Check Website
Inclusion Status
It is currently Sat Nov 18, 2017 9:17 pm

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: The Tom Liston Fan club
PostPosted: Sat Feb 02, 2008 6:46 am 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6001
I originally published this in 2005, but thought I'd re-post it here;

Quote:
The Tom Liston Fanclub

Tom Liston, handler for the Internet Storm Center, certainly has a way with words. No where else is this more obvious than in his "Follow the bouncing malware" series.

For those that do not visit the ISC and/or have not read this series, FTBM takes you on a journey in the shoes of Joe Average (without a doubt the most unlucky person in the world) as he surfs the web like a teenager in heat. As this series will celebrate it's first birthday tomorrow (23rd), I thought it only right that it gets it's first birthday present (yes I know, a pint and a pizza would have probably been more appropriate).

The first part of this series was published a July 23rd 2004 and gave the perfect example of why you should be extremely careful with search engine results as his computer was infected by not one, not two, but several different parasites.

Part 2, following on from Joes initial introduction into the wierd and wonderful world of malware, took you behind the scenes of the "gifts" his computer was so kindly given. In Tom's unrivalled and extremely humorous way of investigating, he presents you with the code behind the malware and explains exactly where they originate and what they do to poor Joe's computer.

Released November 4th 2004, Part 3 gives you a lesson on a lovely little file called "hp1.exe", a file created with Visual Basic that accompanied the rest of the parasites as they took a vacation to Joe's place. As you would expect, Joe's computer by this time, has found itself many new friends. From roings to media-motor to game shows such as Mastermind, hp1 lived upto the reputation Tom built up for it as a "real piece of work".

Part 4, published November 24th 2004, saw Joes computer saved from further infections (atleast temporarily) as Tom took a quick detour to give us a lesson in IP and domain assignments. In a style only he could pull off, you are introduced to everywhere from Canada to Texas to New Hampshire and some guy called Sanford "Spam King" Wallace (just one of the many edgits responsible for Joes new friends).

To keep us in suspense, there was a considerable break between Part 4 and Part 5, with the latter not being published until May 11th 2005. As Joe is in enough trouble as it is, this edition saw us introduced to a young lady called Sasha, though capable of writing malware, was obviously lacking in grammer and punctuation. This time we are taken behind the scenes of Javascript, VBScript, code obfuscation and HTA exploits.

Being that Tom provided us with much needed education and laughs in previous editions, you just knew Part 6 was going to be something special, especially with a swanky sub-title, and he certainly did not let us down. Part 6, following on from Joe's unfortunate choices, takes us onto codecs (Joe is obviously into his pornography a little too much) and why they should be avoided when coming from unknown, untrusted and dare I say it, very dubious sources.

The latest edition, published July 20th 2005, introduces us to a lovely little file called "vc3_05.exe". As you've probably guessed, this file is out to show Joe why pleasure of the intimate kind, should be saved for when Joe eventually gets off of his backside and finds himself a girlfriend. From dialers to law enforcement to Gold, part 7 does not let us down as Tom takes us on a walk down malware lane.

For those that have not yet read the FTBM series, below are links to each edition.

FTBM - Part I - http://isc.sans.org/diary.php?date=2004-07-23
FTBM - Part II - http://isc.sans.org/diary.php?date=2004-08-23
FTBM - Part III - http://isc.sans.org/diary.php?date=2004-11-04
FTBM - Part IV - http://isc.sans.org/diary.php?date=2004-11-24
FTBM - Part V - http://isc.sans.org/diary.php?date=2005-05-11
FTBM - Part VI - http://isc.sans.org/diary.php?date=2005-07-13
FTBM - Part VII - http://isc.sans.org/diary.php?date=2005-07-20

Tom's website: http://www.intelguardians.com


Originally posted at:
http://mysteryfcm.co.uk/?mode=News&date=22-07-2005

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: The Tom Liston Fan club
PostPosted: Sat Feb 02, 2008 7:40 am 
Very interesting reading, lol. I think a lot of those types who think US security types are just being paranoid should delve into this write up. Thanks for that Steve.

Paul



IP:
top
Top
  
Reply with quote  
 Post subject: Re: The Tom Liston Fan club
PostPosted: Sat Feb 02, 2008 7:49 am 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6001
My pleasure Smile

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
hpHosts and hpHosts Online are copyright © Malwarebytes Corp - All Rights Reserved

Powered by phpBB © 2000-2009 phpBB Group