CastleCops site down?

We crossed posts.

Gmer is part of another front of this war, the "code vs code" aspect of it. The criminal element tries to make their malware undetectable. It's a fact that they've made specific efforts to defeat rootkit detection software, even though the typical user probably doesn't have a clue what a rootkit is. Gmer is one of those tools that does well at detecting the new methods of hiding their malware. That malware is what they're using to launch these attacks.

If you translate this into military terms (might as well, it is war) rootkits equate to stealth technology. Gmer represents an anti-stealth weapon they don't want to see in common use. By itself, gmer isn't much of a threat to them, except that it exposes the existence of their malicious code. The real threat it represents can be seen in how security-ware works. Someone develops a really good app that outperforms everything like it. The industry takes note, develops equivalent apps, then the big suite vendors start adding that feature to the security-ware used by the masses. Look at what's referred to as HIPS (application firewalls). Once the bigger vendors realized how effective it can be, it's being added to security apps everywhere. The last thing these criminals want to see is effective rootkit software in the average security suite. They'd lose a big percentage of their botnets if that happened.

If the methods Blue Security used had caught on and been adopted by bigger security companies, spammers would be be taking a major financial hit, so they hit the vendor while it was small, and alone, and took them out. While their methods may have been ethically debatable to some, it was effective.

There's one clear lesson here that everyone needs to understand. We can't ever let anyone on this side of the war stand alone again. Whether we agree with their methods or not, it's still far better than the tactics used by the criminals we're fighting. They're working together. We have to do likewise.
Rick

 

*cough*

They went down again just as I was viewing their forums.

This appears to be a VERY, VERY focused, concerted attack. I mean, it can't just be bots, can it? Someone appears to be keeping careful track of the Cops' efforts to counter the attack. I surmise that certain, ahh... "criminal elements" seriously do not want that site to exist (like, at all).

I wish CastleCops all success in overcoming the attacks. The only good phish is a fried phish.

-David

 

Yes, it can. Bots are code robots, responding almost instantly to the commands of their master. You can bet whoever is behind the attack is monitoring everything that goes on and adjusting the instructions he gives the bots as needed.
Rick

Castle Cops site is quite variable right now. Got there easily but navigating around is erratic.

 

Well this CC sustained attack could be due to the PIRT/MIRT forums etc on there ?

It could also/instead be due to them hosting the GMER ARK ?

Maybe even an agrieved member, or two ?

But it may be nothing to do with any of the above. In fact it could possibly be someone who has never posted on there, but has had bad or incorrect things said about them, or something connected with them, in some ways ! They may feel as this hasn't been corrected, if true of course, that CC needs a lesson ?


StevieO

 

Right--I figured that. What I meant in my comment was that it was not "just" bots in the sense of it being a one-time attack that some script kiddie(s) ran over the weekend and then got bored with. I mean, the bots do not appear to be presently unattended, yes? It seems like they're continuing to monitor (and adapt to) the site's progress in responding.

That said, you're right--they're back up again (<15 minutes after going down w/the DDoS sign going back up). Idunno...maybe it's not a new wave of attack. Maybe it's just part of the site owners' work to get things up and running again.

-David

 

Very much in agreement with that statement. It matters none to me at all whether these pimple faced punks know it or not...but they too are being watched.

Frankly, I'm loving this...like watching a train wreck.

 

Re: Castle cops site down?

Just to bump this important piece of information

 

This is a dedicated focused Ddos apparently.

 

From the above links:

german site w/english forum

is working.

 

Dear sweet merciful heavenly host...

I quote from their site:

"We will not be silenced! Here is a current MRTG chart showing about two hours ago we had a 933Mb/s spike DDoS, while a 44Mb/s is now consistent. Someone isn't happy we're up and running."

Clearly this is no weekend job and no "disgruntled member" or anything like that. These are (*cough* !NewJersey! *cough*) organized cyber-criminals.

You know, I really never visited or paid attention to CastleCops before, but at this point I am seriously considering joining and helping out in some low-level (*cough* $$$ *cough*) manner. Anyone who pisses off organized criminals this much is someone I consider a major dude (by which I effectively mean "unpaid public servant" or somesuch).

-David

 

For those wondering what CastleCops or PIRT is about, see this Washington Post article:

http://blog.washingtonpost.com/securityfix/2007/01/in_praise_of_the_phish_fighter.html

To those donating, thank you very much. We will not be silenced!

 

Scope of the problem: and this is what is known
#$@^&**
http://www.darkreading.com/document.asp?doc_id=117924
Bot nets even fighting each other.

 

http://blog.washingtonpost.com/securityfix/2007/02/spammers_declare_war_on_antisc.html

http://www.infoworld.com/article/07/02/23/09OPsecadvise_1.html

 

http://www.castlecops.com/article-6749-nested-0-0.html

 

I would have to say I agree that is is because of GMER.
Oh or did I miss something again?

con

 

I could be wrong, but to my knowledge gmer did not see that kind of attack.

 

@controler

DDoS to my domain was much more weaker

 

Hi

Can't get to CastleCops again this morning. Anyone experiencing similar problem ?

 

Yep, same here.

Gerard

 

Hi

Just come back for me now