Recent Security Articles

We are trying to configure our rules. We are currently under attack by some HF kids so you can join the force and DDOS us !

JOIN THE FORCE

Most of you know that we've been fighting with a DDOS originating from different hacked servers for last couple of days because some gay kid did not want his source to be public. (Zeus is leaked here and no one got butt hurt. Why DDOSing us for a shitty source -> https://www.opensc.ws/leaked-sources...gilicious.html )

Our analysis shows that the person behind this DDOS is a HF kid named: Orgy

We analyzed packets and put some countermeasures against some of his attacks. From his source codes we found the method that he is finding servers and we contacted the companies namely www.game-monitor.com and www.gametracker.com

He used a fixed User-Agent pattern namely: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2 which is hard coded in Orgy's script. (Namely gametracker was cooperative since we could not reach game-monitor yet)

We are still collecting all the evidence of this attack and compromised list of servers first, so it will take some time.

We were hit by two different DDOS attacks. He tried a spoofed IP - SYN attack then we blocked that, then he tried to make a GET attack where he could not randomize the IP be cause of the attacks nature. We have logs for all of these incidents separately.
Since he could not spoof the GET attack IP addresses, we were able to contact with 3 hosts which were also very cooperative (I will not explain how cooperative they are but I can say that we have some solid proof).

The reason for the delay is one of the hosts we examined has many PPIs installed to it and we wasted our time tracking another botnet then asked the question "How did he get that much bots, his domain is like in all Malware Database lists". At that point we see that we were after the wrong guy. Connecting the dots was easy after examining the packets.

So, sum of it, DDOS is not and it will not be a child's play anymore. We will not show mercy to these kids.

Anyone who has some more proof about Orgy's illegal acts should immediately contact me as those will be needed.
Any information regarding the name-city-address of Orgy will be appreciated.

http://www.youtube.com/watch?v=HiS41-rXqEE

-reine

Hello everyone,

Me and other staff was away from the site for a while and we could barely find time to fight with recent DDOS attack. However, it should all be good for now.

We are still investigating the issue and we will find whoever is after us and list him here for total pawnage.

Sorry for this mess.

Don't forget,
"That which does not kill us makes us stronger"

Please check out our new research articles section.

We will try to update papers frequently. Our page contains academical papers, av-vendor papers, and white papers.

- If you know the enemy and know yourself you need not fear the results of a hundred battles -

As of now we're still under DDoS. Both reine and I were away so neither of us were able to bring the site back online. However, I just got back home and I enabled our proxy anti-ddos filter a long with basic authentication.

It should hold up for now

--------------------------------------------------------------------------------------
Sat 12/24/11 3:51 PM
--------------------------------------------------------------------------------------

Dear Clients,

We are experiencing problems with several of our upstream providers in Europe at the moment due to some fiber cuts between Amsterdam and London. We are receiving partial BGP tables from Hurricane Electric and TINET causing routing issues to certain parts of the world. While the network is up at the moment, you will see some instability due to the shifting routes.

We have tickets open with both these providers, and expect for this to be solved shortly, though either can give us a solid time frame.

As soon as the situation is resolved we will send another notification.

Sincerely,