Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?
New Posts  All Forums:Forum Nav:

How can I get rid of this nasty virus? - Page 9

post #81 of 85
Quote:
Originally Posted by Kmon View Post
Yes it has been used to add clones to DoS bots. But it incorporates a rootkit.
"The DIY “exe builder†for the Zeus Trojan can be bought online for just $4,000. Each Zeus Trojan it builds incorporates a kernel level rootkit, which means it can hide from even the most advanced security"
Yes, the Zeus package is not the most complex rootkit but it is widely distributed.
I know it is available for free, but it really doesn't help to publish that information. Being Readily available may persuade "Nefarious users" into incorporating some of it features. This is far from ideal. A prudent security posture would indicate the facts but leave out enough details so it can not be incorporated by less skilfull individuals. There is enough problems with malware already
Quote:
Originally Posted by Spooony View Post
Those that don’t want to sell malware sell themeans to help build malware:

• ZoPack
• El‐Fiesta
• IcePack
• Neosploit
• AdPack
• Zeus
Few examples

55% of Zeus‐infected systems had up‐to‐date AV
• User‐friendly
• Attacker can search collected data for cookies, files, contents of HTTP requests, FTP logons, etc.
• The files collected by Zeus were typically stored on compromised servers
• Sold for as low as $250 (with support!)
• One variant ran on Amazon’s EC2 cloud

How do they get by us?
Golden‐ball syndrome – Prey on our weaknesses!
You two seem to have understanding on how these things work. So...

Its funny to me how advertisers these days use the very tactics that early hackers used to gather info. Its all good now though. Thanks patriot act.

What are some tell tale signs of a rootkit infection and what are the weaknesses being used by predators. How does one differentiate between legit BS advertising and illegal infiltration from rootkits. It seems all so blurred at the moment.
Still pushing
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 E0 @ 4.32GHz 1.36v EVGA 750i FTW GTX470 765/1530/1848 (unlocked 465) OCZ Blade 9200LV @ 1080MHz 5-5-5-18-33 
OSMonitorPowerCase
XP 32bit /Win 7 64bit /Arch Linux Samsung PX2370 PCP&Cooling 610w Silencer piece of cardboard 
  hide details  
Reply
Still pushing
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 E0 @ 4.32GHz 1.36v EVGA 750i FTW GTX470 765/1530/1848 (unlocked 465) OCZ Blade 9200LV @ 1080MHz 5-5-5-18-33 
OSMonitorPowerCase
XP 32bit /Win 7 64bit /Arch Linux Samsung PX2370 PCP&Cooling 610w Silencer piece of cardboard 
  hide details  
Reply
post #82 of 85
Quote:
Originally Posted by Drobomb View Post
You two seem to have understanding on how these things work. So...

Its funny to me how advertisers these days use the very tactics that early hackers used to gather info. Its all good now though. Thanks patriot act.

What are some tell tale signs of a rootkit infection and what are the weaknesses being used by predators. How does one differentiate between legit BS advertising and illegal infiltration from rootkits. It seems all so blurred at the moment.
NETWORK ACTIVITY!!!

Make sure you have no programs connected to the internet. Watch your network activity. If its around 1 percent theres something there doing wrong things
post #83 of 85
Quote:
Originally Posted by Spooony View Post
Those that don’t want to sell malware sell themeans to help build malware:

• ZoPack
• El‐Fiesta
• IcePack
• Neosploit
• AdPack
• Zeus
Few examples

55% of Zeus‐infected systems had up‐to‐date AV
• User‐friendly
• Attacker can search collected data for cookies, files, contents of HTTP requests, FTP logons, etc.
• The files collected by Zeus were typically stored on compromised servers
• Sold for as low as $250 (with support!)
• One variant ran on Amazon’s EC2 cloud

How do they get by us?
Golden‐ball syndrome – Prey on our weaknesses!
Most are targeted attacks leveraging trust. Get an email/link from a friend click on link execute loader. This is the attack vector in a majority of cases -- User "trust" - As mentioned in an earlier post "TRUST KILLS"

Yup the AV dont detect as the loaders are polymorphic and usually are not stored on the users' endpoint.

Think once or twice before clicking on any link. Some sites don't know they are compromised.

Spoony think about the link I send you that referencing Zeus. Did you think twice about clicking it?

The internet activities and computers are so integrate mature economies that userrs doent even think. Detailed security awareness should be mandatory and a requirement within the education systems. It should be taught in elementry to graduate school. Sorry about preaching
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #84 of 85
Install via USB as you said. You should be golden after that.
post #85 of 85
[QUOTE=Spooony;14487167]
Those that don’t want to sell malware sell the means to help build malware:

• ZoPack
• El‐Fiesta
• IcePack
• Neosploit
• AdPack
• Zeus
QUOTE]

Spoony

So true, but there are other sources too that are legitimate and have purpose. Good security tools can always be used in a less noble manner.

Sometime it is really just the intent of the user.

Think about metasploit and how it can be used. Yes, it generates a large and unique profile and is easily detected. But can items and exploits be reused and packed differently
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?