Last week we had a problem where some spammers figured out how to flood our blogs with spam. I'd like to apologize the inconvenience this caused. To fix the problem we have moved to a moderation system for blog posts. We will still accept external content, but will not allow spam posts.
Just to be very clear: Offensive Computing is not going into the World of Warcraft gold trading business. :)
Due to a rash of spammers I've disabled direct posting of blog entries. I will review blog posts several times a day and approve any that are not spam.
My name is Dante Allegro , and as the newest member of the team my job is to work with members of the commercial community who wish to purchase products and services from Offensive Computing.
If you or your company would like to utilize the Offensive Computing malware database in your commercial product, or if you have a specific job that you feel the Offensive Computing team can assist you with , please contact me and I will be quite happy to assist you.
As I am on the road quite a bit please contact me directly at dallegro ( at ) offensivecomputing.net.
If you used mailinator.com to create your OC account it is now suspended. I will reactivate it if you send your real email address to me.
Offensive Computing will be appearing at the summer conferences. Danny Quist and Colin Ames will be giving a talk at Blackhat USA 2008 titled Temporal Reverse Engineering. We'll be showing off some of our reverse engineering tools and will have a release ready.
Valsmith and Colin will also be giving a talk called Meta Post-Exploitation that covers escalating privileges, managing passwords, and generally spreading to control other resources in a network.
We'll also be at Defcon; be sure stop by and say hello.
This year's April Fool's day trick was to post a near exact copy of the Storm Worm propagation page on our website. The big change that I made was to swap out the executable with a custom compiled one. The code wasn't all that complicated. It was just a normal Visual Studio Win32 console project with a single printf that said, "Yes it's a joke. :)". I then swapped out the debugger file link with a link to YouTube. Most people that downloaded and analyzed the file seem to get the joke at that point but others took concern and were nice enough to notify us of the problem. The file even found it's way onto VirusTotal for scanning.
Here are the complete number of people who downloaded the executables over the day:
foolsday.exe - 266 accesses
kickme.exe - 220 accesses
funny.exe - 1991 accesses
You might notice that from time to time we suffer from Blog Comment SPAM. Generally we just delete it, block the user and move on. However I'm getting kind of tired of it so I decided to analyze the latest round that hit us a bit. Heres the results so far:
The Spam looks something like this, but with hyperlinks here and there:
Could someone from Sophos please contact us?
info @ offensivecomputing . net
Alot of things you should know about going on right now.
Also there is a new issue of Uninformed out today that you should definitely check out.
Don't forget that Danny and I are speaking at Shmoocon and RSA 2008!
More important news coming soon!
We've made some slight changes and fixes to Offensive Computing. The Google ads have been moved due to not providing much benefit other than being ugly. It is sometimes entertaining to download malware off of them, however that does not outweigh the amount of real estate they've used. The Navigation links are now working as there was a configuration error on my part. Likewise the forums should be browsable again as well.
As always if you notice any problems please feel free to contact us.