Attacks directed against your IP address

Discussion in 'Windows - Virus and spyware problems' started by Mez, Apr 2, 2014.

  1. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Paranoid me will post another threat

    Here is a few links painting a terrifying picture. I have been battling with variants of this maleware for many years but did not know what it was till I ran across these articles. I feel a bit stupid for not identifying this sooner.

    This botnet only proprogates by attacking IP addresses directly. Now the malware is stealthed by server side polymorphic obfuscating so it can not be found. Your only protection is a very good firewall. I would be surprised if less than a billion computers worldwide connected to the internet have minimal firewalls not able withstand an unsophisticated attack. I can provide my calculations but they are very conservative. Think of the computing capacity of 1 billion PCs! I am sure they will not all be infected by the same botnet. I think the likeliness of many not being infected is about the same as if you sprinkled small currency like a dollar or even a quarter in 100 places on sidewalks in a busy city not being picked up by someone within a day. That would be bad enough but the hackers keep learning new trick to infect more computers.


    Gaobot.IRQ of 2004 when it propagated as a worm
    http://www.pcmag.com/article2/0,2817,1604481,00.asp

    Gaobot.IRQ more recent attacks IP addresses as the only mode of replication
    http://www.pandasecurity.com/homeusers/security-info/80656/information/Gaobot.IRQ

    Any of these malware can be stealthed to make it impossible to be found. Here is how it is done!
    http://nakedsecurity.sophos.com/2012/07/31/server-side-polymorphism-malware/
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    There are many situations that paranoia is 'just good thinking'.

    I have such a security setup that I never get infected... That's not to say that I can't become infected, but if and when I ever do, I have an image backup of my boot disk that is run each night after I go to sleep and all I have to do to defeat the infection is to restore my drive to yesterday or a few days ago, and it's gone!
     
  3. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Yes, I am thinking at least to overwriting the user part of the registry for the user that access the internet on all my computers that are connected to the network.

    An IP attack is the way to go today. Most everyone stays connected to the internet 24/7. You have a huge population of computers that do not stealth their ports so they can be found with a ping sweep. Those probably have little to no firewall protection. After you capture that population you have massive resources to go ater the rest of the population. The process is a no-brainer. I think it is extremely niave to think no one would go to the effort to capture their computer into a zombie. They do not realize the process is completely automated (bot). The human only upgrades the routines or maybe changes targets.

    Hacking is a multi billon dollar business. I don't know what the end game is for these botnets other than to make money. I bet these data breaches use information gotten from these botnets.
     

Share This Page