10-24-2009, 12:14 AM | #21 | |
Serious Business
Join Date: Nov 2008
Location: New York
Moto: 1993 ZX-11 2008 CBR1000rr
Posts: 9,723
|
Quote:
Meaning: I download a lot and much of that are torrents...some of which are not the cleanest files out there. |
|
10-27-2009, 10:38 AM | #22 | |
CMDLINE
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
|
Quote:
I use AVG and Malware. One of the biggest problems most general users have is that they don't patch their shit either. Gee, if you don't apply the patches (and fuck you, Mac's have security issues too) then you're just waiting for the moment to have a virus walk in on you while you've got your dick stuck in the vacuum cleaner.... Patch your shit. Don't be a dumbass while browsing the web. Really, leave the pirated software alone. Watch what your family does on the system (give 'em the guest account to use or generic user acct's). Maintain your anti-virus. With as much shit as people do on their pc's it's amazing to see how unprotected most folks are in thier home. Thank god I refuse to do home-based service. |
|
10-27-2009, 02:38 PM | #23 |
Nomadic Tribesman
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
|
Amblyopic I would have agreed with you in the past, but the current run of infections are something a little different. We generally refer to them collectively as "FakeAV" around here. They are generally being lauched via web browser (IE or Firefox; it doesn't matter). They disable a good deal of the user interaction with the browser, so it takes more than a basic user's skills to get rid of it (most users have no idea what Task Manager is).
I suspect that the virus is spread both by infected pages and infected ad banners. The browser window resizes and immediately warns you, with an official looking window, that your system is infected with a large number of viri. It also gives instructions for removal ('click here') and takes you to a site where you can purchase the removal tool. Of course this is progressively causing a deeper and deeper exploitation of your system. So far I've only had one user who foolishly clicked all the way through to the point of giving a credit card number, out of the few hundred removals I've done. The most invasive version of this trojan loads a bunch of 'don't run' commands into the system registry, as the second step of the infection (first click on the window). This blocks every antivirus that I've ever heard of, Malwarebytes, Spybot, AdAware, and dozens of other tools. Even HijackThis is blocked from execution. In some cases I've been able to manually remove the worst of the infection by booting with ERD Commander (a butchered version of WinXP that boots from CD), but I've failed miserably to definitely clean the system in fully 50% of the cases with this version of the virus. Most of the people involved had the Windows Firewall enabled and had a good corporate level antivirus installed, and up to date on the system. It didn't help. This stuff is something new.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising" http://www.morallyambiguous.net/ |
10-27-2009, 03:22 PM | #24 | |
CMDLINE
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
|
Quote:
Yeah, they're getting harder and harder to clean and protect from... the threat is growing exponentially. Go to the SANS's site often if you don't already... I spend a lot of time there. But one of the larger things you're mentioning is the ad based viruses.... and so many people fall prey to these attacks, because... they just don't know any better. And one of the biggest things I argue is that the users really need to patch their systems (both the OS and so many just leave the programs as-is). Adobe's got so many holes it's not funny, same w/ Sun's Java........ the list goes on and on. .... just like Windows 7. I love the OS, i've had the beta running since June-ish and the RTM......... god, ... can't remember when, but I'm running it.... But anyways, even before official release to the public it already had its first major vulnerability (Zero Day attack - BSOD w/ a single packet, IIRC, let me know and I can get you the article and subsquent alerts)..... .... I think we can agree on something. There's a lot of bad people out there who want either A) to get your identity or B) just make your day as shitty as possible with these malware advertisements, viruses, etc. I mean, Mitnick didn't do it to really do harm to peoples stuff, he did it just to see if he could.... Have you met Mitnick before? I haven't had the chance yet (was supposed to be at a conference he was going to speak but didn't get to go), but I did get a chance to hear a speaking by Johnny Long.... cool dude. |
|
10-27-2009, 03:51 PM | #25 | |
Serious Business
Join Date: Nov 2008
Location: New York
Moto: 1993 ZX-11 2008 CBR1000rr
Posts: 9,723
|
Quote:
Hijackthis + AVG +Avasts + Malwarebytes + poking around +4 gours of my life to clean up her system. Told her to stop looking at porn and then she laughed... which means she's been looking at porn |
|
10-27-2009, 04:32 PM | #26 |
Nomadic Tribesman
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
|
If it took that long, then you can bet that there is still something on the system; back door, bot net, fake service... One interesting trick that they've started to use is a hidden chron job in the Windows\Tasks directory. You think that the system is clean and then the next morning it's re-virused. These days I recommend that most home user's just back their shit up and blow the drive away. It takes less time and it's the only way to be reasonably certain.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising" http://www.morallyambiguous.net/ |
10-27-2009, 04:33 PM | #27 | |
Nomadic Tribesman
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
|
Quote:
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising" http://www.morallyambiguous.net/ |
|
10-27-2009, 04:42 PM | #28 | |
Serious Business
Join Date: Nov 2008
Location: New York
Moto: 1993 ZX-11 2008 CBR1000rr
Posts: 9,723
|
Quote:
Normally I would just do a fresh install but on that occasion I didn't feel like wasting all that time on it. |
|
10-27-2009, 08:43 PM | #29 | |
CMDLINE
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
|
Quote:
You see a lot of that. Several other countries not just Ukrane as well though. Use your imagination. |
|
Bookmarks |
Thread Tools | |
Display Modes | |
|
|