Surviving a 20000+ node botnet Attack

My web server has been under attack since early this month.  This is a dedicated server that I have leased for years.  It only hosts a couple of sites for me, my family and a few select friends.  Nothing of any real importance or sensitivity exists on it.  Why this insignificant little server attracted the […]

Hey Mac Users… The Honeymoon is Over.

I know, its sad.  I too am a die hard mac user. Today alone I have received 4 copies of an email with the subject line “2 Populaar Myths About Female Orgasms –  How to Become an Irresistible Lover” containing an attachment named “Preview.app Document”. I haven’t had a chance to analyse the .app yet, […]

Loaded C:\WINNT\system32\KERNEL32.dll differs from file image

I have recently been updating my Windows Forensics First Responder script and have noticed a number of servers reporting the following when using Sysinternals/Microsoft’s listdlls.exe. *** Loaded C:\WINNT\system32\KERNEL32.dll differs from file image: *** File timestamp:         Wed Apr 18 12:25:36 2007 *** Loaded image timestamp: Wed Apr 18 12:25:37 2007 *** 0x77e40000  0x102000  5.02.3790.4062  C:\WINNT\system32\KERNEL32.dll Now […]

More on Heartland

Many experts continue to speculate on why it took so long for Heartland to identify and disclose the breach. According to the Storefront Backtalk report, the payment processor revealed the breach was first discovered in late October or early November, whereas previous statements indicated that it was only in the fall. The company has had two outside forensics teams and the Secret Service working on the problem for more than two months, and yet the “sniffer” software used to collect the data was located only last week.

Heartland Breach

Heartland Payment Systems acts as a payment gateway for credit card transactions for over 250,000 businesses. At some point a sniffer was installed in their data center intercepting all transactions. Some media outlets are calling this the “largest data breach ever”. They process “100 million credit card payments a month and more than 4 billion transactions per year” but currently have no idea when the malicious software was installed.