Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts

    Indestructible botnet?

    Hello all,
    Yes ... This is really evil check out this article.cnet Regards Fred
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  2. #2
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,650
    Thanks
    38
    Thanked 161 Times in 139 Posts
    Looks like this is the same (or related) botnet referenced in this thread

  3. #3
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    How does someone get the infection ?
    "If You Are Reading This In English, Thank A VET"

  4. #4
    3 Star Lounger midnight's Avatar
    Join Date
    Dec 2010
    Location
    Almost Deep East Texas
    Posts
    352
    Thanks
    42
    Thanked 8 Times in 7 Posts
    There is also an article this week at http://www.ghacks.net/2011/07/01/ind...et-discovered/ which elaborates a bit more. Says it has been found in porn sites, pirated movie sites and on 'some' free photo hosting sites. "THEY" are always out to get us!!

  5. #5
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by midnight View Post
    "THEY" are always out to get us!!
    midnight,
    Yes it would seem so...Also this is why i use a security system (Norton Internet Security 2011) that performs a "Boot Time Scan" (selectable option) Hopefully keeping the "nasties" out before they have a chance to load with windows.Regards Fred
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  6. #6
    3 Star Lounger midnight's Avatar
    Join Date
    Dec 2010
    Location
    Almost Deep East Texas
    Posts
    352
    Thanks
    42
    Thanked 8 Times in 7 Posts
    Thanks Fred
    I also run Norton Int. Sec. 2011 but I don't see the option for "Boot Time Scan". A search of the Symantec site says it runs automatically with Auto Protect. Have I missed something? The beer is mighty good in this weather!
    BJ

  7. #7
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,485
    Thanks
    283
    Thanked 573 Times in 477 Posts
    A boot time scan is useless if your real-time or passive protection didn't prevent the initial trigger from happening, this loads and is active before Windows is.

  8. #8
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    So far, the major A/V vendors aren't detecting this via the normal means. If you suspect you have it, you'll be tipped off by noticing strange behavior and performance issues. There are several companies that have tools to run from a bootable disk to fix it: http://update.pcantivirusreviews.com/news/bootkit/
    Chuck

  9. The Following User Says Thank You to Doc Brown For This Useful Post:

    RetiredGeek (2011-07-05)

  10. #9
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by midnight View Post
    I also run Norton Int. Sec. 2011 but I don't see the option for "Boot Time Scan". The beer is mighty good in this weather!
    BJ,
    Hello... It's in settings...see screen shot Regards Fred
    Attached Images Attached Images
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  11. #10
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by satrow View Post
    A boot time scan is useless if your real-time or passive protection didn't prevent the initial trigger from happening, this loads and is active before Windows is.
    satrow,
    Hello... Norton scans for it before your "OS" boot's ...and then deals with it...and hopefully catches it there Regards Fred
    Attached Images Attached Images
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  12. #11
    3 Star Lounger midnight's Avatar
    Join Date
    Dec 2010
    Location
    Almost Deep East Texas
    Posts
    352
    Thanks
    42
    Thanked 8 Times in 7 Posts
    Slap my head! I didn't scroll down far enough! Thanks.

    BJ

  13. #12
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,485
    Thanks
    283
    Thanked 573 Times in 477 Posts
    Quote Originally Posted by Just Plain Fred View Post
    satrow,
    Hello... Norton scans for it before your "OS" boot's ...and then deals with it...and hopefully catches it there Regards Fred
    Fred, you say one thing then you illustrate it with a link that contradicts you. Has Norton discovered a way to boot and run from thin air, if so, you'd think they'd be boasting about how the only way to remove it would be to use their products.

    Explain please how Norton can operate and detect it without having any 'OS' started?

  14. #13
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by satrow View Post
    Fred, you say one thing then you illustrate it with a link that contradicts you. Has Norton discovered a way to boot and run from thin air, if so, you'd think they'd be boasting about how the only way to remove it would be to use their products.

    Explain please how Norton can operate and detect it without having any 'OS' started?
    satrow,
    Hello... There are two actually ...
    1. Norton has a "Bootable Recovery Tool"... so if something does get past your security and "hoses your OS".... Load up the CD and boot from it,and it will search for the "infection" and remove it. (before windows loads up) Although i have not used it ( didn't have a need to yet) I view it as a good "tool" to have.

    2. If this new ( zero day) "Bot" resides in your MBR...at least Norton will "run" a scan of your entire OS before it boots ...and remove it. (presuming that Norton has discovered how) Look I'm not trying to pick a fight just passing along some info... So if I'm wrong I Apologize ...ask for your money back. Regards Fred
    Attached Images Attached Images
    Last edited by Just Plain Fred; 2011-07-05 at 16:18.
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  15. #14
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,485
    Thanks
    283
    Thanked 573 Times in 477 Posts
    A lot of presumptions there Fred

    A guess: number of Norton users with the bootable CD = less than 10%

    There must be a reason MSFT are saying that it isn't guaranteed that it can be successfully removed and that fixing the MBR then wiping/reinstalling is the only way to be sure

    Check the link Doc Brown gave.

    Bottom line: normal A/V tools can't touch it.

  16. #15
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    It may be difficult to eradicate but certainly not impossible.

    Joe

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •