New infrastructure is up.
Papers have been migrated. Tomorrow, whenever we get to it, the site will be restored to show stuff we've migrated.
It's going to take some time to move the malware samples (it's big). Once that's done we'll restore the VXDB and then move back to kitty cat collections.
A long time ago I wrote code that would use callbacks to determine when a USB device with a valid filesystem was inserted.
If it did, it would copy itself to it.
tl;dr the malware is coming from the machine!!111
https://pastebin.com/raw/sVyz1Nsk
It's okay, mysterious husband described on LinkedIn, we're bums too and also collect cat pictures
Читать полностью…try writing a keylogger on windows that doesn't use if-else statements, while loops, for loops, do while, etc. switch statements also arent allowed
Читать полностью…Top free apps right now in the United States on the Google Play Store
Chat, we are cooked (Lemon8 is owned by TikTok)
This is the United States of Ameriburger, was worried the health insurance company was going to charge me $45,000 for that time I visited my doctor for a check-up
Читать полностью…It's wonderful seeing people produce creative educational content.
Thank you, endingwithali for highlighting this exceptionally talented programmer and their unique educational courses
Had to censor the image though because of all the peepees, butts, and boobies
Hello,
This is a reminder that if you're a politician representing your country in the UN — you should avoid information stealer malware.
You should also avoid soliciting sex with male prostitutes on social media in private DMs.
vx-underground staff members enjoying a nice evening cruise in California
*this is actual footage we captured
*fire is illegal and for nerds
Someone didn't reply to our backend hosting provider which resulted in them terminating our account.
Whoever did this should be slapped around with a large trout (it's my fault)
We have all the data still, no biggie, but data will be inaccessible for a few days while we move.
A timeline of the Los Angeles wildfire emergency broadcast system problems
- January 9th, 2024, approx. 4:11 PST, people in the entirety of Los Angeles county receive an emergency broadcast alert to their cellphones telling them to gather their loved ones, pets, and supplies. It results in widestream misinformation on social media and pandemonium (Image 1). Shortly after the text message, people receive a subsequent message saying it's a false alarm and a mistake.
- January 10th, 2024, approx. 4:02am PST, people in certain regions of Los Angeles receive an emergency broadcast alert to their cellphones similar to the message received yesterday (Image 2). The message states it for the entirety of Los Angeles county, but (based on information received thus far) no additional emergency broadcast alerts were intended to be delivered.
January 10th 6am PST - current time, Los Angeles citizens, and people throughout the United States, express concern on social media. People report confusion, misinformation, and mismanagement by California officials for the frequent and inaccurate emergency broadcast messages. Some people report receiving several text messages regarding the fires while, when checking 3rd party apps, show there are currently no threats in their area.
Los Angeles officials go on television and social media stating they are not sending out messages. They state they're working with industry partners to identify the cause of the problem (Image 3 and Image 4)
There is currently no information to confirm or deny this is the result of a state-sponsored Threat Actor, a bad actor intended to cause damage, a financially motivated Threat Actor, an Insider Threat, or wild mismanagement and/or equipment failure. Details are scarce.
40 minutes ago Los Angeles county officials stated on television they're working with partners to stop the false and/or incorrect evacuation warnings people are receiving WHICH ARE NOT happening from human interaction (???)
They're currently investigating how this is happening
THEY DID IT A THIRD TIME.
We didn't think it was possible to do an oopsie doopsie 3 times! This is absolute madness. Someone get California on the horn and tell them to wake up
Holy smokes
Stacey makes a great point.
Last weekend at a family gathering I sat across the dining room table from my 16 month old nephew.
I had multiple clear-cut career accomplishments in 2024. My 16 month old nephew? Zero.
He can't code
He can't drive
He poops his pants
He hasn't even tried to enroll in any formal higher education institutes
"How do you *do* that?!" I asked in shock. I asked, "how do you do nothing all day except go poo poo pee pee in your pants? You can't even code in PYTHON!"
He pooped his pants in response.
> have coding project idea
> complete it
> unhappy
guess ill just introduce unnecessary amounts of convolution into the code, make it basically unreadable to myself and others, and then forget how it works in a few weeks
¯\_(ツ)_/¯
In 2024 we didn't:
- Get any certificates
- Complete any college courses
- Get featured in documentaries
- Win awards
Actually, we haven't gotten any of these in years.... :(
RansomHub ransomware group claims to have ransomed EUROCERT*. However, we believe this name is misleading because the domain listed, EUROCERT-dot-pl, does not appear to be an authority of the European Union.
(We have no idea how the EU works, maybe wrong)
Info via AlvieriD
> get letter in the mail
> from health insurance place
> oh_no.png
> open mail
> health insurance company says data was in a security breach
oh thank god, was worried it was something important
Hello,
Our backend is currently down because we're migrating hosts. Our frontend is still up, hence why you can see the "BBIAB" message.
tl;dr used too much data, moving to dedi
non-tl;dr (long read)
We initially used Wasabi as our backend because it's cheaper than a lot of hosting providers. Wasabi is good if you have data stored, but you don't intend on your egress exceeding what is currently being stored. Your egress exceeding what is stored is a violation of Wasabi terms-of-service specifically in their data usage section.
Under normal conditions, due to our Cloudflare enterprise which was gifted to us from Cloudflare, we would not exceed our data storage in egress and everything would be fine and dandy. However, as we've begun aggregating malware for our virus exchange domain, we've begun consuming egress and data usage at a high rate. Our current flow works something like this:
1. Get file (malware malware, maybe not malware)
2. Submit to virus exchange database via API
3. Data goes inside virus exchange database
4. Data sent to VirusTotal for scanning
5. Wait 60 seconds (async, other files sent too)
6. Query VirusTotal results
7. If file is malware, store in database as SHA256
8. If not malware, dispose of file
9. Copy confirmed malware from virus exchange bucket to vx-underground malware ingestion bucket
10. File placed in daily ingestion queue data directory
Each day every malicious file received is thrown in a directory labeled the current date — usually named something like "Malware.{Year}.{Month}.{Date}". We eventually pull these directories down from our bucket using the AWS CLI and 7z ultra compress them. Once we 7z ultra compress them we move them to local backup instances. Once backup is completed we push it back to the vx-underground backend prod environment.
We began receiving warnings from Wasabi when we were ingesting 50,000 - 100,000 malware samples a day. We scaled it back to 15,000 - 30,000 malware samples a day. This still irritated them, so we now have to move to a new host who won't charged us a fortune for processing and moving so much data internally and externally.
We ultimately decided to move to TorGuard because they're a sponsor of ours, we have a good relationship with them and their team, and they're going to help us out with some malware-related stuff. We had planned on eventually moving to their infrastructure for awhile but we kept delaying it because moving so much data, modifying so much of our internal procedures, and laziness, made us dread the move.
This image is a perfectly analogy for most enterprise compromises — a "sophisticated attacker" was NOT a state-sponsored Threat Actor. It was just a fat cat.
Читать полностью…tfw you have to notify everyone in your project you forgot to reply to an email and now everything is temporarily gone and all work is paused for like, 5 days
Читать полностью…We don't want to get all crazy-whacko-conspiracy-theory, but this sure would be a great time for an adversary of the United States to cause chaos and/or spread misinformation.
Читать полностью…What's interesting though is this time it wasn't sent to the entire LA County. It was sent to the wrong areas on Los Angeles, with the wrong message
tldr people in Long Beach received notifications for people near Eaton Fire which said it was for entirety of LA
???
We've never seen such a colossal oopsie 2 times in a row in a 12 hour stretch. They're probably scaring these people to death — getting notified at 4am they need to pack their stuff and go 😭
Читать полностью…