."
That's interesting, I'll have to remember that sort of investigative work, thanks for the insight.
"would post on Slashdot at the hours you do unless they didn't sleep."
Normally I post from work 9-5 mon-fri.. If I posted in the middle of the night, it was a coffee induced programming fit I was having..
"Re:No one is truly anonymous... (Score:1) by Punk Walrus (582794) on Tuesday March 16, @05:25PM (#8583107) See, and this is a good case of how just a few posts can throw me off balance. This reply alone was not what I expected, but then again, I didn't try very hard. I guessed you hated the USA very incorrectly, for instance, because of several posts you had made about the US privacy intrusion (which is why I agree with much of what you say). In fact, the only reason I said you visited the US more than twice was I recalled a survey of people who live in Toronto who visit the US a lot. That's what "psychics" and psychologists do all the time. "I see you recently have had a struggle within yourself you cannot solve..." Well, DUH! Why would you go see a tarot reader and a psychologist, otherwise? But you'd be surprised (okay, maybe not you) how many people would go, "Yeah... that's right! You're good!" Anyway, I guessed you lived in Toronto because of a post you made about people trashing hotels with fraudulent names, where you dropped a comment about Homer Simpson ruining Hojos in Toronto. I figured you were either a person who worked for a credit card company, or for the hotel itself, but I didn't think someone who worked for a hotel would post on Slashdot at the hours you do unless they didn't sleep. I was partially on the mark about technical support for POS, but partially is still mostly wrong.:)
" I don't think people always say the opposite of what they really mean. I'd be curious to hear why you think that. I mean, I'll agree, it's true for some people, not for all people, but that's a case-by-case sort of thing.
"
Too many bad women experiences.. Just kidding.. It's just a common tactic that people use for getting information, tell them something wrong, and expect them to correct it with the "truth".
"But then again, you're not a jerk. "
Some people would definitely disagree with that, but thanks for saying it, I enjoy discussing this with you and find your a very reasonable person, unlike many I've found on slashdot who post simply to try and "be right" or "prove wrong", even when they really don't know what they are talking about. I've got a conversation going where people are trying to tell me who online authorization works.. Thanks, but I've worked in the field for many years, I _know_ the banks don't require PGP encryption (except in Canada) for settlement files, yet some dude is insisting they do, I wonder where he gets his facts..
"And for the record, no, I don't work for any Dollar Store HQ"
I asked because I have done some work in South Virginia and you sound a lot like somebody I know there, you mentioned you were from Virginia..
" test network connectivity for many major vendors,"
Sounds like a lot of stuff I've done. You ever work on VSAT or X.25?
"I might get gift baskets, free hardware, and other bribes. "Please accept this HP Laptop... oh, no no, no strings attached! In fact, do you have children? I bet they'd love free tickets to..." "
Sounds good to me, where do I sign up?:) Seriously, someone sends me Leaf tickets, I'll give them a bias opinion if they want it! GO LEAFS GO!!!
Not quite.. There is a translation that takes place, I'm not talking about X.25 over TCP, I'm talking about banks that have NO TCP connection available for there mainframes, so they had to buy a server that sits in front of the mainframe that listens on TCP takes the credit packet and translates it into the banks X.25 format. The reason is many retailers want to use TCP type POS's but the bank's (well, SOME in Canada) don't support a front end TCP. Does that make sense now? And yes, I've also worked on networks that run X.25 over TCP.
X.25 is definitely more complicated then setting up a software VPN, and I'm not talking about simply typing in a DNA and connecting with pre-configured software. As for a hardware VPN there is no setup there, it's transparent to the end application, could it get simpler then that?
I agree my original response was a over the edge, I need to be more neutral, I'll try harder next time. Try and understand I set up these networks for a living and having people saying all the time "Don't put anything finanical on the internet" causes me a lot of grief, when a CEO hears that and then finds out HIS network is on the internet it takes a long time for his network guys to explain that indeed, his network is secure..
No worries, I'm tired too, and it's almost time to go home. Go ahead and leave me on your Foe's list, I've always wanted a foe that can keep me in check..
Not quite. They _DON'T_ PGP encrypt it, it's sent plain text. EVER BANK I'VE WORKED WITH in USA uses plain text to transfer the file. I have seen the PGP encrypted file, but that's only for Canadian banks.
Yes, FTP using Plaintext is risky. That's why Vital (Visanet) would force the LINK/LINE between the companies to be a. encrypted, or b. a VPN.
No retailer want's to spend the $10,000USD on a business class version of PGP (I've investigated it before). Canadian retailers generally get the retail version and make it some guy's duty to manually encrypt the files.
Slashdot Mirror
That's exactly what I was thinking. Some Slashdot mod went around and modded all my posts today to either flamebait or troll.. I think I've pissed someone on staff off somehow. Any comments mods??
That's not what the article said, it said UP UNTIL 1954 it was used for those purposes:
"In 1954, the research took a more aggressive turn, with scientists looking to cook up ways to inflict damage on Soviet livestock"
"President Clinton to include Plum Island in his expanded bioterrorism program based on the possibility of a biological attack on the nation's agricultural base. Last year the administration of the island's research facilities was transferred from USDA to the Department of Homeland Security.
"
I posted that since I knew it would get a rise out of some people.. Here:
s .h tm
a ge s/101biologicalweapons.html
"
b) Detection of botulism:
We have been developing a generalized optical testing system for
adenosine triphosphate using the luciferase enzyme encapsulated in a sol
gel glass matrix. This makes a solid state sensor rather than a wet
chemical sensor. These techniques could be applied to other agents to
make faster more automated sensing.
"
Hmmmm? Gel Glass matrix? Sounds odd, I wonder who's doing research with GLASS and VIRAL infections? Read on:
http://lina.tns.sunysb.edu/AlfredCeramicsDetail
Here's WSU's view on Viral Glass, they seem to think it's real:
"A realistic view of the botox situation is that many of the problems of dispersal were likely solved by the >3,000 US scientists that reportedly worked on biological warfare during W.W. II & the cold war. It is also reasonable to assume that the botox can be fused by common molecular biology technology with other proteins that stabilize it for dispersal without decreasing its lethality or it can be mixed with other protective agents (e.g. trehalose, viral-glass) or that it can be encapsulated in protective material (timed release) that dissolves once it is in the digestive system. It should also be possible to clone the botox gene into common bacteria that inhabit the human gut (e.g. E. coli), which would establish themselves there long enough to produce a quantity of botox sufficient to disable the victim before their immune system responded; a natural condition seen in young babies who ingest the spores in foods like honey. For a chilling description of how this might be done visit the Cal Poly site."
http://www.slic2.wsu.edu:82/hurlbert/micro101/p
Perhaps I should read less and get out more, your right... Then again, perhaps you should read more.
"Labs such as the one at Plum Island investigate the effects of disease-causing agents and bioweapons in the hopes that remedies/cures/vaccines/treatments might be discovered.
"
Yes, that is what your government would like me to believe....
We have enough WMD to destroy the earth 1000 times over, that's PLENTY to wipe out 100% of life (not including cockroaches I guess..).
6 nr dc.html
http://www.bullatomsci.org/issues/1996/ja96/ja9
Assuming that START I and II will be fully implemented, the operational stockpile in the year 2003 is scheduled to be 5,000 warheads, composed of some 3,500 strategic and 950 non-strategic weapons, plus about 500 spares (see the table at right). This total will be split in half between the air force and the navy, with 79 percent overall in strategic forces.
That's _JUST_ Nuclear. Add Chemical, Biological, and X-type unknown weapons, and you've got A HELL OF LOT of death power.
I recently read a book named "The Cobra Event" by Richard Preston. It was one of the best book's I've ever read, it was about germ warfare, and most of it was based around real technology (such as Viral Glass). I won't say anymore, so I don't ruin the book, but I strongly recommend it.
7 3/ qid=1079625306/sr=2-1/ref=sr_2_1/002-0266613-02360 18
No this is not off-topic. The last few chapters of the book, all take place on Plum Island, and they talk in detail about the facilities on this island. Great reading, and it made it better after I read this article.
Amazon link:
http://www.amazon.com/exec/obidos/ASIN/03454099
At first I was scared, but a little calculation shows me I'm at least 500 miles away here in Toronto, pheew. This stuff is completely insane, why do we need 802412904158132951249812 weapons that are all capable of destroying life on earth, I mean, isn't 1 enough???
"If you hear the thunder, that means the lighting didn't kill you.
When struck by lightning people hardly ever die immediately. Most of the time the residual effects will kill you over the duration of a year or so."
Either way, your ear drums explode, and people never hear (they hardly even remember) the "lighting".
"If you hear the gunshot, the bullet didn't kill you.
So if I shoot you in the heart, you die immediately? The soundwaves would likely hit you at seemingly the same time as the bullet. I seemed to think that a gunshot wound to the heart or lungs that went untreaed wouldn't kill you for at least 5 minutes.
"
You need to study what happens with sound waves more, if the bullet is supersonic, and it hits you in the brain, there isn't a chance you'd hear it, even if you survived, you wouldn't hear it due to the fact your in the noise "cone".
"If you smell the engine burning, the car wreck didn't kill you.
Once again, the vital organ thing. Unless your brain suffers damage, fatal damage to your vital organs takes a few minutes to kill you."
I think he meant as in instant death. If your brain is squishyed, you wouldn't hear anything, even if you survived, if your neck is broken, you wouldn't smell anything.
"If you are still reading, the asteroid missed.
Actually, the asteroid just hit me. you lose."
Doubtful, the asteroid of this size would explode in the atmosphere, demolitioning everything underneath it. This happen in Siberia a few years back, looked like someone dropped a N-bomb, but it was from the shockwaves. A direct hit would be possible if your in that new high altitude plane..
I had a similar thing happen to me. It's great! Less work!! "No I didn't get the alert, my cell phone is at my, company policy". "No I don't want to break rules, I _REFUSE_ to bring my cell phone until I get a WRITTEN statement from the company". More work for them, a break for you.
Reminds me of my teenage years, working in the factory, the Butol machine burst into flames, what did I do? Scream? Run? Try and escape? NOPE! I cheered, "Yeah, no work tonight!! And let the damn machine burn." Nightshift can be a biotch.
Your correct, it was Outlook Express, same shit different pile.. I doubt I could get everyone to change, but seriously, he doesn't get email from more then 2 people, he never opens attachments (unless they are from me), he doesn't even use his computer very often, which means he should be fairly safe. (He has disabled HTML viewing in outlook)
I do see your point, it's a good one, unfortuntately getting people to change is always hard..
Dude you quoted nothing, I didn't write "Then he noticed in Outlook" anywhere, you just made that up. It has nothing to do with outlook, as a poster just mentioned, it happened to him with Yahoo...
And seeing as you threw the "there" vs "their" debate in, let's beat you up for a while..
a. I have no idea what PRON is.
2. Bouncebacks is not a word, it's 2.
3. Learn how to create proper paragraphs.
4. "oh I dunno" isn't a sentence, and if it was, you are supposed to capitolize the first letter.
5. "While you're explaining things" isn't a complete sentence.
6. Don't write "..." so much, it's the equivilant of writing "ummmm" and "ahhhhh" noises, and it makes you look dumb.
Bottom line is, don't pick on someones spelling/grammar mistakes unless you know how to construct proper sentences yourself, YOU INSENSITIVE CLOD.
That probably explains it, thanks man, I never even thought of that! Yes, it did just start happening over the last week..
Okay, NAT only allows outbound traffic (unless configured otherwise) hense, it would stop inbound scans/virus. Does that explain it for you?
You get a virus by surfing porn by hitting an infected HTTP server, for example the JS.Exploit virus, HTTP overruns, etc. I can't believe your on slashdot and you don't know that IE can be vulnerable?? wtf?
"Bouncebacks? Most of us have other ways of monitoring our systems for viruses. Like...Running OS X, or Linux...oh I dunno...running regular scans with AV software maybe?"
Good for you.. Too bad my friend likes Windows. Too bad all the games he plays are windows only. Too bad his company uses windows, so in order for him to work at home, he needs windows. And as for running the scans with AV, you obviously need to RTFA because it states it's morphing and many AV software DON'T PICK IT UP YET.
While you're explaining things...try explaning the difference between 'there' and 'their' chief.
You couldn't figure anything else out on your own, I'll leave this one up to you.. Grammer king.
This is also known as the "Agobot"
http://news.yahoo.com/fc?tmpl=fc&cid=34&in=tech& ca t=hackers_and_crackers
http://www.f-secure.com/v-descs/agobot_fo.shtml
Detailed Description
First of all, this new variant has 'Phatbot3' identifier and there are a few 'phat' string in its body. This may indicate that this version was not made by the original Agobot backdoor author, who calls himself TheAgo, but by a different person/group who got the source code of this backdoor.
The backdoor's file is a PE executable 115738 bytes long compressed with PE-Diminisher file compressor. The unpacked file's size is over 245 kilobytes.
Installation to system
The Agobot.FO backdoor copies itself as NVCHIP4.EXE file to Windows System folder and creates startup keys for this file in System Registry:
[HKLM\Software\Microsoft\Windows\Curren tVersion\Ru n]
"nVidia Chip4" = "nvchip4.exe"
[HKLM\Software\Microsoft\Windows\Cu rrentVersion\Ru nServices]
"nVidia Chip4" = "nvchip4.exe"
This allows the backdoor's file to start with every Windows session. On Windows NT-based systems the backdoor can start as a service.
Scanning for vulnerable computers
The backdoor can scan subnets for exploitable computers and send a list of their IPs to the bot operator. The scan is performed on ports 80, 135 and 445 for RPC/DCOM (MS03-026), RPC/Locator (MS03-001) and WebDAV (MS03-007) vulnerabilities. The backdoor can also scan for computers infected with MyDoom worm (port 3127), Bagle worm (port 2745) and also for computers where DameWare remote system management software is installed (port 6129).
Performing a DDoS attack
The backdoor can perform the following types of DDoS (Distributed Denial of Service) attacks:
* HTTP flood * SYN flood * UDP flood * ICMP flood
When performing a DDoS attack, the backdoor uses 33 unique client identifiers including Mozilla, Wget, Scooter, Webcrawler and Google bot.
The backdoor sends 256000 bytes of random data to the following websites and checks the response times:
www.schlund.net
www.utwente.nl
www.xo.net
www.stanford.edu
www.lib.nthu.edu.tw
www.st.lib.keio.ac.jp
Collecting e-mail addresses
The bot can harvest e-mail addresses. It has the functionality to read user's Address Book and send the list of e-mail addresses to the bot operator.
Obtainint Registry info
The backdoor has the functionality to obtain System Registry info from an infected computer. This is a new feature for Agobot backdoor. Information obtained from the Registry can give a hacker a full overview of an infected system.
Spreading to local network
Agobot backdoor can scan computers on local network and copy itself there. The scan is initiated by a remote hacker. When spreading to local network, Agobot.FO probes the following shares:
admin$ c$ d$ e$ print$ c
Agobot.FO tries to connect using the following account names:
(SEE LINKS AT TOP FOR INFORMATION)
When connecting, Agobot.FO uses the following passwords:
(SEE LINKS AT TOP FOR DETAILS)
If the worm succeeds connecting to the above listed shares, it copies itself to a remote share and attempts to start that file as a service. The alternative way of infecting a remote host is to create a scheduled task on a remote computer that will start the backdoor's file.
Teminating processes of security and anti-virus programs
Agobot.FO has a huge list of process file names hardcoded in its body. The backdoor tries to terminate processes that have the following names:
(NAMES REMOVED SO POST WOULD WORK, FOLLOW LINKS AT TOP)
This functionality allows the backdoor to successfully disable anti-virus and security software that can not detect this backdoor before it's file is started. In most cases special tools are required to clean a computer infected with this backdoor.
Additionally the
A friend of mine recently sent me a funny email he had received, it indicated that Yahoo was bouncing back some emails to him because the receiver couldn't be found. Well, he didn't send any of these messages, but someone had spoofed there REAL NAME into the TO: field. His virus protection software was up-to-date, he didn't know what was going on, then he noticed in outlook the "save password" button no longer worked. Finally today, it's all starting to make sense. Don't know how he got the virus though, he's behind a firewall (NAT router), he doesn't go through much email. I have to guess it's all the porn he surfs.. Anyone else getting bounce backs?
Ahh, the little AC that could. Why do you keep following me around? Is it because you find my views enlightening maybe??
Canadian is how it is spelled, as I am _not_ french. Thanks.
And if you think I'm lacking in the area's of travel, you are mistaken. I don't know why you'd think that, but obviously you don't know me very well. I have travelled Europe quite a bit, and honestly, Holland is by far the best country I've been too. The views, the people, the freedom, it was, eye opening to say the least. I always though Canada was a very free liberal country, until that point. I still love Canada, don't get me wrong.
Good night, my little AC stalker.
_EVERY_ Satellite used for communication purposes has Echechlon and/or Carnivore watching. Time magazine had a good article on the setup, if only I could find it.
(Bring on the doubters!!!)
I'm a Canadian. Big Brother is here, watching. CSIS works hand-in-hand with the CIA.
We now have anti-biker laws that go wayyyyy beyond what is happening in USA right now. Being part of a criminal organization here is harmful to your health! The CIA/DEA/FBI _ALL_ have offices in Toronto, Vancouver, Montreal, Halifax, etc.
If I could suggest a place to move it would be Holland, so far they are BY FAR the most Liberal, free country on earth. I'm not talking about drug laws either.
Agreed. 2004 = 1984 + 20
To all those who doubted Big Brother is watching. Seriously, they have been doing this for YEARS now they just want to justify it.
"The truth will set you free"
"I guessed you hated the USA very incorrectly, for instance, because of several posts you had made about the US privacy intrusion "
:)
:) Seriously, someone sends me Leaf tickets, I'll give them a bias opinion if they want it! GO LEAFS GO!!!
I read too much.. I'm glad you agree that it is getting out of control though.
" I recalled a survey of people who live in Toronto who visit the US a lot. That's what "psychics" and psychologists do all the time."
That's interesting, I'll have to remember that sort of investigative work, thanks for the insight.
"would post on Slashdot at the hours you do unless they didn't sleep."
Normally I post from work 9-5 mon-fri.. If I posted in the middle of the night, it was a coffee induced programming fit I was having..
"Re:No one is truly anonymous... (Score:1)
by Punk Walrus (582794) on Tuesday March 16, @05:25PM (#8583107)
See, and this is a good case of how just a few posts can throw me off balance. This reply alone was not what I expected, but then again, I didn't try very hard.
I guessed you hated the USA very incorrectly, for instance, because of several posts you had made about the US privacy intrusion (which is why I agree with much of what you say). In fact, the only reason I said you visited the US more than twice was I recalled a survey of people who live in Toronto who visit the US a lot. That's what "psychics" and psychologists do all the time. "I see you recently have had a struggle within yourself you cannot solve..." Well, DUH! Why would you go see a tarot reader and a psychologist, otherwise? But you'd be surprised (okay, maybe not you) how many people would go, "Yeah... that's right! You're good!" Anyway, I guessed you lived in Toronto because of a post you made about people trashing hotels with fraudulent names, where you dropped a comment about Homer Simpson ruining Hojos in Toronto. I figured you were either a person who worked for a credit card company, or for the hotel itself, but I didn't think someone who worked for a hotel would post on Slashdot at the hours you do unless they didn't sleep. I was partially on the mark about technical support for POS, but partially is still mostly wrong.
"
I don't think people always say the opposite of what they really mean. I'd be curious to hear why you think that. I mean, I'll agree, it's true for some people, not for all people, but that's a case-by-case sort of thing.
"
Too many bad women experiences.. Just kidding.. It's just a common tactic that people use for getting information, tell them something wrong, and expect them to correct it with the "truth".
"But then again, you're not a jerk. "
Some people would definitely disagree with that, but thanks for saying it, I enjoy discussing this with you and find your a very reasonable person, unlike many I've found on slashdot who post simply to try and "be right" or "prove wrong", even when they really don't know what they are talking about. I've got a conversation going where people are trying to tell me who online authorization works.. Thanks, but I've worked in the field for many years, I _know_ the banks don't require PGP encryption (except in Canada) for settlement files, yet some dude is insisting they do, I wonder where he gets his facts..
"And for the record, no, I don't work for any Dollar Store HQ"
I asked because I have done some work in South Virginia and you sound a lot like somebody I know there, you mentioned you were from Virginia..
" test network connectivity for many major vendors,"
Sounds like a lot of stuff I've done. You ever work on VSAT or X.25?
"I might get gift baskets, free hardware, and other bribes. "Please accept this HP Laptop... oh, no no, no strings attached! In fact, do you have children? I bet they'd love free tickets to..." "
Sounds good to me, where do I sign up?
Not quite.. There is a translation that takes place, I'm not talking about X.25 over TCP, I'm talking about banks that have NO TCP connection available for there mainframes, so they had to buy a server that sits in front of the mainframe that listens on TCP takes the credit packet and translates it into the banks X.25 format. The reason is many retailers want to use TCP type POS's but the bank's (well, SOME in Canada) don't support a front end TCP. Does that make sense now? And yes, I've also worked on networks that run X.25 over TCP.
X.25 is definitely more complicated then setting up a software VPN, and I'm not talking about simply typing in a DNA and connecting with pre-configured software. As for a hardware VPN there is no setup there, it's transparent to the end application, could it get simpler then that?
Now, back to my inane ranting and trolling..
I agree my original response was a over the edge, I need to be more neutral, I'll try harder next time. Try and understand I set up these networks for a living and having people saying all the time "Don't put anything finanical on the internet" causes me a lot of grief, when a CEO hears that and then finds out HIS network is on the internet it takes a long time for his network guys to explain that indeed, his network is secure..
No worries, I'm tired too, and it's almost time to go home. Go ahead and leave me on your Foe's list, I've always wanted a foe that can keep me in check..
Sweet, my first foe..
;)
I think you mean SSL not SSH.
"sell us that the internet's inheirently secure"
That wasn't what I said at all, I said that it could be secured, not that it's "inheirently" secure.
Not quite. They _DON'T_ PGP encrypt it, it's sent plain text. EVER BANK I'VE WORKED WITH in USA uses plain text to transfer the file. I have seen the PGP encrypted file, but that's only for Canadian banks.
Yes, FTP using Plaintext is risky. That's why Vital (Visanet) would force the LINK/LINE between the companies to be a. encrypted, or b. a VPN.
No retailer want's to spend the $10,000USD on a business class version of PGP (I've investigated it before). Canadian retailers generally get the retail version and make it some guy's duty to manually encrypt the files.