CastleCops site down?

Discussion in 'other security issues & news' started by srinat, Feb 17, 2007.

Thread Status:
Not open for further replies.
  1. herbalist

    herbalist Guest

    We crossed posts.
    Gmer is part of another front of this war, the "code vs code" aspect of it. The criminal element tries to make their malware undetectable. It's a fact that they've made specific efforts to defeat rootkit detection software, even though the typical user probably doesn't have a clue what a rootkit is. Gmer is one of those tools that does well at detecting the new methods of hiding their malware. That malware is what they're using to launch these attacks.

    If you translate this into military terms (might as well, it is war) rootkits equate to stealth technology. Gmer represents an anti-stealth weapon they don't want to see in common use. By itself, gmer isn't much of a threat to them, except that it exposes the existence of their malicious code. The real threat it represents can be seen in how security-ware works. Someone develops a really good app that outperforms everything like it. The industry takes note, develops equivalent apps, then the big suite vendors start adding that feature to the security-ware used by the masses. Look at what's referred to as HIPS (application firewalls). Once the bigger vendors realized how effective it can be, it's being added to security apps everywhere. The last thing these criminals want to see is effective rootkit software in the average security suite. They'd lose a big percentage of their botnets if that happened.

    If the methods Blue Security used had caught on and been adopted by bigger security companies, spammers would be be taking a major financial hit, so they hit the vendor while it was small, and alone, and took them out. While their methods may have been ethically debatable to some, it was effective.

    There's one clear lesson here that everyone needs to understand. We can't ever let anyone on this side of the war stand alone again. Whether we agree with their methods or not, it's still far better than the tactics used by the criminals we're fighting. They're working together. We have to do likewise.
    Rick
     
  2. davidjschenk

    davidjschenk Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    37
    *cough*

    They went down again just as I was viewing their forums.

    This appears to be a VERY, VERY focused, concerted attack. I mean, it can't just be bots, can it? Someone appears to be keeping careful track of the Cops' efforts to counter the attack. I surmise that certain, ahh... "criminal elements" seriously do not want that site to exist (like, at all).

    I wish CastleCops all success in overcoming the attacks. The only good phish is a fried phish.

    -David
     
  3. herbalist

    herbalist Guest

    Yes, it can. Bots are code robots, responding almost instantly to the commands of their master. You can bet whoever is behind the attack is monitoring everything that goes on and adjusting the instructions he gives the bots as needed.
    Rick

    Castle Cops site is quite variable right now. Got there easily but navigating around is erratic.
     
  4. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Well this CC sustained attack could be due to the PIRT/MIRT forums etc on there ?

    It could also/instead be due to them hosting the GMER ARK ?

    Maybe even an agrieved member, or two ?

    But it may be nothing to do with any of the above. In fact it could possibly be someone who has never posted on there, but has had bad or incorrect things said about them, or something connected with them, in some ways ! They may feel as this hasn't been corrected, if true of course, that CC needs a lesson ?


    StevieO
     
  5. davidjschenk

    davidjschenk Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    37
    Right--I figured that. What I meant in my comment was that it was not "just" bots in the sense of it being a one-time attack that some script kiddie(s) ran over the weekend and then got bored with. I mean, the bots do not appear to be presently unattended, yes? It seems like they're continuing to monitor (and adapt to) the site's progress in responding.

    That said, you're right--they're back up again (<15 minutes after going down w/the DDoS sign going back up). Idunno...maybe it's not a new wave of attack. Maybe it's just part of the site owners' work to get things up and running again.

    -David
     
    Last edited: Feb 19, 2007
  6. 1972vet

    1972vet Registered Member

    Joined:
    Oct 2, 2005
    Posts:
    12
    Very much in agreement with that statement. It matters none to me at all whether these pimple faced punks know it or not...but they too are being watched.

    Frankly, I'm loving this...like watching a train wreck.

     
  7. pwillener

    pwillener Registered Member

    Joined:
    Apr 24, 2006
    Posts:
    133
    Location:
    Tokyo, Japan
    Re: Castle cops site down?

    :thumb: Just to bump this important piece of information :thumb:
     
  8. EASTER.2010

    EASTER.2010 Guest

    This is a dedicated focused Ddos apparently.

     
  9. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    From the above links:

    german site w/english forum

    is working.
     
  10. davidjschenk

    davidjschenk Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    37
    Dear sweet merciful heavenly host...

    I quote from their site:

    "We will not be silenced! Here is a current MRTG chart showing about two hours ago we had a 933Mb/s spike DDoS, while a 44Mb/s is now consistent. Someone isn't happy we're up and running."

    Clearly this is no weekend job and no "disgruntled member" or anything like that. These are (*cough* !NewJersey! *cough*) organized cyber-criminals.

    You know, I really never visited or paid attention to CastleCops before, but at this point I am seriously considering joining and helping out in some low-level (*cough* $$$ *cough*) manner. Anyone who pisses off organized criminals this much is someone I consider a major dude (by which I effectively mean "unpaid public servant" or somesuch).

    -David
     
  11. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
  12. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,224
    Location:
    Sydney, Australia
  13. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    http://blog.washingtonpost.com/securityfix/2007/02/spammers_declare_war_on_antisc.html


    http://www.infoworld.com/article/07/02/23/09OPsecadvise_1.html

     
  14. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
  15. controler

    controler Guest

    I would have to say I agree that is is because of GMER.
    Oh or did I miss something again?

    con
     
  16. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    I could be wrong, but to my knowledge gmer did not see that kind of attack.
     
  17. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    @controler

    DDoS to my domain was much more weaker
     
  18. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    Can't get to CastleCops again this morning. Anyone experiencing similar problem ?
     
  19. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Yep, same here.

    Gerard
     
  20. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    Just come back for me now :thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.