Usr6

frumos:) log off+elimina din registry intrarile de start-up ale bit+activeaza serviciile de remote +restart ??

Python Training - Getting Started with Python Python Training - Advanced Container Types Python Training - More Container Types: Tuples, Dicts, and Sets Python Training - Defining Functions Python Fundamentals Training - More on Functions Python Fundamentals Training - Builtin Filter Function Python Fundamentals Training - Functional Programming Python Fundamentals Training - Classes Python Fundamentals Training - Tools Python Fundamentals Training - More on Standard Libraries, Web Handling, and Unittest http://www.youtube.com/playlist?list=PL26BA8B9FC33789FF

01 - Intro to Android 02 - The Android Stack 03 - Hello, World 04 - Main Building Blocks 05 - Application Design 06 - Android UI - Part 1 07 - Android UI - Part 2 08 - Android UI - Part 3 09 - JTwitter 10 - Threading - Part 1 11 - Threading - Part 2 12 - Services - Part 1 13 - Services - Part 2 14 - Application Object 15 - Preferences - Part 1 16 - Preferences - Part 2 17 - Broadcast Receivers 18 - Android Security - Part 1 19 - Preferences (Cont.) 20 - Database - Part 1 21 - Database - Part 2 22 - Lists & Adapters - Part 1 23 - Lists & Adapters - Part 2 24 - Lists and Adapters - Part 3 25 - Alarms and System Services 26 - Android Security - Part 2 27 - System Services (Cont.) 28 - Content Providers - Part 1 29 - Content Providers - Part 2 http://www.youtube.com/playlist?list=PLE08A97D36D5A255F

AnVir Task Manager controls everything running on computer, removes Trojans, increases performance and tweaks Windows. Monitor processes, services, startup programs, CPU, HDD Replace Windows Task Manager Get rid of spyware and viruses that your antivirus missed Speed up your PC and Windows startup link promotie: AnVir Task Manager 7.5.2 - Giveaway - Glarysoft (valabil ~15h de la ora postului) detalii AnVir Task Manager: Compare Products download versiune free: Downloads

Kaspersky PURE 2.0 CHIP Edition (full version for 1 year) = 3 EURO CHIP Heft-DVD - CHIP Edition: Kaspersky PURE 2.0 - CHIP Kiosk

poate ar merge mai bine niste subdomenii .rstforums.com, pt doritorii de blogerit care vor sa-si exprime gandurile sau sa-si umple timpul liber cu ceva util

si o analiza a celor de la kaspersky: The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor - Securelist pdf (analiza detaliata) : http://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf p.s. puteti intra si pe chat, tot despre acest subiect se discuta:) l.e. crysys.hu: http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf

OAU! botneturi controlate prin twitter exista(public) de acu 3-4 ani : ex prezentarea unuia de catre cei de la bit: control panel de rezerva.... payload (doar) 20K, lol: poison ivy ~7k, andromeda ~13K, Kbot ~10k apelare api via hash: se practica asa ceva dinainte ca eu sa aflu ce e ala un shellcode, deci long time ago, cred ca mai toate shellcode-urile generate de metasploit folosesc asa ceva (dau cu pp, nu folosesc metasploit) Singurul lucru care ar putea starni interesul asupra acestui "?????" este targetarea lui, in rest nimic nou sub soare din cate stiu eu, rolul sri este de a preveni, nu de a confirma. "Potrivit si estimarilor SRI, atacul are cu certitudine relevanta in planul securitatii nationale a Romaniei prin profilul entitatilor compromise, motiv pentru care, in prezent, Serviciul, prin echipele specializate de reactie la atacuri cibernetice, intreprinde masuri specifice pentru identificarea tuturor entitatilor afectate, evitarea consecintelor si stoparea atacului" ... si cu toate astea am aflat acestea dintr-un comunicat de presa al unei firme private...rusesti

pe aici se mai rade, se mai glumeste, dar spread nu se face alrewesh3.no-ip.org

Lecture 1: MySQL Database Tutorial - 1 - Introduction to Databases Lecture 2: MySQL Database Tutorial - 2 - Getting a MySQL Server Lecture 3: MySQL Database Tutorial - 3 - Creating a Database Lecture 4: MySQL Database Tutorial - 4 - SHOW and SELECT Lecture 5: MySQL Database Tutorial - 5 - Basic Rules for SQL Statements Lecture 6: MySQL Database Tutorial - 6 - Getting Multiple Columns Lecture 7: MySQL Database Tutorial - 7 - DISTINCT and LIMIT Lecture 8: MySQL Database Tutorial - 8 - Sorting Results Lecture 9: MySQL Database Tutorial - 9 - Sort Direction Lecture 10: MySQL Database Tutorial - 10 - Basic Data Filtering and WHERE Lecture 11: MySQL Database Tutorial - 11 - Advanced Filtering Using AND and OR Lecture 12: MySQL Database Tutorial - 12 - Are you IN or are you NOT IN? Lecture 13: MySQL Database Tutorial - 13 - How Search Engines Work Lecture 14: MySQL Database Tutorial - 14 - More on Wildcards Lecture 15: MySQL Database Tutorial - 15 - Regular Expressions Lecture 16: MySQL Database Tutorial - 16 - Creating Custom Columns Lecture 17: MySQL Database Tutorial - 17 - Functions Lecture 18: MySQL Database Tutorial - 18 - More on Aggregate Functions Lecture 19: MySQL Database Tutorial - 19 - GROUP BY Lecture 20: MySQL Database Tutorial - 20 - Subqueries Lecture 21: MySQL Database Tutorial - 21 - Another Subquery Example Lecture 22: MySQL Database Tutorial - 22 - How to Join Tables https://www.udemy.com/mysql-database-for-beginners2/ este nevoie de inregistrare (free)

Name That Malware! Think you know malware? See whether you can recognize the 10 malware specimens you should know by name and learn something new along the way. Name That Malware! What's your malware analysis prowess? Do your malware analysis or reverse-engineering skills need a tune-up? Take this quck quiz to assess your skills and perhaps learn something new in the process. Just because you're curious. The quiz is not meant to be hard. What's your malware analysis prowess? Certified APT Nerd (CAPTN) Examination Are you leet enough to be called a Certified Advanced Persistent Threat Nerd (CAPTN)? Certified APT Nerd (CAPTN) Examination

am extras din crack-me-ul de mai sus 2 mini challengeuri, ce pot fi rezolvate cu creionul pe hartie 1. trebuie sa ajungi la "HappyCracker: ", poti sa modifici doar bitii din memorie >403074 MOV ECX,0 JMP SHORT @L00000002 @L00000001: MOV AL,BYTE PTR DS:[ECX+403044] XOR BYTE PTR DS:[ECX+403074],AL INC ECX @L00000002: CMP ECX,0A JBE SHORT @L00000001 PUSH 403030 PUSH 403074 call lstrcmpA OR EAX,EAX JNZ SHORT @L00000003: HappyCracker: @L00000003: 2a. poti modifica DWORD PTR DS:[40303C] astfel incat sa ajungi la "HappyCracker: " 2b. modifica codul a.i. sa o calculeze singur @L00000001: MOV EDX,DWORD PTR DS:[40303C] ROL EDX,9 XOR EDX,12 MOV EAX,DWORD PTR DS:[403040] XCHG EAX,EDX IMUL EDX PUSH EAX CMP EAX,9AC6 JNZ SHORT @L00000001 Happycracker: -----memory----- 00403030 46 65 6C 69 63 69 74 61 72 69 21 00 00 00 00 00 Felicitari!..... 00403040 0B 00 00 00 FA E9 8B C6 FF CD CF DA 95 C1 9C 49 ...úé‹ÆÿÍÏÚ•ÁœI 00403050 6E 74 72 6F 64 75 20 70 61 72 6F 6C 61 20 61 69 ntrodu parola ai 00403060 63 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ci.............. 00403070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

in sfarsit... pentru melomani: Se multumeste pt challenge, o adevarata placere de la primul F9 pana la ultimu click verifica:)

Learn the core bits every Ruby programmer should know. Course Syllabus Level 1 - Expressions An overview of best practices for writing expressions in Ruby Level 2 - Methods & Classes passing optional arguments, raising exceptions, using begin/rescue/end, attr_accessor vs. attr_reader Level 3 - Classes Encapsulation, instance & private methods, inheritance, and refactoring Level 4 - ActiveSupport Helpers that are built on top of the Ruby Language (arrays, dates, hashes, numbers, and strings Level 5 - Modules Namespacing methods, Mixins vs. class inheritance, method hooks, ActiveSupport::Concern Level 6 - Blocks Iterating and yielding, passing arguments, returning variables, Enumerable, and refactoring Link: http://www.codeschool.com/courses/ruby-bits Learn the advanced bits of expert Ruby programming. Course Syllabus Level 1 - Blocks, Procs, & Lambdas An advanced look at code blocks and how to use procs and lambdas to encapsulate blocks of code Level 2 - Dynamic Classes & Methods Techniques for defining, finding, and calling methods dynamically at runtime Level 3 - Understanding Self A look at how Ruby uses the value of self and how to change self as your program executes Level 4 - Missing Methods Using method_missing to capture, delegate, and respond to methods that don't exist Level 5 - DSL Part 1 A brief intro to writing Domain Specific Languages in Ruby Level 6 - DSL Part 2 More advanced tips and techniques for writing DSLs Link: http://www.codeschool.com/courses/ruby-bits-part-2

Wall Street Journal (WSJ) a anun?at joi c? re?eaua sa de calculatoare a fost ?inta hackerilor chinezi ?i denun?? tentative ale Beijingului de a-i spiona jurnali?tii. Cotidianul economic a f?cut acest anun? la o zi dup? ce New York Times a anun?at c? hackeri chinezi au p?truns în calculatoarele sale, ca r?spuns la un reportaj publicat la 25 octombrie despre averile acumulate de apropia?i ai premierului Wen Jiabao prin afaceri comerciale. Wall Street Journal subliniaz? c? aceste atacuri au ca "scop aparent controlarea relat?rilor despre China" de c?tre jurnali?ti ?i sugereaz? c? practica chinez? de spionare a presei americane a devenit "un fenomen curent". "Probe arat? c? aceste eforturi de infiltrare vizeaz? o controlare a relat?rilor f?cute de Jurnalul Chinei, ci nu realizarea de câ?tiguri comerciale sau deturnarea informa?iile clien?ilor", subliniaz?, într-un comunicat, Paula Keve, de la agen?ia Dow Jones, care face parte al?turi de Wall Street Journal din grupul News Corp al magnatului Rupert Murdoch. Wall Street Journal nu a precizat când au început aceste atacuri informatice, îns? a anun?at c? o revizuire a re?elei sale informatice cu scopul de a spori securitatea a fost efectuat? joi. "Avem inten?ia ferm? de a ne continua s? practic?m un jurnalism combatant ?i independent", a subliniat Paula Keve. Postul de televiziune CNN a anun?at la rândul s?u, joi seara, c? sistemul informatic al serviciului s?u interna?ional a fost blocat timp de câteva minute, ca r?spuns la reportajul s?u cu privire la piratarea New York Times. "CNNI a fost negru timp de ?ase minute", a scris într-un mesaj postat pe Twitter o jurnalist? CNN International, Hala Forani. "#China a blocat CNN din cauza interviului @HalaGorani despre piratarea informatic? a @nytimes", se arat? în mesaj. La Beijing, reac?ia autorit??ilor nu a întârziat s? apar?. "Autorit??ile chineze competente au r?spuns deja, în mod clar, acuza?iilor nefondate ale New York Times", a declarat pentru pres? Hong Lei, un purt?tor de cuvânt al Ministerului de Extrne. "China este, de asemenea, victim? a unor atacuri informatice (...). Legisla?ia chinez? interzice asemenea atacuri, iar noi sper?m c? toate p?r?ile vor adopta o atitudine responsabil? asupra acestei probleme", a ad?ugat el. Hackeri chinezi cu posibile leg?turi guvernamentale au atacat ?i New York Times în ultimele patru luni, p?trunzând în sistemul s?u informatic ?i furând parole, a anun?at NYT miercuri. Symantec, o companie în domeniul securit??ii informatice - care a fost denun?at? de c?tre New York Times pentru c? nu a fost în stare s? împiedice piratarea sistemului s?u -, a anun?at, într-un comunicat c? "atacuri insistente, ca cel descris de c?tre New York Times, subliniaz? cât de important este ca întreprinderile, ??rile ?i consumatorii s? se asigure c? au adoptat toare m?surile posibile de securitate". Potrivit New York Times, hackerii a c?ror victim? a fost au accesat e-mailuri ?i documente p?trunzând în conturile de e-mail ale ?efului Biroului s?u din Shanghai, David Barboza, care a scris ancheta despre rudele lui Wen Jiabao, ?i în cele ale fostului ?ef al Biroului de la Beijing, Jim Yardley, actualul ?ef al Biroului pentru Asia de Sud ?i India. Sursa: Wall Street Journal denun??, dup? New York Times, atacuri din partea hackerilor chinezi - Mediafax

simpatic challenge-ul

R4ndom’s Beginning Reverse Engineering Tutorials Tutorial #1 What is reverse engineering? Tutorial #2 Introducing OllyDBG Tutorial #3 Using OllyDBG, Part 1 Tutorial #4 Using OllyDBG, Part 2 Tutorial #5 Our First (Sort Of) Crack Tutorial #6 Our First (True) Crack Tutorial #7 More Crackmes Tutorial #8 Frame Of Reference Tutorial #9 No Strings Attached Tutorial #9 Solution to “No Strings Attached” Tutorial #10 The Levels of Patching Tutorial #11 Breaking In Our Noob Skills Tutorial #12 A Tougher NOOBy Example Tutorial #13 Cracking a Real Program Tutorial #14 How to remove nag screens Tutorial #15 Using the Call Stack. Tutorial #16A Dealing with Windows Messages. Tutorial #16B Self Modifying Code. Tutorial #16C Bruteforcing. Tutorial #17 Working with Delphi Binaries. Tutorial #18 Time Trials and Hardware Breakpoints. Tutorial #19 Creating patchers. Tutorial #20A Dealing with Visual Basic Binaries, Part 1. Tutorial #20B Dealing with Visual Basic Binaries, Part 2. Tutorial #21 Anti-Debugging Techniques. Tutorial #22 Code Caves and PE Sections. Tutorial #23 TLS Callbacks. Modifying Binaries For Fun And Profit Adding a Splash Screen Creating a code cave to show a custom splash on an application Adding a Menu Item Adding a menu item to an existing binary. Making a Window Non-Closeable Making a Window Non-Closeable. The Never Ending Program Opening message boxes every time a user tries to close a program. DLL Injection 1 Adding an opening message box through DLL injection. DLL Injection 2 Adding a splash bitmap through DLL injection.

Tools to analyze network traffic can be expensive, complicated, and may require preparation before an investigation begins. By leveraging tools easily available in every Linux distribution (and often in UNIX/Mac OS X) combined with Tcpdump to analyze network traffic, you can determine the make-up of the network traffic in question find the most active hosts and protocols, search for oddities, and determine the most efficient next step of your investigation. Using this method, you are able to pare away the normal and mundane to reveal and examine the unexpected. Download:http://www.giac.org/paper/gcia/8722/analyzing-network-traffic-basic-linux-tools/128791 Author: Travis Green

The goal of this paper is to introduce a persistent backdoor on an embedded device. The target device is a router which is running an embedded Linux OS. Routers are the main ingress and egress points to the outside world on a computer network, and as such are a prime location for sniffing traffic and performing man in the middle (MITM) attacks. If an attacker controls your router they control your network traffic. Generally routers have weaker security than a modern desktop computer. These "always-on" devices often lack modern security mechanisms and are overlooked when it comes to computer security, yet these routers contain a large number of access vectors. This paper covers the process of detection, to exploitation and finally complete device modification. Download: http://www.giac.org/paper/gpen/7674/exploiting-embedded-devices/129676 Author: Neil Jones

Obfuscation is widely used to attempt to hide malicious intent. There are a variety of automatic tools available to both obfuscate and deobfuscate code. What happens when automatic methods fail? What if you wish to create a malicious PDF for targeted use to subvert antivirus at a hardened client? Understanding obfuscation fundamentals will help you to both customize attack tool auto--generated PDFs as well as write custom PDFs as needed. What follows is an introduction to a variety of obfuscation techniques used by attackers to hide malicious intent and penetrate corporate networks. Download: http://www.giac.org/paper/gpen/468/pdf-obfuscation-primer/115906 Author:Chad Robertson

Watermarks are used as a way to retain control of information in a world where information is uncontrollable. They are a type of metadata that is inserted into data so the creator of the watermark can have a measure of control over how this data is used, viewed, and distributed. Watermarks can be human readable or machine readable, and they can be visible or invisible. Sometimes watermarks have flaws. They can be stripped out of the data or altered. Author: Allison Nixon Download: http://www.giac.org/paper/gcia/8782/watermarks-prevent-leaks/129481

Nate Anderson at Ars Technica has a good story about how investigators tracked down “Virus,” the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, I’ve been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had. On Wednesday, federal prosecutors unveiled criminal charges against three men who allegedly created and distributed Gozi. Among them was Mihai Ionut Paunescu, a 28-year-old Romanian national accused of providing the gang “bulletproof hosting” services. Bulletproof hosting is an Underweb term for a hosting provider that will host virtually any content, from phishing and carding sites to botnet command centers and browser exploit kits. After I read the Ars story, I took a closer look at the Paunescu complaint (PDF), and several details immediately caught my eye. For one thing, the feds say Paunescu was an administrator of powerhost.ro (virus@powerhost.ro). In December 2011, a source shared with KrebsOnSecurity several massive database dumps from that server, which had apparently been hacked. Included in that archive was a screenshot of the administration panel for the powerhost.ro server. It visually depicts many of the details described in the government’s indictment and complaint against Paunescu, such as how the BP provider was home to more than 130 servers, and that it charged exorbitant prices — sometimes more than 1,000 euros per month for a single server. The above screenshot (which is a snippet taken from this full-screen version) shows that this server was used for projects that were “50%SBL,” meaning that about half of the properties on it were listed on the Spamhaus Block List (SBL), which flags Web sites that participate in malicious activity online, particularly sending or benefiting from spam and hosting malware. Some of the names chosen for the servers are fairly telling, such as “darkdeeds1,” “darkdeeds2,” “phreak-bots” and “phis1.” The data dump from powerhost.ro included multiple “drop” sites, where ZeuS and SpyEye botnets would deposit passwords, bank account information and other data stolen from tens of thousands of victim PCs. Paunescu is of course innocent until proven guilty. But from reading the government’s indictment of him, it’s clear that if he is the bad guy the government alleges, he was not super careful in hiding his activities. Within a few seconds of searching online for details about Internet addresses tied to powerhost.ro’s operations, I found this record, which includes his full name and lists him as the owner. Also, a simple Google search on powerhost.ro indicates that Paunescu is the rightful owner of the address space assigned to powerhost.ro. In the screenshot above, we can see several servers on powerhost.ro that were rented to miscreants who ran the TowPow pharmacy and replica affiliate program. TowPow advertised itself as a bulletproof hosting provider that was “Made by Spammers, for Spammers,” and would accept any type of traffic. “TowPow is not like any other affiliate system. Tow Pow offers not only quality landing pages, but they also offer FREE bullet proof domains and hosting for your spamming needs,” read one advertisement for the affiliate program posted to an underground forum in March 2010. “You will not have to worry about any complaints or having the heat come back to you, Tow Pow will handle it all. Stefan Savage, a professor at University of California, San Diego’s Department of Computer Science and Engineering, said TowPow affiliates were a huge source of junk email, much of which was delivered through the now-defunct Grum botnet. “They basically owned the U.S. spam-advertised replica market, and they seem to dominate the herbal market as well,” Savage said. Among the files leaked from powerhost.ro was the entire affiliate database for TowPow. It’s not clear who ran TowPow, or if “Virus” was somehow involved in the day to day operations beyond providing hosting for it, but the TowPow SQL database (saved as “blue4rep90_felon.sql”) includes a “tickets” section where users could submit help requests, place orders for hosting, or pass special instructions for wiring funds. For example, in the following message, an affiliate pings the program administrators and asks for new hosting to be set up to handle ZeuS botnets. To wit: (72, 61, ”, ‘Hi!\r\nI need BP link for Zeus site!\r\nThanks’, ”, ‘Web’, ’80.232.219.254?, ’2011-07-18 16:59:42?, NULL) This user, “Daniel Mihai,” shows up throughout the database: (58, 49, ”, ‘wire info:\r\niban: RO23INGB0000999901772881\r\naccount holder: Dan Mihai Daniel\r\nswift code:INGROBU\r\nbank name; ING Office Targoviste Independentei\r\nbank address:Bd.Independentei nr.3A, bl.T1, targoviste/dambovita\r\n\r\nplease tax me the 80$ wire fee’, ”, ‘Web’, ’82.137.10.254?, ’2011-05-13 00:37:58?, NULL), Some of the top TowPow affiliates earned thousands of dollars a week advertising the program’s herbal and replica sites via spam: UCSD’s Savage said the TowPow database indicates that many of its affiliates were referred from ZedCash, another affiliate marketing program strongly associated with replica and herbal pharmacy spam. In fact, the top referrer used the nickname “TowPow” and password “ZedCash.” According to Spam Trackers, ZedCash is run by a hacker who uses the nickname “Ucraineanu”. Interestingly, this nickname shows up as “Ucraina2? in the powerhost.ro screenshot above next to one of the servers that TowPow rented for USD $400 per month. Savage notes that the TowPow database shows which members ran the program, and that at the top of the list is a member who used the email address “ukrainaeu@yahoo.com”. INSERT INTO `requestaffiliate` (`raid`, `raemail`, `referrer`, `radate`, `rastatus`) VALUES (159, ‘ukraineanu@yahoo.com’, ’279?, ’2010-05-25?, 1), (160, ‘cergatus@yahoo.com’, ’1050?, ’2011-01-15?, 1), (161, ‘techoweb@gmail.com’, ’1050?, ’2011-01-15?, 0), (162, ‘techoweb@googlemail.com’, ’1050?, ’2011-01-15?, 0), (163, ‘filelv2011@yahoo.com’, ’1092?, ’2011-05-30?, 1), (164, ‘rodobone@yahoo.com’, ’1111?, ’2011-10-30?, 1); Sursa: Inside the Gozi Bulletproof Hosting Facility — Krebs on Security

Being an online criminal isn't always easy. For one thing, there's all that tedious administrative overhead of deploying command and control servers, finding proxies to mask them, and shifting IP addresses to stay off of private security blacklists. Today's savvy cyber criminal, therefore, often outsources the work to so-called "bulletproof" hosting operations, which rent servers to criminals and take care of all the dirty details needed to keep them online. That was the approach taken by the Russian creator of malware known as Gozi—malicious password-stealing software which the US government today called "one of the most financially destructive computer viruses in history"—to store his stolen data. But as the malware man found out, bulletproof hosts can be taken down with enough effort. Even when they're based in Romania. Gozi was coded back in 2005 and deployed in 2007. Back then, it largely targeted Europeans. When installed on a computer, the virus waited until the user visited an online banking site and then grabbed account names and passwords—anything that might be needed for a criminal to transfer money out of the user's account. This information was then sent silently to the Gozi command and control servers, from which it was harvested on a regular basis. By 2010, the malware innovated in two important ways. First, it had gained the capability to do sophisticated Web injection. When an infected computer was pointed at a banking website, the virus wouldn't simply steal account login information; it could be configured to inject additional data requests right into the bank's webpage. This made it almost impossible to tell the requests were not being made by the bank itself. In this way, the malware could be tweaked to ask for Social Security numbers, driver's license information, a mother's maiden name, PIN codes—anything a client wanted. The second innovation? Gozi expanded to the US and started targeting specific US banks. The collected information was then sold to other criminals, who quickly transferred money out of the targeted bank accounts. On August 13, 2010, for instance, $8,710 went missing from a Bronx resident's account. The amounts could go much higher; in February 2012, another New York resident lost $200,000. And it got even worse. An FBI investigation, revealed today, found two Gozi-infected computers had led to combined losses of $6 million for their two owners. Total losses appear to have reached "tens of millions" of dollars. So, starting in 2010, the FBI launched an investigation. It didn't take long to find Gozi's creator, a 25-year-old Moscow resident named Nikita Kuzmin. By November 2010, Kuzmin had been arrested during a trip to the US; by May 2011 he pleaded guilty and agreed to forfeit his Gozi earnings, which might reach up to $50 million. Deniss ?alovskis, the 27-year-old Latvian man who allegedly coded the Web injects and customized them for various banks was picked up by Latvian police in November 2012. But it was the bulletproof host behind Gozi who turned out to be the most interesting catch—and who took longest to reel in. Injection in action: the original banking website. The altered site, now demanding much more information. “Answer me, damn it, I'm Virus” FBI agents collected an incredible trove of data on the Gozi conspirators. According to court documents, this data cache included wiretaps, seized servers, an interview with a Gozi distributor, and even a host of chat logs lifted from a server used by the criminals behind Gozi. Despite all that, in the end what brought down the bulletproof host was as simple as a cell phone number. With the number in hand, the FBI worked with the Romanian Police Directorate for Combating Organized Crime (DCCO), since the number was based in Bucharest. The DCCO obtained court permission to tap the phone, then agents listened to calls, watched text messages, and intercepted Web addresses and passwords entered on the handset for three months in the spring of 2012. On April 1, 2012, the phone's user sent a text message saying (according to an FBI translation), "Answer me, damn it, I'm Virus." The next day, a male voice called the phone and addressed its users as "Virus." But who was Virus? Someone who wasn't too careful with his cell phone, for one thing. The phone was registered to a company called "KLM Internet & Gaming SRL," which was itself registered to a Bucharest man named Mihai Ionut Paunescu. The corporate registration was later changed, and investigators weren't positive who was actually using the phone until they listened in on a call in which the phone's user identified himself to the Romanian Commercial Bank as "Mihai Ionut Paunescu" and provided the correct national ID number corresponding to Paunescu. (The caller was seeking information on the proper procedure to withdraw US$20,000.) Watching the smartphone's Web browsing history confirmed this phone belonged to the bulletproof host authorities sought. Paunescu regularly visited a site called adminpanel.ro. Romanian police watched as Paunescu entered the username and password to the site. Next they obtained court permission to search it. They did the search—and provided the information to the FBI. The site was essentially a set of status tables covering 130 physical computer servers which Paunescu apparently leased from legitimate hosting operations before reselling to less legitimate cyber criminals of all stripes. Subtlety was not the order of the day here. Adminpanel.ro's data tables contained notes on what each virtual machine on each server was being used for, and these included things (in English) like "spy/malware," "semi-legal non sbl," "facebook spam 0%sbl," "illegal," and "100%SBLmalware." ("SBL" is an apparent reference to the well-known Spamhaus Block List targeting spammers.) Keeping these 130 servers up and running for his clients apparently netted Paunescu a good deal of money. He kept meticulous records of how much he paid to lease every server and how much he received for leasing it back out. A typical entry shows that he spent "114EU" (euros) on a server that he resold for "330EU"—not a bad markup. As for "Virus," it turned out that Paunescu used this as his online nickname. Last month, Romanian police arrested him, bringing the Gozi story to a close. Wayward youth The US government revealed the three arrests today. It unsealed indictments against Kuzim, ?alovskis, and Paunescu which make clear just how young all three men were when the alleged criminal behavior began. Kuzmin got started with Gozi back in 2005, when he was just 18. ?alovskis was allegedly involved since he was 20. Paunescu is only 28 now and has allegedly been in the bulletproof hosting business for years. Kuzmin pleaded guilty and will be sentenced in the US, where he faces a maximum 95 years in prison. Extradition proceedings are underway for the other two, who could each face a max of 60 years in a US cell. Sursa: How the feds put a bullet in a “bulletproof” Web host | Ars Technica

in ce consta concursul: postarea unuia sau mai multor tutoriale* in lb romana, creatie proprie, aici: https://rstforums.com/forum/tutoriale-romana.rst sau aici: https://rstforums.com/forum/tutoriale-video.rst * fara tampenii gen: cum sa faci un server cu istealer / chestii ilegale / si alte balarii de genul perioada de desfasurare: sambata dimineata - luni dimineata premiu: o licenta pe 1an (1pc) la Bitdefender Internet Security 2013 ** Bitdefender Internet Security 2013 cum se alege castigatorul: voi incerca sa fiu cat mai impartial () si sa premiez tutorialul cel mai interesant, unde s-a depus un pic de interes, etc., in caz de sunt multi participanti eventual un poll pentru o jurizare cat mai corecta, l-am inclus in comisia de jurizare si pe Begood ** licenta a fost obtinuta in urma unei promotii Mult succes

Poti downloada GRATUIT o licenta Bitdefender Internet Security 2013 pe 1 an, numai in zilele de 23, 24 si 25 ianuarie, intre orele 15:00 si 16:00, de pe yoda.ro. Sursa + deletalii despre BIS:Hands-on Bitdefender Internet Security 2013