Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PSYB0T: A MIPS-device (mipsel) IRC Bot

Published: 2009-03-24
Last Updated: 2009-03-24 13:13:59 UTC
by G. N. White (Version: 1)
0 comment(s)

(Thanks to several readers for writing in to the ISC and noting how some eMedia outlets have now picked up on this story - as well as pointers to sources regarding this entity.  We always appreciate your valued input!)

A great document (pdf - dated January 11th, 2009) by Terry Baume goes into detail about how a specific brand of DSL Modem (Netcomm NB5) can be compromised with malicious code that turns the device into a IRC based Bot - named PSYB0T 2.5L

 While discovered several months ago, some recent entries on the DroneBL blog that (among further detail into "PSYB0T") state "We came across this botnet as part of an investigation into the DDoS attacks against DroneBL's infrastructure...".  It certainly appears that PSYB0T may be alive and kicking!

Some further insight into the possibility that this Bot is still evolving (Now Version 2.9L, 3 months later) has been presented on the TeamFurry blog.

G.N. White

Handler on duty (What Will Internet-Based Kitchen Appliances Be Capable Of In The Future?)

Keywords: PSYB0T mipsel
0 comment(s)

CanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day?

Published: 2009-03-24
Last Updated: 2009-03-24 01:19:30 UTC
by G. N. White (Version: 1)
1 comment(s)

 

"Safe" Internet web browsing experiences - a concept that tends to sometimes get overlooked when considering an assessment of our own personal (or corporate) Internet security posture.  The "Pwn2Own" event recently held at CanSecWest certainly raises suspicions as to how secure our web browser (of choice) may actually be in preventing us from becoming the next Negative Internet web browsing statistic - but due to the nature and rules of the event, none of the details for the winning methods and procedures get immediately released.

Ironically, in terms of the IE8 browser exploit, a bit of detail was noted for the winning method and procedure on the sponsor's DVLabs blog - "...a sleek exploit against IE8, defying Microsoft’s latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization)".

In reading the latest blog entry (March 23rd) on the Microsoft Security Research & Defense website, it goes out of its way to hilite a specific statement:  "The final release of Internet Explorer 8 on Windows Vista blocks the .NET DEP+ASLR bypass mechanism from malicious websites on the Internet".

So this begs the question:  Had the organizers of the Pwn2Own event waited another day for the "Official" release of IE8 to become available, would IE8 really have been exploitable?

G.N. White

ISC Handler (Because timing really matters!)

 

1 comment(s)
Diary Archives