Author Topic: MalwareDiariesList? why not?  (Read 8443 times)

0 Members and 1 Guest are viewing this topic.

September 28, 2009, 11:00:00 pm
Read 8443 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
http://blogs.paretologic.com/malwarediaries/index.php/2009/09/28/malwarediarieslist-why-not/

Quote
I am working on something similar to MDL (MalwareDomainList) for security researchers.

Our array of HoneyPots is collecting a lot of URLs and so far, we haven’t been sharing them except for the occasional blogpost mentioning this or that URL.

We do currently share our HoneyPot samples with our partners which is good, but URLs do have a high value as well for security researchers.

Anyway, unlike MDL I plan on restricting the access for different reasons. Our current partners will have free access as an added bonus to our sample shares.

So stay tuned for this upcoming project.

Jerome Segura
Ruining the bad guy's day

September 28, 2009, 11:19:46 pm
Reply #1

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
hi @all

my 5 cents ...

bullshit.. why ? simply any collected url is in my opinion public domain.

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

September 28, 2009, 11:31:07 pm
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

I agree completely.

In order to win this fight the security has to cooperate and share their findings. Disclosing as much as possible is a must.
Ruining the bad guy's day

September 28, 2009, 11:53:08 pm
Reply #3

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
i just registered on his blog and wrote a comment....

not yet published.... on his blog... here the content of my posting for reference...

-- gerhard

Quote
Hi Jerome,

I just came along within MDL to your article...


my 5 cents ...

bullshit.. why ? simply any collected url is in my opinion public domain.

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

this is a open invitation to you and your company to fully share all retrieved url to the community.

we @ netpilot dedicate bandwidth, storage and man power to consolidate these data, so we expect from your company to assist us by feeding your url's to our database.


-- gerhard


September 29, 2009, 09:41:39 am
Reply #4

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
I agree with cleanmx

September 29, 2009, 02:46:22 pm
Reply #5

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

September 29, 2009, 03:07:33 pm
Reply #6

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
I forgot to grab his face during vb >:(

September 29, 2009, 03:19:52 pm
Reply #7

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
my reply

subject: comments on your blog are *not* visible
Quote
Hi Jerome,

sorry if i had treated you in a someone rough way...

1) it was late in Germany
2) I had been slightly angry about your wording in your original post.
3) i'm nor a hater, or similar ....

but

1) we are too not a charity organization
2) parts of our work will be public without any restrictions

so the main thing is to hide Url's and not giving them to researches and consolidators in this business is not a really good idea, on the other hand you in turn use hphost, malwareurl, malwaredomainlist and probably clean-mx.

so please do not shut a door, think about this invitation.

-- gerhard

btw.

why is my comment not visible, only your quoted one ?

September 29, 2009, 03:25:45 pm
Reply #8

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
vb ? please help an old man to put things together


Quote
I forgot to grab his face during vb Angry

September 29, 2009, 03:44:57 pm
Reply #9

RS-232

  • Special Access
  • Sr. Member

  • Offline
  • *

  • 165
Quote
A lot of people don’t know what they’re doing and would just infect themselves.

Oh boy,it's once again the same old ideas (or should I better say 'excuses'),that make me yawn...
And I thought that by now,it should be clearly understood that we don't live in the 90s era anymore,
where vxers where occasionally publishing their stuff only to show off...
4600$ per day in their pocket for spreading malware and advertizing illegal pharmacy,
is a pretty good reason for me to consider any collected url as public domain,heh...  ;)

Quote
Other people would leverage that information to infect others (I don’t want it to fall into the wrong hands).
Malware and it's control is simply...already in the wrong hands,he-he - that's by nature to say so ;-)
For the over-cautious,well,obviously not all research info should be made public,
yet I think SysAdMini already described that in the most exact words above..."disclosing as much as possible is a must".
Only for the "fun" of it...rs-232 aka sowhat-x aka younameit ;-)
http://www.youtube.com/watch?v=fADjY97_KTw

September 29, 2009, 03:48:54 pm
Reply #10

RS-232

  • Special Access
  • Sr. Member

  • Offline
  • *

  • 165
Quote
vb ? please help an old man to put things together

Quote
I forgot to grab his face during vb Angry

...i think it's Serg's invitation to him,but I somehow fear that MalwareDiaries will not accept it...  ;D
Only for the "fun" of it...rs-232 aka sowhat-x aka younameit ;-)
http://www.youtube.com/watch?v=fADjY97_KTw

September 29, 2009, 03:51:30 pm
Reply #11

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
vb ? please help an old man to put things together


Quote
I forgot to grab his face during vb Angry

I've met Jerome on VB  2009 in Geneva. He speaks a lot...   

September 29, 2009, 04:12:22 pm
Reply #12

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
now I'm confused...

I did a short google on  http://www.google.de/search?hl=de&source=hp&q=+MalwareDiariesList%3F+why+not%3F&btnG=Google-Suche&meta=&aq=f&oq=

and clicked on : http://www.google.de/url?sa=t&source=web&ct=res&cd=5&url=http%3A%2F%2Fwww.securitynewsportal.com%2Fsecurityblogs%2F&ei=eC_CSuKOOo3emAO6-4GyBg&usg=AFQjCNEWQ0n7jqfuDHGGy-VdAJNMWi_9fg&sig2=E4LWfTNMmBqKvGMSso-GmA

result: even the same if i use my home dsl proxy....
Code: [Select]

Your IP Range is Blocked


There is too much Bot and script kiddie activity originating from your IP range


Your IP has passed on. Your IP is no more. It has ceased to be. It is banned and gone to meet its maker
It is a stiff. Bereft of life, it rests in peace. It is pushing up the daisies. Its digital processes are now history.
It has kicked the bucket and shuffled off to IP banned heaven. YOU HAVE AN EX-IP


Exemptions to the blocking of your IP are available by request

September 29, 2009, 04:19:20 pm
Reply #13

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Your IP Range is Blocked

This is normal behaviour for this site. It happens to me daily.

See also:

http://www.malwaredomainlist.com/forums/index.php?topic=2205.0

Ruining the bad guy's day

October 22, 2009, 02:55:57 am
Reply #14

malwarediaries

  • Newbie

  • Offline
  • *

  • 9
Quote
I forgot to grab his face during vb Angry
[/quote]

I've met Jerome on VB  2009 in Geneva. He speaks a lot...   
[/quote]

What's up with all this anger?
By the way, I don't think I speak that much... I'm rather shy instead.

Who are you Serg? I don't remember meeting you in VB?

Jerome