Security :: Attackers Moving To Social Networks For Command And Control
Jul 20, 2010
Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they're finding that social networks such as Twitter and Facebook are offering even more fertile and convenient grounds for controlling their malicious creations.New research from RSA shows that the gangs behind some of the targeted banker Trojans that are such a huge problem in some countries, especially Brazil and other South American nations, are moving quietly and quickly to using social networks as the command-and-control mechanisms for their malware. The company's anti-fraud researchers recently stumbled upon one such attack in progress and watched as it unfolded.
View 9 Replies
ADVERTISEMENT
Jun 8, 2011
here is my mail log I have setup virtual hosting with postfix and courier examples from my maikl.info file
Code:
8 14:46:46 dynamicweb pop3d: LOGIN FAILED, user=arthur, ip=[::ffff:95.31.15.64]
Jun 8 14:46:46 dynamicweb pop3d: LOGIN FAILED, user=ashley, ip=[::ffff:95.31.15.64]
Jun 8 14:46:46 dynamicweb pop3d: LOGOUT, ip=[::ffff:95.31.15.64]
[Code]...
View 5 Replies
View Related
Nov 5, 2010
Quote: Attackers are constantly changing their tactics and adapting to what the security community and researchers are doing, and it's not unusual for the bad guys to adopt techniques used by their adversaries. The latest example of this is a malware gang that has deployed what amounts to a honeypot designed to monitor the activity of researchers or other attackers who try to access a command-and-control server.
View 1 Replies
View Related
Nov 5, 2010
Quote:As the line between securely hosted and controlled enterprise applications and cloud-based applications continues to blur, there's more "legitimate" traffic between corporate networks and the Internet than ever before. This opens up new vectors for attack by hackers nd cybercriminals as more traffic types are allowed through corporate firewalls. The result is an increase in diversity of covert command and control channels, which hide inside legitimate traffic in order to bypass perimeter security. These C&C channels, used by malware ranging from simple spambots to more sophisticated rootkits, vary in the maliciousness of their intent from casual hacking all the way to advanced persistent threats (APT) and industrial espionage.
View 1 Replies
View Related
Apr 26, 2011
I'd like to know if the mv command is supposed to apply the default acl of the destination directory to the moved file?
I'm on RHEL5, and when moving a file with no acl, to a directory with a default acl, the acl is not being applied.
Note: cp does apply the acl as expected.
View 7 Replies
View Related
Jul 17, 2011
how safe is it to run Ubuntu updates when I'm connecting via a public network (wireless or wired) from a hotel (or other public settings). I'm not familiar with the internals but is there an additional validation mechanism for the package servers other than the URL ?
View 4 Replies
View Related
Mar 9, 2010
The first is regarding my home network that I've setup. It mainly consists of two laptops, both running fedora. I find myself using rsync, ssh, scp, and the like quite often, but it is very annoying constantly needing to provide a password. This sounds like a job for RSA keys, but is it safe to do so on my laptop I take whenever I travel? If my laptop were to be stolen, my personal and private keys would be available to the thief. Is it instead better to use something like kerberos (which I'm not very familiar with, ie. I've used it at work but never took the time to learn how it works).
This isn't much of an issue with my home network since it is protected behind my router. However, I have the same issue with rsync, and ssh to my work PC. These are the RSA keys I'm worried about if my laptop were to be stolen.
View 3 Replies
View Related
Oct 2, 2010
I just ran this command:
john@cmp:~/Downloads$ sudo cp * /usr/share/amsn/skins
and it came up with something like "cp omitting directory xxxx" for all directories (so each line xxxx was just a folder name. I was trying to move all directories in my Downloads folder to the skins folder u see above. But when I replaced the "cp" with "mv", it all worked fine. How come? I dont see why i can move but not copy?
View 1 Replies
View Related
Jan 22, 2009
When I move files with the mv command, it simply waits until the file has moved and then the command prompt appears again. This is fine, but there are two things which are rather annoyingThere is no progress bar: When moving really large files, you have no idea how long the move is going to take. Is there possible to produce a progress bar to show how much has finished? You can't do anything while you're moving: You can't use the command prompt while you're moving the file/files. I'm currently not using a Linux computer (I'm at school) but maybe it's possible to write mv <file> <location> &, I just thought of that just now. Is it maybe possible to use another program than mv to move you files?
View 2 Replies
View Related
Oct 17, 2010
How can I move a directory to the root of a drive via command line?
In MS-DOS it would be 'move C:/GAMES/QUAKE C:/'
What is the equivilent in Linux?
View 8 Replies
View Related
Nov 4, 2010
Quick explanation about what this thread is: by way of an article featured on linuxtoday, I learned about what appears to be an actively managed IP blacklist: [URL]
# This is a compiled list of dirty hosts associated with
# bruteforcing attempts, spam, botnets, RBN and the list
# continues to grow. The data is comprised of information
# compiled from Arbor Networks, Project Honeypot, FIRE
# (maliciousnetwork.org), Host Exploit, Shadowserver and
# a variety of other similarly based sites.
Quick explanation about what this thread is not: this is not intended to be a discussion about default deny vs. default allow (i.e. whitelists vs. blacklists), nor is this a call for enumerations of your own sshd hardening strategy. Please try to keep on point. That said, can anyone speak to the quality of the blacklist information noted above? And/or are there any suggestions for a readily available blacklist of "known better" quality? I plan to try including an actively maintained blacklist like this into a multi-layered approach for hardening an sshd bastion host.
View 4 Replies
View Related
May 26, 2010
I'm working with computers that need to be public, so I'm trying to remove the social networking from 10.04.Unfortunately, this means that the "Indicator Applet" needs to go.The Indicator applet, holds the volume control.Is there anyway to add volume back to the panel after I remove the Indicator Applet?
View 5 Replies
View Related
Dec 23, 2010
I have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
View 5 Replies
View Related
May 12, 2011
I've just started using gdb at my new job, and I'm having a small issue debugging C++ with it. After I execute "continue" or "run" through gdb, I'm not able to return control to gdb. Based on the documentation I read, I should be able to use Control-C to interrupt the program, and have control return to gdb.
This does not work on my setup. Not sure if it's related, but I'm debugging on a remote machine. I tried through PuTTY and xterm using Exceed XServer. In both cases, gdb does not respond to Control-C. This is quite annoying because I have to restart my program every time I want to set a breakpoint.
View 2 Replies
View Related
Apr 16, 2011
I am trying to configure my android phone (rooted Eris running kaossfroyo 2.2) to be used as a midi controller. Which I am having enough trouble with as it is but it has raised an annoying issue that occurred a month ago when I used the phones tethering network with my laptop. After connecting the laptop to the phones network (either tether, or an Ad-hoc network created using the network manager) I am unable to switch to other networks. In other words when I'm done with the phone-laptop connection I cannot connect my laptop to my home network! When I click on the other network connection I can see that it is attempting to connect in the upper right corner of the desktop (the network icon) but it will not make the connection.
What happens is that the network indicator will make the little circle graphic as if it is trying to connect but it never will display the other circle as green indicating that it has connected. but when I disconnect from the home network that is not connecting I will get a message underneath that will say that ad-hoc network disconnected! If I am switching from the android tether it will say Android-Tether disconnected etc. Even though when I click on network manager it shows that I am attempting to connect to the home network (labeled LIBERTY in my case) upon disconnection it shows the ad-hoc or tether connection being disconnected.
I am absolutely baffled by this! The issue persists even after deleting the ad-hoc connection from the wireless settings tab!!! I would speculate that for some reason the laptop is attempting to connect to the previous ad-hoc connection despite me wanting it to connect to LIBERTY. I am very confused and hope someone can lead me in the right direction.
View 1 Replies
View Related
Aug 24, 2010
I have my own dedicated server box running (using it for game servers). I access it via ssh and I have root control of it. It has FEDORA Operating System. I wanna give FTP control of different directories to different users. Right now there are no other FTP users except root. I have installed vsftpd and dont know what should I do next? How do I add users (who can read/write/delete files) and How do I restrict them to their home directory?
Here is what I want:
username:client1
password:12345
home directory: home/server1
username:client2
password:12345
home directory: home/server2
View 1 Replies
View Related
Jun 6, 2010
Reading from this article New Flash Bug Exploited By Hackers : How to avoid it? In particular the article said
Quote:
A new attack on a Flash bug has surfaced that would give attackers control of a victim�s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.
View 4 Replies
View Related
Jul 20, 2010
does any one know how to install the Social Engineering toolkit?
View 4 Replies
View Related
Jul 14, 2010
I want to create Social Network Software. What are the specifications required for using Linux as server.
View 4 Replies
View Related
Sep 9, 2010
As I am Carrying out a project to Design Social Networking Databases, I need 5 tables for designing it.My frontend being php and backend being Mysql.I need to know what are the 5 tables I can have and how to implement them.
View 4 Replies
View Related
Jul 23, 2010
I use F13. How can I control the volume of my desktop ssh'ing into it from my laptop?
I use the laptop like a remote control to control my desktop through vnc while watching movies, but changing volume through this setup is a bit too cumbersome and clumsy. I tried alsamixer but it behaves strangely and doesn't change volume.
View 4 Replies
View Related
Jan 3, 2010
Everything is plain and simple. I want to know what's the least painful way to control vlc from local command line while having GUI as well?
I would like to e.g. use something like "vlc --pause" in one of my bash scripts to pause music if something hapens. So rc interface is useless, is it not?
not making a thorough search on this as the irrelevance of results is beneath me... Well actually I have made it but it was a while ago and to no avail since the new vlc shipped with karmic got rid of the old http interface which allowed to do this just by using wget on an url....
View 3 Replies
View Related
Jan 6, 2011
Is there a way to reverse the functionality of the cmd and ctrl buttons? I'm used to the Mac layout and am often hitting cmd instead of ctrl. =
View 2 Replies
View Related
Jul 30, 2011
If you're familiar with macs, you know that they use command keys instead of control..
If I want to select all I press COMMAND + A not CONTROL + A copy is COMMAND + C, paste is COMMAND + V, quitting an application is COMMAND + Q.
I am used to this, and I would like to change the command key to be the control key, and the macs control key to be the "windows" key.
View 1 Replies
View Related
Feb 23, 2010
I have setup my linux fedora server and i want to restrict access to my server.Basically i control using iptables.I'm not sure how to write an iptables rules to control drop all connection to port 8080 and allow only certain ip can access the instance on port 8080 example ip=10.254.14.16,192.168.1.10.
View 3 Replies
View Related
Sep 1, 2010
I want to know what are the ways to monitorize and control/stop flooding on my server, because I am heavily flooded. At this moment I am doing all this manually (when I see that my bandwidth is lowering or some applications are freezing), my main working tool being iptables.But I want something automated .
Another problem : if I am flooded with packets having real ip addresses , with a simple iptables command I cand resolve the problem easily. But, the problem is, in most of the cases, I am flooded with packets with spoofed ip adresses (e.g. 1.2.3.4 ), so the only thing I can do in this situation is to block all incoming packets (which ruins everything).Do you have a solution to this ? The flood monitorizing (and controlling) tool may be with/without interface, only to be effective.
View 1 Replies
View Related
Sep 13, 2009
I have installed fedora 11, now i want to install touch driver for my dell 15 laptop. when i m moving cursur its moving but when i m clcking on touch pad to open anything its not opening, to open i have 2 select any file then i have to click touchpad keys.
View 2 Replies
View Related
Feb 5, 2011
Is there a way with the Firefox userContent.css to block social media widgets?I understand there is an Adblock Plus extension that can do that, but I don't use Adblock Plus.
View 8 Replies
View Related
Jan 8, 2010
I'm a full-time developer in my day-job, I get paid real money for it and everything! Nowadays I generally write web-based business apps using VB.net and ASPX.net, but I'v recently been asked to come up with a social networking type site (something in-between Facebook and twitter) that will initially be used for training purposes... don't ask or I'll have to send the men in the dodgie overcoats round
Problem is, it is to be written like real social-networking site, I've no idea what I'm going to make it look like and was, more fundamentally, wondering what to write it in?I've written commercial systems using Perl, PHP, ASP and the .net (VB and C) stuff.
View 9 Replies
View Related
May 17, 2010
Is it possible to control the mouse position from the command line? I want to centre the pointer in the middle of the screen
View 8 Replies
View Related
