CastleCops
From CastleCopsWiki
![www.CastleCops.com [1] main page rendered in Firefox.](/Image:Ccsp.jpg)
![wiki.CastleCops.com [2] rendered in Opera.](/Image:Ccsp2.jpg)
![de.CastleCops.com [3] rendered in Opera.](/Image:Ccsp3.jpg)
![mirrors.CastleCops.com [4] rendered in Firefox.](/Image:Mirrors.jpg)
CastleCops® is a volunteer security community focused on making the Internet a safer place. All services to the public are free, including malware and rootkit cleanup of infected computers, malware and phish investigations and terminations, and searchable database lists of malware and file hashes.
Education and collaborative information sharing are among CastleCops highest priorities. They are achieved by training our volunteer staff in our anti-malware, phishing, and rootkit academies and through additional services including CastleCops forums, news, reviews, and continuing education.
CastleCops consistently works with industry experts and law enforcement to reach our ultimate goal in securing a safe and smart computing experience for everyone online.
Contents |
[edit] History
Originally and formerly known as computercops.biz, CastleCops was founded by Paul Laudanski on Feb 22, 2002. On August 27th, 2004 "CastleCops" became the new Official name.
[edit] Timeline
- Feb 22, 2002: Computer Cops Grand Opening
- Jul 07, 2002: Installed ICRA Label
- Aug 27, 2004: Officially known as CastleCops
- Feb 05, 2005: wiki.castlecops.com Grand Opening
- Nov 07, 2005: de.castlecops.com Grand Opening, a German Portal
- Apr xx, 2006: PIRT Launches, Phishing Incident Reporting & Termination
- Aug 29, 2006: CastleCops® registered trademark at USPTO
- 4Q 2006: MIRT Launches, Malware Incident Reporting & Termination
- 1Q 2007: SIRT Forms, Spam Incident Reporting & Termination
[edit] Hosting
ISPs where CastleCops has been hosted:
- Feb 22, 2002: Concentric.com
- Sep 30, 2002: CIHost.com
- Jul 03, 2003: JaguarPC.com
- May 30, 2004: ApplicationX.net
- Feb 17, 2007: oarc.isc.org
[edit] Mission Statement
The site's mission statement doubles up as its vision [5]:
- Our Vision for CastleCops is to focus on the community to be a welcoming, enjoyable, and family friendly presence. We encourage the pursuit of education for health in security, privacy and computing via the continuous renewal of open discussions for the benefit of all. We work hard here to create and maintain high standards of civility, empathy, integrity, and respect. Our discussions are inspired by the desire to provide a strong foundation in safe and smart computing. We promote innovation and positive contributions.
[edit] Staff
The site has an exceptional staff of volunteers (~120) who donate their time in realizing our goals. There are various roles and responsibilities the staff undertake while at the site.
Be sure to take your time and thank the staff.
[edit] Sponsors
CastleCops thanks the following individuals and organizations who represent our sponsors and contributors -- whose donations make CastleCops possible as of 2007.
|
|
[edit] Contests
There have been two celebration contests where promoters have donated their products as prizes. To see the list of these contest sponsors, visit the Contest page.
[edit] Affiliations
[edit] Site features
[this section needs work]
CastleCops.com allows its users to submit reviews of security and privacy products and read reviews written by others. CastleCops also delivers news covering online security and privacy.
[edit] Academies
[this section needs work]
Hijackthis, PIRT, Rootkit, SRT
[edit] Forums
[this section needs work]
Aside from being a source of general security and privacy information, the site hosts official forums for:
- BillP Studios (WinPatrol)
- Firetrust (Benign, Encrypt, FirstAlert, Mailwasher, SiteHound)
- Paul Collins' (Pacman StartupList)
- Prevx
- Sphinx-Soft (LogAnalytics, x-Wall)
- Sunbelt Software (CounterSpy and Sunbelt Kerio)
Membership to the site is free and available to all. Although not a registered non-profit, donations are reinvested in the site to the benefit of the community in general. This lends to greater availability and uptime so the site can be online when folks require access.
[edit] Research Databases
CastleCops maintains master copies of spyware databases. These Hijackthis databases assist researchers and users in identifying objects as spyware, legitimate, or questionable in the various sections typically preceded with "R"[8], "O", "F"[9], or "N"[10] and then a number. Currently the following O section lists are publicly accessible from the home page:
Hashes File Message Digests Access File Hashes IE Explorer Bar Access EB List (R3)[11] URL SearchHook Access R3 List (O2)[12] Browser Helper Objects (BHOs) Access O2 List (O3)[13] Toolbars Access O3 List (O4)[14] Windows Startups Access O4 List (O9)[15] Internet Explorer Extra Buttons Access O9 List (010)[16] Layered Service Providers Access O10 List (O16) [17] ActiveX Access O16 List (O18)[18] Extra Protocol and Protocol Hijackers Access O18 List (O20)[19] AppInit_DLLs and Winlogon Notify Access O20 List (O21)[20] ShellServiceObjectDelayLoad Access O21 List (O22)[21] Shared Task Scheduler Access O22 List (O23)[22] NT/XP Services Access O23 List
These lists brought the site cease and desist letters along with several other security sites [23]. The most noteable was iDownload/iSearch which was written about at Slashdot [24] [25], TechWeb [26], The Inquirer [27], and ZDNet's Spyware Confidential [28] among others.
[edit] Mirrors
The research databases are read only mirrored here at this location http://mirrors.castlecops.com. Each mirror has its own A Record Resource which is accessed in a DNS Round Robin fashion.
| Master | Geo |
|---|---|
| www.castlecops.com | USA - West |
| # | Sponsor | Date added to DNS | Geo | Sponsor WWW |
|---|---|---|---|---|
| 1 | ApplicationX.net | 17 Mar 2007 | USA - North East | http://www.applicationx.net |
| 2 | Los Amigos | 19 Mar 2007 | USA - South Central | - |
| 3 | a.logica srl | 01 Apr 2007 | Italy | http://www.alogica.it |
| 4 | ||||
| 5 | KISA, KrCERT/CC, Kevin Hong | 18 Apr 2007 | South Korea | http://www.kisa.or.kr/, http://www.krcert.or.kr/ |
| 6 | CERT-LEXSI | 04 May 2007 | France | http://cert.lexsi.com/weblog/ |
[edit] Syndication
The services provided by CastleCops can be syndicated via XML standard feeds: Atom and RSS.
To view the available list of feeds, visit this page.
[edit] Incident Reporting and Termination
[edit] MIRT
The Malware Incident Reporting and Termination group was created in 2006 to combat malware on the internet. [this section needs work]
[edit] PIRT
The Phishing Incident Reporting and Termination Squad was started jointly by CastleCops and Sunbelt Software. The tool itself was developed and operated by CastleCops, whereas Sunbelt Software leveraged its press power for launch and community awareness. PIRT's goal is to takedown phish as quickly as possible thru legal channels and professional relationships established worldwide with governments and security firms/researchers.
[edit] SIRT
Spam Incident Reporting and Termination [this section needs work]
[edit] Malware Cleanup
There are various teams that work on cleaning up and finding new malware on consumer computers.
[needs more]
[edit] Notable Mentions
A recent presentation by Paul Laudanski that overviews CastleCops and dives into the Phish termination process via PIRT.
http://www.youtube.com/watch?v=MvIh_YUMOvY&feature=user
Some articles written about the CastleCops service by notable organizations that are worth looking at.
- Washington Post: In Praise of the Phish Fighters
- Symantec: CastleCops "Phighting" Phish
- SpywareGuide.com: CastleCops Five Year Anniversary
- Sunbelt: In Recognition of the Founders
- Google: Thanks You
Articles related to the reputation attack attempted via PayPal. The attack was initiated when the DDoS attack that began in late August 2007 wasn't accomplishing it's intended goal of stifling CastleCops:
- CastleCops.com: eChecks and Credit Charges – I Didn’t Authorize That!
- The Washington Post: The Threat of Reputation-Based Attacks
- SlashDot: CastleCops.com Hit With Reputation-Based Attacks
- Technology Inc.: Give ‘till it Hurts
- Ziff Davis: Security team hit by electronic smear campaign
- WindowsITPro.com: Security Sites Become Targets of DDoS Attacks
- LavaSoft: CastleCops Victims of “Smear Campaign”
- The Register: Crooks try to besmirch CastleCops with fraudulent donations
- The Frequency Blog: Charitable Donations on Your Behalf
- SANS Institute: CastleCops Besieged by Reputation Attack
[edit] Media Mentions
(This section [and subpages] needs help, anyone feel free to take it on?) To view the comprehensive list of media mentions, conferences, books, visit this page.
[edit] Engine
Architecture powered by:
- CPU: AMD Opteron 64 Bit
- Operating System: FreeBSD
- Web Server: Apache, PHP, MySQL
[edit] References
- ^ "F0, F1 - Autoloading programs". [29]
- ^ "N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs". [30]
- ^ "R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs". [31]
- ^ "O2 - Browser Helper Objects". [32]
- ^ "O3 - Internet Explorer toolbars". [33]
- ^ "O4 - Autoloading programs from Registry". [34]
- ^ "O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu". [35]
- ^ "O16 - ActiveX Objects (aka Downloaded Program Files)". [36]
- ^ "O18 - Extra protocols and protocol hijackers". [37]
- ^ "O20 - AppInit_DLLs Registry value autorun". [38]
- ^ "O21 - ShellServiceObjectDelayLoad". [39]
- ^ "O22 - SharedTaskScheduler". [40]
- ^ "O23 - Windows NT/Windows XP Services". [41]
[edit] Links
- CastleCops Main site in English
- CastleCops Deutsch The German language CastleCops portal
- CastleCops Wiki This Wiki portal
- Blog CastleCops Blog
- Hashes 30M+ File Hashes
- Email Lists Mailman listservs for CastleCops
