All of your pages are belonging to us
We received a report of a very aggressive web spider that apparently is not obeying robots.txt.
The report claims the spider is from http://www.80legs.com/webcrawler.html
Here are a few interesting tidbits from that site.
"008 runs on a grid computing platform that consists of several thousand computers, which is why you may see our web crawler access your site from many different IP addresses."
"If you block 008 using robots.txt, you will see crawl requests die down gradually, rather than immediately. This happens because of our distributed architecture. Our computers only periodically receive robots.txt information for domains they are crawling."
And my personal favorite ...
"Blocking our web crawler by IP address will not work. Due to the distributed nature of our infrastructure, we have thousands of constantly changing IP addresses. We strongly recommend you don't try to block our web crawler by IP address, as you'll most likely spend several hours of futile effort and be in a very bad mood at the end of it."
Several thousand computers? Sounds like a recipe for a DDoS attack if I ever saw one and I don't even want to think about what could happen if that site got 0wn3d.
Has anyone else seen this? Let us know.
Christopher Carboni - Handler On Duty
Someone is attempting to register your domain in [insert country name here]
Dear Mr. Carboni,
"We are a Network Service Company which is the domain name registration center in [some city and country]. On Nov. 16 2010, we received an application from [some company that doesn't exist] requested "Sans" as their internet keyword and [country and (TLD)] domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it's necessary to send email to you and confirm whether this company is your distributor or business partner in [country name]?
[some person name]
[some company name]
[some company address] etc ...
Really? Oh no! I might lose my company.com/cn/af/sk/so/br domain in China/Afghanistan/S.Korea/Somalia/Brazil/ ...!
This is a scam that is several years old and I'm finding out is not as widely known as I originally thought.
Back in the day I used to receive this type of email at least a few times every month, usually from a different person/company/country.
If you call / email or in some way return communication, in my experience, the "registrar" tries to extort you for some amount of money telling you that if you don't pay (I remember one for $10000 USD and another was much more though I can't remember the exact amount - credit cards gratefully accepted) you will lose whatever domain they're telling you someone is trying to register.
There may be other angles that I haven't seen before but the bottom line is this is a scam that can be filed with the other scams, phishes, hoaxes and other stuff which (hopefully) is caught by your spam filter.
Update:
One of our other Handlers pointed me to an excellent article by Dr. Neal Krawetz on this very scam. Read about it in the Hacker Factor Blog.
Christopher Carboni - Handler On Duty
Stopping the ZeroAccess Rootkit
Jack at the Infosec Institute sent a note announcing research that had been done on the ZeroAccess Rootkit.
He states "One of our InfoSec Resources Authors defeated all of the anti-debugging and anti-forensics features of ZeroAccess and traced the source of this crimeware rootkit"
The full article can be found on their website.
How widespread are rootkits in your environment?
Are you having a problem with rootkits right now or have you had a problem with them in the past?
Write in and share your experiences including any practical tips on recovery in a corporate environment.
Christopher Carboni - Handler On Duty
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago