Apple Approved Malware | TechSNAP 187

Apple Approved Malware | TechSNAP 187

One of the worlds most prolific spammers gets profiled & the technical details are fascinating. New Apple malware is getting everyones attention, but why iOS trusts the code is really the more fascinating story, we’ll explain.

Plus a great batch of questions, our answers & much much more!

Thanks to:




Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

Become a supporter on Patreon:


— Show Notes: —


Spammers are always developing new tactics

  • Prolific spammer Michael Persaud has been caught sending spam yet again
  • The 37-year-old from San Diego was the first spammer to have been criminally prosecuted, 13 years ago
  • By following a string of clues in the details used to register 1100 new domains used to send spam, researcher Ron Guilmette was able to track the source of the spam back to Persuad
  • What makes this case specially interesting was the technique used to send the spam
  • The chain of events starts with a block of IP addresses getting added to a blacklist, and the owner of those IP addresses being notified of the fact
  • The owner of the IP addresses was adamant that the spam was not coming from their network, as they do not host any spammers
  • When Cisco provided evidence that the spam was in fact coming from their IP addresses, further investigation revealed that that block of addresses was not actually in use
  • The block of IPs was not being announced via BGP by the owner of the IP space, thus the IPs were dormant (unannounced)
  • The spammers had looked around the internet, found ranges of dormant IP addresses, and announced those themselves, in effect moving the hosting for that IP range to their hosting provider, instead of that of the owner
  • This allowed the spammers to send spam from ‘clean’ IP addresses, that had never been used to send spam before
  • The spammer in question claims he did not know the IP addresses were hijacked, that the ISP he was using was selling him ‘stolen’ IPs without his knowledge
  • Persuad made this seem like a common occurrence, but it isn’t, and the researchers are not buying it
  • “In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers. In 2000, Persaud admitted to one felony count (PDF) of stealing from the U.S. government, after being prosecuted for fraud related to some asbestos removal work that he did for the U.S. Navy”

  • Spam Nation: The Inside Story of Organized Cybercrime – from Global Epidemic to Your Front Door Audiobook | Brian Krebs |

Google launches new network security testing tool: nogotofail

  • SSL/TLS has seen a number of major vulnerabilities lately, including Heartbleed, Apple’s goto fail, GNUTLS and NSS both having certificate verification flaws, and most recently the POODLE vulnerability
  • To help researchers and administrators test for these vulnerabilities, Google has released nogotofail, a new testing tool
  • “allows developers to set up an infrastructure through which they can run known attacks against the target application. It has the ability to execute various attacks that require man-in-the-middle position, which is one of the key components of many of the known attacks on SSL/TLS, including POODLE, BEAST and others“
  • “The core of nogotofail is the on path network MiTM named nogotofail.mitm that intercepts TCP traffic. It is designed to primarily run on path and centers around a set of handlers for each connection which are responsible for actively modifying traffic to test for vulnerabilities or passively look for issues. nogotofail is completely port agnostic and instead detects vulnerable traffic using DPI instead of based on port numbers. Additionally, because it uses DPI, it is capable of testing TLS/SSL traffic in protocols that use STARTTLS“
  • The tool can be deployed on Clients, Routers, and VPNs to automatically detect connections between clients and servers that are vulnerable to any of the known flaws
  • Project on GitHub



Question? Comments? Contact us here!