Malware infection advisory from AT&T Internet Services Security Center Bellsouth Member ID: *hidden*@att.net Luke Dashjr Primary Member ID: *hidden*@att.net Dear Luke Dashjr, AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“unknownâ€) was observed on Apr 8, 2016 at 9:18 AM EDT from the IP address *hidden*. Our records indicate that this IP address was assigned to you at this time. Infected computers are often used as part of a zombie computer network (“botnetâ€). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware. Because malware is designed to run in secret, an infected computer may display no obvious symptoms. To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them. 1. If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices. 2. Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware. Additional tools and information: * Tools for removing rootkits, bots, and other crimeware: * Norton Power Eraser: https://security.symantec.com/nbrt/npe.aspx (Windows) * McAfee Rootkit Remover: http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx (Windows) * Tools for general virus and malware removal: * Microsoft Safety & Security Center: http://www.microsoft.com/security/ (Windows) * Malwarebytes Anti-Malware: http://malwarebytes.org/ (Windows, Android) * Spybot +AV: http://www.safer-networking.org/ (Windows) * OS X Gatekeeper: http://support.apple.com/kb/HT5290 (OS X) * AT&T Malware and Network Security analysts gather weekly to give you the information that you need to know about the latest security news and trends. Visit AT&T ThreatTraq at http://techchannel.att.com/showpage.cfm?ThreatTraq Regards, AT&T Internet Services Security Center Incident details for *hidden* Type: unknown Source port: 39394 Destination IP: 5.xx.xx.205 Destination port: 8333 For security reasons, the destination IP is partially obscured. DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Softwareâ€). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the Bellsouth Acceptable Use Policy. Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link. ©2005 - 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Privacy Policy (Updated July 24, 2015)(I consider this PSA to be fair use under the Copyright Act.)
| Questions | Answers |
|---|---|
| Do you still do malware analysis as a part of your day job ? Do you have some advices for someone searching a job in the field ? | You need to pick your focus area. What do you want to do? Penetration testing? Encryption? Malware analysis? Forensics? Underground intelligence? Counter-espionage? Then you need to find mentors and coaches. The easiest way to do this is via online forums dedicated to your focus area. For example, check forum.infosecmentors.com. |
| SANS has some great online resources for people starting up in this area: check them out. | |
| Do you see malware analysis as a growth field for careers? Why? | Good malware analysts will always get a job. And malware isn't going to go away any time soon. |
| It's not just security companies who are hiring people in this field. Many large companies and telcos have their own CERT teams which hire malware analysts. | |
| Is it true that it isn't a huge challenge to modify malware in a way that it is not detected by any current anti virus program, so that people building bot nets or infiltrating computers with Trojans usually smuggle them past virus scanners? | It's trivial to modify existing malware so that traditional antivirus programs won't detect it any more. It only takes couple of minutes. |
| That's why antivirus programs have been moving towards behaviour-based detection models as well as towards reputation-based detection models. | |
| Do note that testing behaviour-based blocking is hard. That's why it's misleading when people post links to sites such as Virustotal as evidence that particular file is 'not detected by AVs'. There's no way to know if a particular antivirus would have blocked the file, unless you would try to run it. | |
| "As far as we can see, this program has never been executed by anyone else anywhere. You are the first person on the planet to run this file. This is highly unusual. We will block this file, even though we can't find any known malware from the file" | |
| The only problem with this scenario are software developers, who compile their own programs. They obviously are the first persons on the planet to run a particular program - as they made it themselves! They can easily whitelist their output folder to avoid this problem though. | |
| Can you recommend any behaviour-based or reputation-based blocking software in particular (for Windows and/or OS X)? | Well, our own antivirus has these built in. |
| Europol's cybercrime taskforce recently took down over a hundred darknet servers. Did the news shake your faith in TOR? | People use Tor for surfing the normal web anonymized, and they use Tor Hidden Service for running websites that are only accessible for Tor users. |
| Both Tor use cases can be targeted by various kinds of attacks. Just like anywhere else, there is no absolute security in Tor either. | |
| I guess the takedown showed more about capabilities of current law enforcement than anything else. | |
| I use Tor regularily to gain access to sites in the Tor Hidden Service, but for proteting my own privacy, I don't rely on Tor. I use VPNs instead. In addition to providing you an exit node from another location, VPNs also encrypt your traffic. However, Tor is free and it's open source. Most VPNs are closed source, and you have to pay for them. And you have to rely on the VPN provider, so choose carefully. We have a VPN product of our own, which is what I use. | |
| I use a VPN regularly from work to bypass filters, and at home to avoid those pesky cease-and-desists. Although I'm not a infosec professional I've always heard that how secure you are using a VPN is directly related to whether or not their logs of your traffic can be traced back to you. How secure in your opinion are VPN providers (such as PIA which I personally use)? And in wake of the prevalence of government surveillance now can VPN providers claims of 'not keeping logs' be trusted to protect privacy? | Use a VPN provider you trust. Someone who's been in the security business for a long while. Also, aim for a vendor who doesn't store logs of user activity. |
| Do you keep logs on the VPN? | Freedome stores no logs. |
| How safe are current smart phones and how secure are their connections? Are special phones used by politicians really safe, or do they get hacked as well? | The operating systems on our current phones (and tablets) are clearly more secure than the operating systems on our computers. That's mostly because they are much more restricted. |
| Windows Phones and iOS devices don't have a real malware problem (they still have to worry about things like phishing though). Android is the only smartphone platform that has real-world malware for it (but most of that is found in China and is coming from 3rd party app stores). | |
| It is interesting the Android is the first Linux distribution to have a real-world malware problem. | |
| Lot's of people are afraid of the viruses and malware only simply because they are all over the news and realtively easy to explain to. I am personally more afraid of the silently allowed data mining (i.e. the amount of info Google can get their hands on) and social engineering style of "hacking". | Companies like Google and Facebook make money by trying to gather as much information about you as they can. But Google and Facebook are not criminals and they are not breaking the law. |
| How would you compare these two different threats and their threat levels on Average Joes point of view - which of them is more likely to cause some harm. Or is there something else to be more afraid of even more (govermental level hacks/attacks)? | There are different problems: problems with security and problems with privacy. Security problems come from criminals who do break the law and who directly try to steal from you with attacks like banking trojans or credit card keyloggers. Blanket surveillance of the internet also affects us all. But comparing these threats to each other is hard. |
| Thoughts on bitcoin from a security standpoint? | Bitcoin is interesting, in many different ways. |
| I do believe in cryptocurrencies. It might not be Bitcoin that changes the world, but something built on that will. | |
| We see Bitcoin in our line of work all the time. Wallet theft. Ransomware where Bitcoin are used to pay the ransoms. Mining trojans. | |
| However, that's just like blaming cash for being too handy for drug dealers. | |
| Bitcoin is just a tool. Can be used for good or bad. | |
| Favorite debugging tool? | I've always had a soft spot for the old DEBUG.EXE that shipped with MS-DOS... |
| N Yeah.com. | |
| E0100 B0 13 CD 10 68 00 A0 07 31 FF B1 C8 E8 20 00 51. | |
| E0110 B9 40 01 E8 19 00 D8 C3 DF 1C D8 E3 8A 04 DF 1C. | |
| E0120 32 04 24 1F AA E2 EC 59 E2 E2 83 07 10 EB D9 89. | |
| E0130 0C DF 04 D9 C0 DE 07 DE 74 04 D9 FE DE 4C 14 C3. | |
| RCX. | |
| 40. | |
| W. | |
| Q | |
| Is this real? Link to www.youtube.com. | No, that's not how you break into a system in the real world. |
| Another timely rebuttal of movie hacking, speaking about the ads for the upcoming Black Hat movie: Link to carbon-dynamics.squarespace.com - this one is written by Dan Tentler. | |
| With the rise of the Internet of Things, what measures can we take to better secure ourselves in regards to home devices (laptops, smart-tvs, etc)? | Well, you won't be running an antivirus on your washing machine or toaster, that's for sure. |
| The real-world attacks against IoT devices are still limited - mostly because the ways of making money by hacking washing machines and so are limited. | |
| As a result, the IoT security solutions aren't really widely available yet. They will be in the future though. | |
| Is it unethical to release viruses that kill viruses? Or would it be hard to tell the good buys from the bad guys (eventually)? | The idea of a 'good virus' has been discussed to death already years ago. The consensus is that anything good that could be done with self-replicating code could be done better without the replication. |
| See Dr. Vesselin Bontchev's seminal paper on this: Link to www.virusbtn.com | |
| I have a dream. Link to i.imgur.com | Nice pic... |
| Linux distributions generally don't need antivirus, but apart from the fact that most malware is written for Windows, why do you think this is? If linux became the popular choice on desktops, do you think it would be as prone to malware as Windows is? How about OS X? | Most mobile malware IS written for Linux, since most smartphones run Linux. |
| So first and foremost, it's a question of market shares. | |
| After that it's a question of attacker skillsets. If the attackers have been writing Windows malware since Windows XP, they aren't likely to stop and switch easily to OS X or Linux unless they have to. And they don't have to. | |
| What's your take on security researchers withholding their findings regarding state sponsored malware for 'global security concerns'? Kaspersky and Symantec both withheld information about Reign malware. Is this common? Is it ethical? Why are security companies beholden to the intelligence community and not the people who pay them for their services and advice? How can this conflict of interest be resolved while retaining independence and integrity? | Nobody was withholding detection. Everybody detected all Regin-related files they had, and protected the end users. Which one would you rather have us to do? Sign an NDA, get the samples and protect our users? Or not sign the NDA and not protect our users. |
| Many people I talk to about this privacy thingy say "I have nothing to hide, so why bother". Do you think this will ever change, that people would start caring about this? Have you already seen the general opinion sifting...? | Some people will always say this. But they are always the people who haven't really thought it through. |
| If you have nothing to hide, you can't keep a secret. If you have nothing to hide, show me your search history. If you have nothing to hide, give me your password. If you have nothing to hide, I can't trust you. | |
| At this point, what do you personally feel about security and mass surveillance in a post-Snowden world where still not much has changed? | I've learned that many, many people just don't care. Which is depressing. |
| If you don't care about mass surveillance for your own case, how about caring on behalf of the future generations? |
Symantec takes on one of largest botnets in history. The security firm is confronting the ZeroAccess botnet, which is likely to have more than 1.9 million slave computers at its disposal for click ... There have been several reports this week detailing how security firm Symantec took down a large portion of a bitcoin mining botnet called ZeroAccess. Symantec has disabled part of one of the world's largest networks of infected computers. About 500,000 hijacked computers have been taken out of the 1.9 million strong ZeroAccess botnet, the ... the botnet, and poison bot routing tables to disrupt the botnet. In a concerted takedown effort, Symantec researchers took down the ZeroAccess botnet by flooding routing advertise- Symantec’s study of the ZeroAccess botnet shows us an example. ZeroAccess is made up if 1.9 million computers that generate money for the botnet’s owners through Bitcoin mining and click fraud. How Botnets Are Controlled. Botnets can be controlled in several different ways.
[index] [2511] [9164] [23954] [10854] [2087] [18938] [31745] [24695] [19287] [20844]
Bitcoin Algo Trading and Market Making Seminar 22 Mar 2017 - Duration: 1:01:40. BitMEX 20,243 views. ... Bot Framework V4 BotBuilder .NET Core - #1 - Your first bot - Duration: 9:12. Bitcoin Trading Bot - Bitcointradingbot - Cryptocurrencybot Project X Bitcointradingbot was founded in 2017 by Lawyer Marian Tudor in America. Following the developments in crypto currency markets ... Copy & Paste Videos and Earn $100 to $300 Per Day - FULL TUTORIAL (Make Money Online) - Duration: 22:51. BIG MARK Recommended for you I Survived Living Off Only BITCOIN for 24 hours and it didn't exactly go as expected. Is it possible to live for a day using cryptocurrency? Inspired from Ye... Today's episode talks about North Korea allegedly stealing Bitcoin, a new ransomware discovery, and a report from Symantec showing an increase in yearly cyber attacks. Thanks for watching and don ...