Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on October 22, 2009, 10:12:41 am

Title: A black hat loses control
Post by: SysAdMini on October 22, 2009, 10:12:41 am
original article can be found at
http://www.viruslist.com/en/weblog

Quote
Malware writers today always try to conceal their identities, right? Wrong – even some of today’s profit driven cyber criminals reveal their identities. We are a bit surprised, but here is the story of how a blackhat has revealed his identity and is trying to ‘get compensation’ from Kaspersky for conducting research.

Recently we have been looking into a new service for malware writers: [avtracker dot info]. This is an online service designed to track AV vendors. The home page of [avtracker dot info] describes the service which includes protection for malicious programs against analysis by malware researchers and also calls for a DDoS attacks against security companies:

(http://www.viruslist.com/en/images/pictures/vlweblog/208187883.gif)

Quote
Moreover, some of our fellow researchers shared a network request with us that was used to report back to [avtracker dot info]. This request was used in a special spy program which was distributed to various antivirus labs by the owner of [avtracker dot info]. If executed, this spyware would contact the owner and describe the environment of the infected machine. We played around with this request, and substituted various random strings instead of the user name and system parameters.

The WHOIS listing was of no use – [avtracker dot info] was registered anonymously. This was no surprise – cyber criminals usually do register domains anonymously to hinder identification.

So far, nothing out of the ordinary – a normal day in the life of an antivirus company. And then…surprise – the owner of the malware writers’ service contacted us and revealed his identity. Moreover, he even demanded a ransom of 2000 euro to compensate his purported losses when we attempt to ‘break’ his new toy.

At the time of writing, we have received the spy program, which had the following message in its code pointing to the same person who contacted us:

(http://www.viruslist.com/en/images/pictures/vlweblog/208187884.gif)

Quote
Naturally, we have gathered all relevant data and forwarded it to our lawyer who will now take the next steps. If all cyber criminals were as cooperative as this one, life would be much easier for AV companies.
Title: Re: A black hat loses control
Post by: SysAdMini on October 28, 2009, 05:29:49 am
Former Anti-Virus Researcher Turns Tables On Industry
http://voices.washingtonpost.com/securityfix/2009/10/former_anti-virus_researcher_t.html
Title: Re: A black hat loses control
Post by: SysAdMini on October 28, 2009, 06:18:18 pm
Antivirus researcher turned bad
http://blogs.authentium.com/virusblog/?p=441

Quote
So there is this 18 year old kid that is making news. Some people call him a security professional, some people give him credit for “advancing the state of security”, some people even call him an antivirus researcher.