?

Log in

No account? Create an account
juin 2019   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
* - galaxy

INTERNET PIRATES - (updated re: CONFICKER VIRUS)

Posted on 2010.04.30 at 17:21

Well CAN YOU BELIEVE IT?!  IT"S HAPPENING AGAIN!  My computer, after every precaution, is being hacked and taken over by the same IPs AGAIN!!!

Those goofbrains at MS gave me nothing but attitute instead of checking if certain IPs are hijacked, dangerous, etc. - and how can they be dealt with?!!  Why do you suppose MS offers no way of dealing with these hackers?  Could it be because THEY ARE AFRAID OF CHINA?

So - a trojan gets in, (or is already in the computer!), signals to Koreans who use Instant Messenger to break in, with four IP diversions - (including 207.69.188.166/7 in my case - from just NW of Wichita), then the Chinese come in on 221.192.199.46/48 and through any downloads you make, then they take over security programmes, your internet connections, your passwords, YOUR PROGRAM AND DOWNLOAD IP ADDRESSES - and your modem - they can shut EVERYTHING down.  The way they attack is by eventually flooding you with HUNDREDS of IPs from CHina, all hitting the same port.  It's INSANE...  

 88.105.45.182 (WHOIS) said:
79 days 2 hr 41 min  ago
221.2.2.2-222.254.254.254
these ip's are Chinese botnets port scanning ports 1080,8000,8080,8090 repeatedly on most ip addresses

 206.248.187.5 (WHOIS) said:
67 days 9 hr 1 min  ago
chink keeps scanning my ports
Why are these jerks scanning my ports? I allowed my neighour access to my internet network and now all of a sudden I get these awful breed of people trying to steal identity. Shut them down. Stop wasting Internet resources. It is so far two chinese sites that are doing this as the other posts here indicate. 221.192.199.46 and 221.192.199.48.

 69.17.49.131 (WHOIS) said:
66 days 23 hr 27 min  ago
ISPs just need to do an upstream block
I wish ISPs and major providers would take the hint that there's nothing of value coming from this IP address and it's cohort 221.192.199.46 and block it up stream. Yes it's drastic, but since they've been the source of the same behavior for over two years, It's probably safe to do so.

  78.98.176.97 (WHOIS) said:
44 days 2 hr 0 min  ago
Trying to guess my FTP password
It was trying to guess my FTP password. The passwords it tried include the following: gygy text vera123 info123 12000 6667 laurentiu123 ... Probably has a good fantasy :-D

17 days 20 hr 39 min  ago
These attacks have gone on for months....Why in the he** do we put up with this crap, US needs to have a talk with these internet pirates from China... lock them up for life... problem solved...

16 days 21 hr 13 min  ago
Getting scanned repeatedly by
This person's name is Kong Lingfei. He is located somewhere in China, just west of Beijing (? - spell). I located him using : IP-address.com . It turns out this "Mo****F****** is working in tandom with others in china. Just for Sh** and grins I looked him up on face book, I can't believe I found this sh** head is on facebook.com ! I sent him a message to please stop trying to access my ports. Since then, he's pulled down his profile photos. I sent a formal complaint to as many cyber-cops as I could, including the FBI, and The U.S. State department.

 

I believe the original trojan inviting in all this is CONFICKER D - an evolution of CONFICKER C - (but my trojan may instead be the latter). From: http://mtc.sri.com/Conficker/addendumC/: "Perhaps the most obvious frightening aspect of Conficker C is its clear potential to do harm. Among the long history of malware epidemics, very few can claim sustained worldwide infiltration of multiple millions of infected drones. Perhaps in the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft. In the worst case, Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt not just countries, but the Internet itself." "C modifies the host domain name service (DNS) APIs to block various security-related network connections (Domain Lookup Prevention), and installs a pseudo-patch to repair the 445/TCP vulnerability, while maintaining a backdoor for reinfection (Local Host Patch Logic). This pseudo patch protects the host from buffer overflows by sources other than those performed by the Conficker authors or their infected peers. "Like Conficker B, C incorporates logic to defend itself from security products that would otherwise attempt to detect and remove it. C spawns a security product disablement thread. This thread disables critical host security services, such as Windows defender, as well as Windows services that deliver security patches and software updates. These changes effectively prevent the victim host from receiving automated software updates. The thread disables security update notifications and deactivates safeboot mode as a future reboot option. This first thread then spawns a new security process termination thread, which continually monitors for and kills processes whose names match a blacklisted set of 23 security products, hot fixes, and security diagnosis tools" "Conficker C installs itself into the user file system and configures the registry appropriately to invoke its DLL at host startup. It also inserts a variety of extraneous registry keys that are subsequently unused, presumably to cloak its presence (Obfuscating C's Installation and Its Presence). It copies itself into a randomly named DLL located in either the System32 directory, program files directory, or the user's temporary files folder. It deletes all restore points prior to its infection to thwart rollback. C then performs a simple validation of its DLL size, and suicides if this check fails. It sets the DLL's date to the same date as the local kernel32.dll, and sets NT File System (NTFS) file permissions on its stored file image to prevent write and delete privileges. Once installed, the DLL spawns a remote thread, which it attaches to the netsvcs.exe or svchost.exe process, depending on the OS version."

Previous Entry  Next Entry