BOTHUNTERS.PL bezpieczeństwo, trojan, botnet, wirus i łamanie haseł z serwisu nasza-klasa, hacking i cracking. Ciemna Strona Mocy u nas w świetle reflektorów.

Jeżeli ktoś uruchomi jakiś program na Twoim komputerze, to ten komputer przestaje być już Twój.

Konto:

Niezalogowany
Zaloguj się

Menu główne:


Blog

7 komentarzy do Zamiast świątecznych jajek otrzymałem informacje o blokadzie konta: account notification

  1. Borys Łącki

    6 kwietnia, 2010 o godzinie 15:29

    Dostałem właśnie nową wersję:

    Please click on the following link (or copy & paste it into your web browser):

    http://katjusza.home.pl/instructions.exe

    Wesołą domenę utrafili :] Sprawdźcie co tam normalnie klika…

    I plik jest nowy :}

    http://www.virustotal.com/pl/analisis/323836aa134b2b66d8e33802f961b82a88bcc385b4427f46f90005d733218e0e-1270560290

  2. Borys Łącki

    7 kwietnia, 2010 o godzinie 09:21

    Po zgłoszeniu do działu BOK firmy home.pl (zwyczajowy formularz na ich stronie) – w ciągu kilku godzin zostały podjęte odpowiednie działania.
    I to mi się podoba. Czy nie mogłoby tak być wszędzie?
    Kolejne miliony ocalone ;]

  3. Piotr

    14 kwietnia, 2010 o godzinie 22:08

    Rozwalam sobie łindołsa.
    Masz ten pliczek :]?

  4. Borys Łącki

    15 kwietnia, 2010 o godzinie 09:01

    Wersja bodajże 1 przed tym opisywanym:

    http://rapidshare.com/files/376068953/Instructions.exe.html

  5. Piotr

    15 kwietnia, 2010 o godzinie 13:17

    Dzięki. Zaraz wszystko przetestuje :)

  6. Adam

    4 sierpnia, 2014 o godzinie 19:06

    Otrzymałem coś podobnego. Wersja z 2014.08.04
    Wszystkie dotyczące mnie adresy IP zostały zagwiazdkowane…

    A public NTP server on your network, running on IP address ***.***.***.*** and UDP port 123, participated in a very large-scale attack against a customer of ours, generating UDP responses to spoofed „monlist” requests that claimed to be from the attack target.

    Please consider reconfiguring this NTP server in one or more of these ways:

    1. If you run ntpd, upgrading to the latest version, which removes the „monlist” command that is used for these attacks; alternately, disabling the monitoring function by adding „disable monitor” to your /etc/ntp.conf file.
    2. Setting the NTP installation to act as a client only. With ntpd, that can be done with „restrict default ignore” in /etc/ntp.conf; other daemons should have a similar configuration option. More information on configuring different devices can be found here: https://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html.
    3. Adjusting your firewall or NTP server configuration so that it only serves your users and does not respond to outside IP addresses.

    If you don’t mean to run a public NTP server, we recommend #1 and #2. If you do mean to run a public NTP server, we recommend #1, and also that you rate-limit responses to individual source IP addresses — silently discarding those that exceed a low number, such as one request per IP address per second. Rate-limit functionality is built into many recently-released NTP daemons, including ntpd, but needs to be enabled; it would help with different types of attacks than this one.

    Fixing open NTP servers is important; with the 1000x+ amplification factor of NTP DRDoS attacks — one 40-byte-long request can generate up to 46800 bytes worth of response traffic — it only takes one machine on an unfiltered 100 Mbps link to create a 100+ Gbps attack!

    If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack.

    Further reading:

    https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
    https://isc.sans.org/forums/diary/NTP+reflection+attack/17300
    http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
    http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&smlogin=true

    You can find more vulnerable servers on a network through this site: http://openntpproject.org/

    Example NTP responses from the host during this attack are given below.
    Timestamps (far left) are PDT (UTC-7), and the date is 2014-08-04.

    07:39:29.571470 IP ***.***.***.***.123 > 31.186.251.x.9987: NTPv2, Reserved, length 440
    0x0000: 4500 01d4 0000 0000 3911 08ae 5bc0 0084 E…….9…[…
    0x0010: 1fba fb6d 007b 2703 01c0 70e1 d700 032a …m.{’…p….*
    0x0020: 0006 0048 0000 0000 0000 0000 0000 0000 …H…………
    0x0030: 0000 00f4 1fba fb6d 0a38 38b6 0000 0001 …….m.88…..
    0x0040: 2703 0702 0000 0000 0000 0000 0000 0000 '……………
    0x0050: 0000 ..
    07:39:29.571485 IP ***.***.***.***.123 > 31.186.251.x.9987: NTPv2, Reserved, length 440
    0x0000: 4500 01d4 0000 0000 3911 08ae 5bc0 0084 E…….9…[…
    0x0010: 1fba fb6d 007b 2703 01c0 e00e d701 032a …m.{’……..*
    0x0020: 0006 0048 0000 0007 0000 0006 0000 0000 …H…………
    0x0030: 0000 0a1b c0df 1e0b 0a38 38b6 0000 0001 ………88…..
    0x0040: 6987 0702 0000 0000 0000 0000 0000 0000 i……………
    0x0050: 0000 ..
    07:39:29.571715 IP ***.***.***.***.123 > 31.186.251.x.9987: NTPv2, Reserved, length 440
    0x0000: 4500 01d4 0000 0000 3911 08ae 5bc0 0084 E…….9…[…
    0x0010: 1fba fb6d 007b 2703 01c0 7699 d702 032a …m.{’…v….*
    0x0020: 0006 0048 0000 0040 0000 0022 0000 0000 …H…@…”….
    0x0030: 0000 0045 59ab 0b1e 0a38 38b6 0000 0001 …EY….88…..
    0x0040: 007b 0404 0000 0000 0000 0000 0000 0000 .{…………..
    0x0050: 0000 ..

    (The final octet of our customer’s IP address is masked in the above output because some automatic parsers become confused when multiple IP addresses are included. The value of that octet is „109”.)

    -John
    President
    Nuclearfallout, Enterprises, Inc. (NFOservers.com)

    (We’re sending out so many of these notices, and seeing so many auto-responses, that we can’t go through this email inbox effectively. If you have follow-up questions, please contact us at noc@nfoe.net.)

  7. Anonim

    12 marca, 2018 o godzinie 07:02

    Dobrze opisane dziki >Zamiast witecznych jajek otrzymaem informacje o blokadzie konta: account notification | Bothunters.pl blog <;) !

Napisz komentarz

(*)
Pole wymagane