Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Botnet

Submission + - Inside the Black Energy 2 Botnet (threatpost.com)

Trailrunner7 writes: Threatpost has an interesting column that provides a detailed analysis of the notorious Black Energy 2 botnet, which has been wreaking havoc with DDoS attacks, spam operations and playing a part in web redirects and malware campaigns. "The bot has several main functions: it hides the malware code from antivirus products, infects system processes and, finally, offers flexible options for conducting a range of malicious activities on an infected computer when commands are received from the botnet command-and-control (C&C) center. Each task is performed by a different component of the malicious program.

Initially, the Black Energy bot was created with the aim of conducting DDoS attacks, but with the implementation of plugins in the bot’s second version, the potential of this malware family has become virtually unlimited. (However, so far cybercriminals have mostly used it as a DDoS tool). Plugins can be installed, e.g. to send spam, grab user credentials, set up a proxy server etc. The upd command can be used to update the bot, e.g. with a version that has been encrypted using a different encryption method. Regular updates make it possible for the bot to evade a number of antivirus products, any of which might be installed on the infected computer, for a long time.

This malicious tool has high potential, which naturally makes it quite a threat. Luckily, since there are no publicly available constructors online which can be used online to build Black Energy 2 bots, there are fewer variants of this malware than say, ZeuS or the first version of Black Energy. However, the data we have shows that cybercriminals have already used Black Energy 2 to construct large botnets, and these have already been involved in successful DDoS attacks.

Submission + - Police fuck up redaction, lifelock gets the blame (slashdot.org) 2

logjon writes: Today, slashdot reached a new low when it took the chance to point the finger at a private corporation for a government fuckup. A police report was improperly redacted, yet the finger was pointed at LifeLock for taking action when it came to light, ignoring the fact that LifeLock did absolutely nothing wrong, but in fact, took preemptive action against this data leak. One can only conclude that slashdot editors are fucktards, oblivious to the fact that police reports are public records, and that said editors cannot even be assed to rtfa. Details at 11.

Comment Re:A twinge of sadness at this passing (Score 4, Insightful) 273

Agreed. I love(d) the days of the newsgroup.

But in all fairness, back then the internet was totally free. And everyone pretty much put up servers for altruistic, informational, educational or other similar non profit purposes. Today with the current economic climate and focus on spending policies, everyone is cutting down. And there just really isn't a viable business model for usenet that I can think of (not that I'm a doctorate in economy, but still).
So I guess Usenet now just goes the way of Gopher and becomes once again a prduct of love and devotion, rather than business. I kinda like usenet that way, so I dont really mind.

Does that make me a geek now ? ;)

Comment Re:Write User Documentation (Score 3, Informative) 99

Oh, dear Lord, user interfaces. They're tough to write well, and one of the great flaws of oopen source. Try the guidelines at the bottom of http://catb.org/~esr/writings/cups-horror.html.

One thing Eric missed in his rant is "throwing things out". Most of CPAN, for example, should have been flushed down the toilet as incompatible with thermodynamics, much less the last five yearf of Perl releases, years ago. Subversion should have thrown out Berkeley DB as an unstable piece of unusable debris years ago. And password based FTP should have been discarded as a bad idea 10 years ago, but Matlab continues to rely on it for upstream file transfer with no built-in HTTPS or WebDAV.

What are these idiots thinking?

Comment Re:What a joke... (Score 1, Insightful) 595

Yeah, he does this all the time. Even when referring to HTML5, CSS3 and Javascript, he states:

So compare both, I can use Adobe flash technology and build workable results without paying Adobe a cent. I have access to all the source for the tools that make the swf files. Not so with Apple. So who is more open again?

This is a ridiculous statement and makes no sense whatsoever. Why the hell would anyone pay anything to Apple in order to create a website powered by HTML5, CSS3 & Javascript and featuring H.264 video?

Comment Re:HARRY_READ_ME.txt (Score 2, Insightful) 764

Basically "your result is correct but your method is completely wrong" is kindspeak for "you manipulated your data until you reached the consensus opinion".

In other words, even if their results were "correct", they're completely unjustified and only "correct" because they match up with generally agreed-upon results from other people. That means the CRU report? It proves absolutely nothing. It does not support AGW, it doesn't refute it either. It's simply bad. If this was a college course they'd probably fail, since correct answers arrived at through incorrect methods are actually incorrect answers that, somehow as dumb luck would have it, match the expected result.

Comment Re:Can we please go back to calling it "LYING"? (Score 5, Interesting) 121

We could also remove words such as running, sneaking, walking, jogging and sprinting and just say "going".
Pretexting is a specific type of lie that means setting up the false pretext to be someone else - typically by using valid and/or confidential information about that person or by using the pretext over a prolonged period of time to make the ruse seem more convincing.

I appreciate having this extra bit of information instead of just saying "he lied".

Comment Re:All this despite no forced unbundling... (Score 1) 472

Unbundling wont work because of all the parts of Windows and of Windows Apps that use the IE rendering engine.

All of the various Help technologies Microsoft has used and supported in the last decade (including HTML Help and its replacements) use IE to render. Game related programs like GameSpy and Steam use (or have used) IE to render. All kinds of custom written software (written for specific companies or markets) use IE to render HTML.

Even more apps use various parts of IE to do things like HTTP up/downloading, SSL and other things.

Cellphones

Verizon To Charge Content Providers $.03 Per SMS 260

An anonymous reader writes "It appears that Verizon is going to start double-dipping by charging both consumers AND content providers for SMS text messages. Verizon has informed content partners that it will levy a $.03 charge for messages sent to customers, effective November 1. From RCRWireless: 'Countless companies could be affected by the new fee, from players in the booming SMS-search space (4INFO, Google Inc. and ChaCha) to media companies (CNN, ESPN and local outlets) to mobile-couponing startups (Cellfire) to banks and other institutions that use mobile as an extension of customer services.'"

Slashdot Top Deals

If you think the system is working, ask someone who's waiting for a prompt.

Working...