No worries :)

@John Hammond this is a worm used to infect routers so they can monitor router data and etc

the default passwords may be for routers, people often forget to change them. there are sites that if you look up a router you can get a list of default passwords

@@dannygaming1216 no it's for ddos. It's mirai. All of those iptables block rules and deleting stuff is to stop other scanners running some exploits so they exclusively have the bot.

@@noobian3314 I've seen a worm that gets into the router to allow it to collect data to sell it or for blackmail and for ddos

Famous last wards...

"Welcome to Jurrasic Park" - John Hammond

Welcome brother 😂

Or `-f` for short!

How would one do that?

@@bannedthricelol8799 step 1: install metasploitable somewhere step 2: buy an domain for metasploitable and show it somewhere so posible hackers try to hack it step 3: profit btw metasploitable may seem sus since it has a lot of vulnerabilities up to the point where it seems fake

@@bannedthricelol8799 just make a honey pot its that easy

Yes!!! A malware Harvester🤩🤩🤩

It's worth it... Tpot - you can do that yourself. :)

Agree >_

Why is this?

@@chillytheprogrammer Habits. Muscle memory. I belive John made a community post about this lol. edit: kzfaq.info/love/VeW9qkBjo3zosnqUbG7CFwcommunity?lb=UgxZplo8gPKIFaDSPVN4AaABCQ I was right :D

I do this all the time. Why? I have no idea.

mkdir is most tested software ever written.

🤣

john killed him :((

Na no

nano lives matter

nice info

its a RISC cpu by motorola. found on older systems and maybe routers

Me, a Fall Out Boy fan: *my disappointment is immeasurable and my day is ruined* Also Me, a John Hammond fan: I'm soooo happy there's a new video ^^

It made me sad too!

Is there malware that nestles in the router before ever getting to the user machine? Would downloading it be enough for it to deploy? Or could it target the router through the VM?

Do you know the difference between the two? What was Ghidra trying to do with .elf with the ctrl+i option which failed? :o

Happened to my entire apartment complex (close to 1k people) and is still ongoing. Mirai-type behavior. I've had to disable wifi entirely and use ethernet. My ISP, Cox, said they 'can't do anything about it. This started 2+ months ago and I have no choice but to contact the Feds. Our gateways aren't listed in the strings here; they're mostly Arris, Cisco, etc, yet they were all cracked either by some known Wifi exploits I've read or updated rainbow tables. Scary shit and it dropped RATs and miners on all LANs it broke in to. I've tried removing it on my Alienware laptop but it seems to have written to firmware and or BIOS. Maybe a new variant?

@@Demoralized88 yayiks dude ! Any updates since ?

@@zacay5717 Certainly not from my ISP. Win support forums (particularly bleepingcomputer), have been flooded with the same issue I've been having for 2-3 months now and I've yet to find anything that quite describes what this is and how to remove it. I'm 99% It goes: spreads via Wifi exploits, known passwords or brute forcing - or BOTs probing random Modems for vulnerabilities. Either way, once it gets access to a LAN with Wifi, it hijacks the Router and any wireless cares to scan and spoof nearby devices until, thorough another exploit, Deauth attack, It gains access to adjacent LANs and in theory could propogate very quickly. When I first noticed weird shit in Windows I scanned nearby networks for anything suspicious because I was also having frequent Wifi dropouts for about a minute. That lead me to research what could be causing the Wifi dropping and I eventually read about Deauth attacks. The day after I took my computers offline, I noticed maybe 3-4 suspicious Wifi behavior. Within a day or 2, every single Wifi device (50+) I could see within range was also auto-spoofing by raising transmit power super high to spoof other WAPS, then killing the transmit in about 30-60 second incriments. Also, I don't know much about MAC spoofing, but when a new Wifi signal pops up, very shortly afterwards a second signal would pop up with the aforementioned bahvarior with a signal MAC address digit changed. As far as it persisting through format/reinstalls with new drives, it must have written itself to firmware of at least one of the components. I've read of this being done with Drivers, but I didn't think they'd persist through a reinstall. It's a RAT and either miner or some sort of botnet, but it's very stealthy and most casual users wouldn't notice anything amiss. It's subtle things a proficient Windows user would notice aren't right. Single frame blacked-out DOS windows booting in to Windows, Windows RE, CPU usage dropping from very high to low-moderate immediately upon open task manager, a bunch of stange GUIDs in registry, some settings/directories not accessible as admin, suddenly being in a domain with GP restrictions on certain config settings. I thought maybe I was just mistaken and paranoid, until 2 months later I started gettings alerts that some of my data had been hacked. There's so many fucking variants of malware and attack vectors for Windows that it's extremely hard to narrow down. It seems to be a fullly automated attack from the IP probing to exploits, to Root exploits, to spreading over LAN/WAN. People called me a schizo when I first posted about this on /g/ 2 months ago, but I think maybe new is finally starting to break about it, I hope. Dell is currently making new emergency BIOS for like all their systems for some vulnerability that I'm not sure is related. AV didn't stop it when it happened, and it still can't detect anything even with a lot of IOCs and breadcrumbs all over the OS. It's definitely a P2P botnet as it runs services for that functionality. I'm 99% sure it sneaks by in powershell via obfuscation to do whatever the fuck it wants, as John has repeatedly demonstarted. The only concrete thing I found was a 'Spyeye' entry in I believe the registry. I have no idea how to fix my PCs at this point, Wifi is unusuable as neighbors are infected, and my family has been without PCs for just over 2 months now. After I got 'hacked', I started reading and I can not fucking believe just HOW many critical exploits there are for Windows and Intel. Things they claim to have fixed as STILL being exploited. I've been stressed and depressed for the past 2 months trying to figure out what I can even do until when/if this becomes mainstream news. I see identical reports of mine ALL over support forums yet, strangely, Windows and big AV/Tech security firms have been dead silent. From what I've seen I'm convined this was an extremely widespread attack (browsing through some code, I'm thinking Chinese origin) and Windows is trying to keep the lid on this until they come up with a 'fix'. What's worse though is that a 'fix may not even be possible. Good malware these days uses programs to check for certain exploits on individual networks/systems, and it's impossible to protect against that for 99% of users, if at all. Sorry I wrote a book, this is just all so surreal and a lot of supposdely knowledgable people say this isn't possible when I KNOW it is.

@@Demoralized88 you have piqued my interest. I am going to look into this.

There are loads of Steganography utilities, my favourite is Outguess!

There's also jphide & seek and steghide, they're good ones too!

I wonder if antivirus software actually unpacks UPX binaries itself, we know they're capable of lifting virtual machines from proprietary packers like VMProtect, should be easy to unpack UPX and analyze the "real" malware sandboxed on runtime.