KernelMode.info

Hello all,

We have a little coverage by infamous Brian Krebs here. I expect traffic numbers to jump today ;)

Thanks,
--AD

It's more like to a biography of Steven =)))

IDK where this guy found "battle".

This locker was distributed almost 1 year and 8 month from this period the only one way of counteraction was - unlock code publishing. This was definitely not enough. Once we started coordinated attack on their network infrastructure, including banning/blacklisting their domains, killing their redirectors, revoking DNS registration data, they died in two months because:

a) they wasn't prepared for this, 8 months of peaceful extortion and suddenly one day the realized that they started serious game
b) we got lucky to shutdown most of their bulletproof servers with help of various ISP, CERT's etc.
c) they spend too much resources on servers migrations, DNS allocation and everyday repacks

As in fact in WinAD shutdown and tracking big role played mc0blck who actually revealed all WinAD network infrastructure in July 2011.

As a conclusion we should learn one simple thing, just like in Rustock botnet shutdown case - all you need is a wish and continuous hard work to make this wish real.

If WinAD will come back, well this is not so unreliable scenario, ransomware still popular trend.

Brian Krebs posted incredible bullshit. how did turned that complex work of wide group of people and organizations turned to be victory of one man? Where any credits to MDL SysAdMini, MysteryFCM, Gerhard from cleanmx, local CERT's/ISP who did all takedowns, mc0blck who discovered all their network, GMax who posted a lot of codes, EP_XOFF who coordinated all this shit along with posting unblock codes, mrbelyash? Even me (:D) who was sending on everyday basis samples to ISV's (Avira/Dr.Web/Symantec and many others)?? black hats, white hats, grey hats.. wtf Brian, you still playing in games? there are no hats, not blue, not white, not black, not even yellow, facepalm.

kmd wrote:black hats, white hats, grey hats.. wtf Brian, you still playing in games? there are no hats, not blue, not white, not black, not even yellow, facepalm.

pink hat (:
I was surprised of his post, it projected much me ahead but alot of guys have helps too (on the mdl forum where domains was published etc)

@EP_X0FF:
Not enough, not enough... hmm yeah.. anyway we still got full access on their sites (including the sutra tds) we can really do more by 'rm rf' their box each time etc...
But i've not do it, and requested no leaks/modifications when i've posted some access defacing servers is definitively not ethical, and has you can see... we still can fight the fire by the fire, take the example of Lock Em Alll ransomware, there is no unlock code sure, but still have access to their blackhole 1.2.0 (and i've not 'crash-test' their 'spread domains' and TDS)
After one thing is sure, against WinAd we have made things move.

Blackhole 1.2 server of LockEmAll is already shut down for about 2 days. They removed any links to blackhole scripts from their HP.

@kmd
I would not take this blog seriously, especially after his discoveries about TDL, because he is journalist, not a technical specialist, not a malware expert and definitely not a guy who works against malware. He just a journalist. And main purpose of any journalists - perverting facts and spreading disinformation.

ahaha Krebs blogpost comments are entertaining =)

Xylitol wrote:pink hat (:
I was surprised of his post, it projected much me ahead but alot of guys have helps too (on the mdl forum where domains was published etc)

don't mess with Krebs, guys like he can make you more infamous, like themselves.
he walked few times with Pavel, googled rustock operator and now thinks he knows about malware and this business everything :DD

How does Krebs not get himself killed? He does seem like he messes with some very influential people when he exposes them. He also seems to get quite personal with them.

Hello,

we are not here to advertise some others work as well as not here to discuss some other blogs entries. Krebs blog has comments for this.

Thread closed.