Whitehat cracks notorious rootkit wide open A malware analyst has deconstructed a highly advanced piece of crimeware believed to be the work of the notorious Russian Business Network The step-by-step instructions for reverse engineering the stealthy ZeroAccess rootkit is a blow to its developers, who took great care to make sure it couldn't be forensically analyzed. The …
If you mount an infected windows partition with a Linux host having NTFS support, I can't see how these "secret" things could not be discovered.
Only a problem for the Windows retards who don't know the Unix command line and think Windows PE is the ultimate tool.
It's ironic - repairing an infected Windows machine requires Linux.
This post has been deleted by its author
Personally I regard the "porn gives you viruses" thing as a bit of a myth. It is indeed "notorious", but I think that's mostly undeserved. Sure it's one of the things malware purveyors bait their traps with, but they have plenty of other tricks. One might as well warn people against googling recent news headlines.
Perhaps this advice was more relevant some time in the past, before the malware biz got so crafty, and before there were so many trustworthy porn sites.
It's not that security researchers haven't been physically attacked by mobsters for impairing their "business" (like banking trojans etc), or the data centers of ISPs burned down for refusing to host their "services".
Don't be mistaken, we are talking serious bad asses here...
IE is still an open wound, as is anything with uses its browser component, and will stay so until Active-X is no longer supported by IE and Windows, and replaced by a properly sand-boxed and secured plug-in framework. Lazy web site owners using Active-X plug-ins must stop being humoured, and actively blocked by all browsers, with a security message to users, it's the only way both will learn!
Flash is also a steaming pile of insecurity, because it is not coded to be secure, does not have a proper security model, and does not provide an non-browser preferences GUI, so it continues to crash browsers and infect OSs! e.g. Flash malware can even get through Google Chrome, given I've seen clean system prompts from Microsoft Security Essentials, while using it on some sites!
I so hope that all sites get rid of Flash video players ASAP, and that Flash is removed from all other sites!
Email is only a problem if you run an insecure email client or are stupid enough to open spam attachments.
It would help loads if all supported Microsoft OS's was fixed to never allowed any external media to auto-run without a prompt and a virus scan, to prevent careless malware distribution from compromised machines.
Windows 7 UAC is a step in the right direction, however the UAC is still far too coarse and annoying, because its repeated prompts become noise, thus blindly clicked or disabled.
"It would help loads if all supported Microsoft OS's was fixed to never allowed any external media to auto-run without a prompt and a virus scan, to prevent careless malware distribution from compromised machines."
Last I checked, most AVs come with an on-access scanner. This will scan any file upon attempting to open it, media on a CD included.
"Windows 7 UAC is a step in the right direction, however the UAC is still far too coarse and annoying, because its repeated prompts become noise, thus blindly clicked or disabled."
So, all this complaining about ActiveX and the Evils of IE and you finally get to how most crapware is installed: the user said "yes." Twice. (for those of you that "use linux only," XP/7 [there is no Vista....] asks if you want to Run/Save/Cancel and then says "This may be malicious software! You sure you want to run it???" to which they hit "Run" again).
User stupidity is more effective than any ActiveX/Flash exploit. Especially since anyone "in the know" would have a decent AV running to catch the bugger when it attempted to worm its way onto the machine.
"It would help loads if all supported Microsoft OS's was fixed to never allowed any external media to auto-run without a prompt and a virus scan, to prevent careless malware distribution from compromised machines."
Unfortunately, all this would do is create yet another generation of "blind-clickers" - i.e., people who immediately click the OK button without checking the message, or even registering it.
It's the problem with so many "false positives" being created - people just get used to the OS bitching at them and blindly click/hit ENTER.
When you write "San Francisco" you don't have to add the ", California" bit because everyone already knows what you mean. It's even ingrained in a list the Associated Press publishes which states which city names in the world do not need to be qualified with a state, province or country tag.
Likewise, as this article shows, when you write about a "rootkit" you no longer have to add the qualifier "Windows" before it since all and sundry know damn well what you're talking about. I assume the same is true of "virus", "malware", "trojan", "patch", "brain dead user" and "sucks".
Mines the one with the "AP Stylebook" in the pocket.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
