[Dshield] my dilemma

Ed Truitt ed.truitt at etee2k.net
Thu Nov 24 16:10:16 GMT 2005


Uh, do the Russians still have the KGB around to contact?  I agree, get thee to the authorities (US, Russian, Interpol) ASAP.

-EdTr.
-----Original Message-----
From: P Thompson <atrivo at nm.ru>
Date: Thu, 24 Nov 2005 06:44:19 
To:list at lists.dshield.org
Subject: [Dshield] my dilemma


OK, I had posted a link a while back about a virus tracking page that the
author of a virus had created.
http://www.elvihost.net/~rolema/source/bin/installs.php

I did a little more investigation, and it is apparent this virus is
committing some serious identity theft, and most of the proof is evident
using login information ironically which the virus authors themselves expose through reverse engineering their exploit code at http://
dimpy.narod.ru/ v9.html which seems to be the exploit upgrade ftp back end for their virus downloader and repository of stolen information.

(This is an ethical grey area that I don't pretend to have thought
through: if someone exposes a plaintext username and password in a web
page as part of an illegal identity theft virus, and I have the virus
executable, they've pretty much invited me in, right, and not just to
meekly update their virus client to the current rev level...?)

The identity theft is hosted by a backend database at a company which from
scanning google and google groups seems at best to have a very laissez
faire attitude toward those it hosts, and at worst could be the American
front end for some sect of the Russian mafia.

So, what's the next step?  Just getting the database site shut down does
not solve the real problem right?  There some bad folks who made a big
mistake and need their ass kicked by proper authorities.  Preferably
without mine being kicked by anyone.

So I guess I need to do something, but what?  I really wish I understood
the implications of the grey area a little better.


__________
www.newmail.ru -- óçåë ñâîáîäíûõ êîììóíèêàöèé.
_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Cheers,
-E D Truitt

Sent via my BlackBerry from Cingular Wireless



More information about the list mailing list