[Dshield] my dilemma

P Thompson atrivo at nm.ru
Thu Nov 24 03:44:19 GMT 2005


OK, I had posted a link a while back about a virus tracking page that the
author of a virus had created.
http://www.elvihost.net/~rolema/source/bin/installs.php

I did a little more investigation, and it is apparent this virus is
committing some serious identity theft, and most of the proof is evident
using login information ironically which the virus authors themselves expose through reverse engineering their exploit code at http://
dimpy.narod.ru/ v9.html which seems to be the exploit upgrade ftp back end for their virus downloader and repository of stolen information.

(This is an ethical grey area that I don't pretend to have thought
through: if someone exposes a plaintext username and password in a web
page as part of an illegal identity theft virus, and I have the virus
executable, they've pretty much invited me in, right, and not just to
meekly update their virus client to the current rev level...?)

The identity theft is hosted by a backend database at a company which from
scanning google and google groups seems at best to have a very laissez
faire attitude toward those it hosts, and at worst could be the American
front end for some sect of the Russian mafia.

So, what's the next step?  Just getting the database site shut down does
not solve the real problem right?  There some bad folks who made a big
mistake and need their ass kicked by proper authorities.  Preferably
without mine being kicked by anyone.

So I guess I need to do something, but what?  I really wish I understood
the implications of the grey area a little better.


__________
www.newmail.ru -- óçåë ñâîáîäíûõ êîììóíèêàöèé.


More information about the list mailing list