Feeds

back to article Polish knights slay Virut, the brazen virus army that has its own EULA

Security researchers have decapitated a spam-spewing network of hacked computers by pulling the plug on the central command-and-control servers. The compromised PCs were infected by the Virut virus and were being remotely controlled from these servers by miscreants. The takedown operation was coordinated by CERT Polska, the …

COMMENTS

This topic is closed for new posts.
Thumb Up

Well Done!

Well done, gents! Nice to see the good guys win one for a change!

2
0
Silver badge
WTF?

The software nasty infects .exe and .html files to display adverts and open a backdoor to the botnet's masters

wat.

.html is just a file full of markup. It can't execute anything so how can it display ads (which are not an existing part of the markup)?

And how can a .html file be a vector for infection?

.exes I get, oldschool though that may now be (and thus easily caught by any decent AV). But who downloads torrents without AV checking them?

I dunno. Maybe it's a Monday afternoon thing. This story has me confused.

1
1

This post has been deleted by its author

Anonymous Coward

It could be malformed html that exploits specific weaknesses in particular parsers to get them to behave undesirably. Or it could be that the html directs the browser to get malicious binaries that similarly exploit specific browser weaknesses. Either way, these weaknesses continue to be found and patched regularly and as html and the Web gets ever more complex and feature rich, they can only become more numerous.

With the forthcoming adoption of IPv6, now might be a good time to make a clean break from html/http and come up with something better suited to this era.

0
0
Anonymous Coward

Adds javascript code to HTML file to display ads from another website

1
0
Bronze badge

Simple use of iframes to dodgy websites, nothing new if it manages to do a drive by download or exploit they work very well.

1
0
Silver badge
Flame

Simple

Its runs a javascript that can handily link a sequence of bytes to the SVCHOST program, to avoid the scanners all you do is bit shift the sequence before you run the link.

Then said file goes on a rampage through your HDD add the javascript and bit shifted virus to every .HTML file on your pc... then adds it to every .exe program just to be sure.

Gawd I love IE as a browser........ NOT

Fire... because thats where the malware creators should be

0
0
Anonymous Coward

Something s wrong in the Universe

virus and windows in the same article and no Eadon?

Doesn't his network work in the snow?

3
0
Devil

It's own EULA?

Cheeky bastards!

0
0
Silver badge
Devil

Re: It's own EULA?

That's what got me wondering as well!

I mean, these people are thieves, scammers, and parasitic scum of the lowest order, who don't give a flying fuck about anyone or anything other than their own gain - otherwise they wouldn't be doing what they do. Yet the purveyors of the software these "people" - and I use the term very loosely - use for their activities, expect them to honour an EULA, when they already fork two fingers up at every law on the books? What the hell are they smoking?

I swear, some of these people must be seriously delusional about who they are and what they do. I can't think of any other explanation for it. It reminds me of Sanford "Spamford" Wallace, who actually believed he was doing people a favour by smothering their inboxes with spam, and couldn't understand why people hated him. I can't even begin to fathom what must be going on in the heads of such people.

0
0
Joke

Re: It's own EULA?

I see a lawsuit in the making. I'm just not sure if it's Sony, MS or some other major company with prior art in the area of "malware that comes with an EULA" that holds the actual patent?

0
0
Anonymous Coward

"does nothing to remove infections from compromised drones - which are, don't forget, innocent users' Windows PCs."

Innocent users? They are not innocent.

Ignorance is no excuse in the eyes of the law.

If these "innocent users" kept their PCs up to date and knew how to use the internet, thoses botnets would not take hold and cause disruption for everyone.

Innocent my arse.

1
7
Silver badge
Stop

>If these "innocent users" kept their PCs up to date

Half the problem is Chinese running pirated windows copies (little sympathy there except for the government they live under). The other is not everyone is technically gifted or leaves their computer on the internet constantly for updates (think grandma still on dialup). Much of the problem though is Eastern Europe not giving a crap about Western laws or laws in general except the ones that make the leadership rich.

0
0
Bronze badge
Flame

I live in Britain and don't give a crap about laws of continental Europe, why should Poles give a crap about laws that do not concern them? Apart from that I fail to see how this is relevant to virus infections; running pirated software is the same illegal in Britain as it is in Poland or Germany. Enforcement and penalties are also quite robust in Poland, AFAIR.

0
0
Silver badge
Facepalm

wow

EULA for the really stupid is more like it. I would like to see the baddies take a client to court over breaking the EULA.

>The licence forbids users from sharing the download with computer security organisations or anti-malware firms.

Yeah that would hold up in court. And even if it did the court would probably need to refer all the other obvious law breaking by the plaintiffs to law enforcement where the penalties would be much stricter than any EULA. You generally don't get pound you in the ass prison for breaking contracts.

0
0
Anonymous Coward

Re: wow

<blah blah blah> ...pound you in the ass prison for breaking contracts.

Eh? Who said the perps lived in/within reach of the USA? Anyway, they have not been identified yet.

0
0
Silver badge

Re: wow

Of course they don't. They live in a fairly lawless country I am sure that will forever stay in the developing category for it. Just saying not a lot of countries that would go to the effort to enforce a EULA but look other way on massive computer intrusion and fraud.

0
0
Silver badge

Re: wow

>Eh? Who said the perps lived in/within reach of the USA?

Its very possible but would be very stupid for script kiddie fraudsters in the US to want to get their hands on some pre made malware. Then again the baddies wouldn't need to sue on the EULA but just black mail on anonymously reporting the more serious crimes.

0
0
Silver badge

Re: wow

I thought any contract that violates the law is considered non binding. Sure would be a grey area depending on how EULA is written but pretty sure would be hard to collect on breaking the EULA was what was thinking.

0
0
Bronze badge
Childcatcher

Re: wow

pound you in the ass prison for breaking contracts

Is it too early in the week to be cracking wise about this malware kit making use of a backdoor if the EULA was violated?

0
0
Bronze badge

Re: PYITA

I think you missed the point.

0
0
Big Brother

Re: wow

"I would like to see the baddies take a client to court over breaking the EULA."

More likely that they'll send round Bruno 'The Bear' to rearange your face as a little hint pour encourager les autres

0
0
Bronze badge

"Seizing the reins of the botnet [] nothing to remove infections from compromised drones "

That's a shame, virut (and virux) is a real pisser to get rid of - potentially infecting all .exes and .htmls, even those inside (unencrupted) zip files, and .scr if I remember correctly, as well as residing in memory to reinfect the files if you clean them. Also it can't (couldn't?) be cleaned with combofix.

The disinfection route i took was to get a linux live cd, delete all potentially infected files, reinstall windows, sod it, create a new partition, install linux.

Maybe I could have stopped at step 3.

0
0
This topic is closed for new posts.