Go Back   Two Wheel Fix > General > Off Topic

Reply
 
Thread Tools Display Modes
Old 10-24-2009, 12:14 AM   #21
pauldun170
Serious Business
 
pauldun170's Avatar
 
Join Date: Nov 2008
Location: New York
Moto: 1993 ZX-11 2008 CBR1000rr
Posts: 9,723
Default

Quote:
Originally Posted by dubbs View Post
Don't understand that statement.. I download TBs of data a week.. 100mbits down 15 up..

I use the shit out of it.. I love downloading at 10MB/s..

Meaning: I download a lot and much of that are torrents...some of which are not the cleanest files out there.
__________________


Quote:
Originally Posted by Dave View Post
feed your dogs root beer it will make them grow large and then you can ride them and pet the motorcycle while drinking root beer
pauldun170 is offline   Reply With Quote
Old 10-27-2009, 10:38 AM   #22
Lamnidae
CMDLINE
 
Lamnidae's Avatar
 
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
Default

Quote:
Originally Posted by dubbs View Post
If you knew how to properly use a PC, you wouldn't need anti-virus.. (I've never had anti-virus software on any of my PCs and never had any issues, not being a dick, I'm just an IT Consultant)

Microsofts newest product - Microsoft Security Essentials is a bare bones version, doesn't load up on resources and out performs most other brands..
Agree and somewhat disagree.


I use AVG and Malware.


One of the biggest problems most general users have is that they don't patch their shit either. Gee, if you don't apply the patches (and fuck you, Mac's have security issues too) then you're just waiting for the moment to have a virus walk in on you while you've got your dick stuck in the vacuum cleaner....


Patch your shit.

Don't be a dumbass while browsing the web.

Really, leave the pirated software alone.

Watch what your family does on the system (give 'em the guest account to use or generic user acct's).

Maintain your anti-virus.



With as much shit as people do on their pc's it's amazing to see how unprotected most folks are in thier home. Thank god I refuse to do home-based service.
__________________
Quote:
Originally Posted by PhiSig1071 View Post
TLS' are more fun then a room full of hookers and a gallon zip-loc of X, but almost as likely to get you in trouble.
Lamnidae is offline   Reply With Quote
Old 10-27-2009, 02:38 PM   #23
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

Amblyopic I would have agreed with you in the past, but the current run of infections are something a little different. We generally refer to them collectively as "FakeAV" around here. They are generally being lauched via web browser (IE or Firefox; it doesn't matter). They disable a good deal of the user interaction with the browser, so it takes more than a basic user's skills to get rid of it (most users have no idea what Task Manager is).

I suspect that the virus is spread both by infected pages and infected ad banners. The browser window resizes and immediately warns you, with an official looking window, that your system is infected with a large number of viri. It also gives instructions for removal ('click here') and takes you to a site where you can purchase the removal tool. Of course this is progressively causing a deeper and deeper exploitation of your system. So far I've only had one user who foolishly clicked all the way through to the point of giving a credit card number, out of the few hundred removals I've done.

The most invasive version of this trojan loads a bunch of 'don't run' commands into the system registry, as the second step of the infection (first click on the window). This blocks every antivirus that I've ever heard of, Malwarebytes, Spybot, AdAware, and dozens of other tools. Even HijackThis is blocked from execution. In some cases I've been able to manually remove the worst of the infection by booting with ERD Commander (a butchered version of WinXP that boots from CD), but I've failed miserably to definitely clean the system in fully 50% of the cases with this version of the virus.

Most of the people involved had the Windows Firewall enabled and had a good corporate level antivirus installed, and up to date on the system. It didn't help. This stuff is something new.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/
Papa_Complex is offline   Reply With Quote
Old 10-27-2009, 03:22 PM   #24
Lamnidae
CMDLINE
 
Lamnidae's Avatar
 
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
Default

Quote:
Originally Posted by Papa_Complex View Post
Amblyopic I would have agreed with you in the past, but the current run of infections are something a little different. We generally refer to them collectively as "FakeAV" around here. They are generally being lauched via web browser (IE or Firefox; it doesn't matter). They disable a good deal of the user interaction with the browser, so it takes more than a basic user's skills to get rid of it (most users have no idea what Task Manager is).

I suspect that the virus is spread both by infected pages and infected ad banners. The browser window resizes and immediately warns you, with an official looking window, that your system is infected with a large number of viri. It also gives instructions for removal ('click here') and takes you to a site where you can purchase the removal tool. Of course this is progressively causing a deeper and deeper exploitation of your system. So far I've only had one user who foolishly clicked all the way through to the point of giving a credit card number, out of the few hundred removals I've done.

The most invasive version of this trojan loads a bunch of 'don't run' commands into the system registry, as the second step of the infection (first click on the window). This blocks every antivirus that I've ever heard of, Malwarebytes, Spybot, AdAware, and dozens of other tools. Even HijackThis is blocked from execution. In some cases I've been able to manually remove the worst of the infection by booting with ERD Commander (a butchered version of WinXP that boots from CD), but I've failed miserably to definitely clean the system in fully 50% of the cases with this version of the virus.

Most of the people involved had the Windows Firewall enabled and had a good corporate level antivirus installed, and up to date on the system. It didn't help. This stuff is something new.


Yeah, they're getting harder and harder to clean and protect from... the threat is growing exponentially. Go to the SANS's site often if you don't already... I spend a lot of time there. But one of the larger things you're mentioning is the ad based viruses.... and so many people fall prey to these attacks, because... they just don't know any better.


And one of the biggest things I argue is that the users really need to patch their systems (both the OS and so many just leave the programs as-is). Adobe's got so many holes it's not funny, same w/ Sun's Java........ the list goes on and on.


.... just like Windows 7. I love the OS, i've had the beta running since June-ish and the RTM......... god, ... can't remember when, but I'm running it.... But anyways, even before official release to the public it already had its first major vulnerability (Zero Day attack - BSOD w/ a single packet, IIRC, let me know and I can get you the article and subsquent alerts).....


.... I think we can agree on something.


There's a lot of bad people out there who want either A) to get your identity or B) just make your day as shitty as possible with these malware advertisements, viruses, etc. I mean, Mitnick didn't do it to really do harm to peoples stuff, he did it just to see if he could.... Have you met Mitnick before? I haven't had the chance yet (was supposed to be at a conference he was going to speak but didn't get to go), but I did get a chance to hear a speaking by Johnny Long.... cool dude.
__________________
Quote:
Originally Posted by PhiSig1071 View Post
TLS' are more fun then a room full of hookers and a gallon zip-loc of X, but almost as likely to get you in trouble.
Lamnidae is offline   Reply With Quote
Old 10-27-2009, 03:51 PM   #25
pauldun170
Serious Business
 
pauldun170's Avatar
 
Join Date: Nov 2008
Location: New York
Moto: 1993 ZX-11 2008 CBR1000rr
Posts: 9,723
Default

Quote:
Originally Posted by Papa_Complex View Post
Amblyopic I would have agreed with you in the past, but the current run of infections are something a little different. We generally refer to them collectively as "FakeAV" around here. They are generally being lauched via web browser (IE or Firefox; it doesn't matter). They disable a good deal of the user interaction with the browser, so it takes more than a basic user's skills to get rid of it (most users have no idea what Task Manager is).

I suspect that the virus is spread both by infected pages and infected ad banners. The browser window resizes and immediately warns you, with an official looking window, that your system is infected with a large number of viri. It also gives instructions for removal ('click here') and takes you to a site where you can purchase the removal tool. Of course this is progressively causing a deeper and deeper exploitation of your system. So far I've only had one user who foolishly clicked all the way through to the point of giving a credit card number, out of the few hundred removals I've done.

The most invasive version of this trojan loads a bunch of 'don't run' commands into the system registry, as the second step of the infection (first click on the window). This blocks every antivirus that I've ever heard of, Malwarebytes, Spybot, AdAware, and dozens of other tools. Even HijackThis is blocked from execution. In some cases I've been able to manually remove the worst of the infection by booting with ERD Commander (a butchered version of WinXP that boots from CD), but I've failed miserably to definitely clean the system in fully 50% of the cases with this version of the virus.

Most of the people involved had the Windows Firewall enabled and had a good corporate level antivirus installed, and up to date on the system. It didn't help. This stuff is something new.
My mother got hit with something along those lines.

Hijackthis + AVG +Avasts + Malwarebytes + poking around +4 gours of my life to clean up her system.

Told her to stop looking at porn and then she laughed...
which means she's been looking at porn
__________________


Quote:
Originally Posted by Dave View Post
feed your dogs root beer it will make them grow large and then you can ride them and pet the motorcycle while drinking root beer
pauldun170 is offline   Reply With Quote
Old 10-27-2009, 04:32 PM   #26
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

Quote:
Originally Posted by pauldun170 View Post
My mother got hit with something along those lines.

Hijackthis + AVG +Avasts + Malwarebytes + poking around +4 gours of my life to clean up her system.

Told her to stop looking at porn and then she laughed...
which means she's been looking at porn
If it took that long, then you can bet that there is still something on the system; back door, bot net, fake service... One interesting trick that they've started to use is a hidden chron job in the Windows\Tasks directory. You think that the system is clean and then the next morning it's re-virused. These days I recommend that most home user's just back their shit up and blow the drive away. It takes less time and it's the only way to be reasonably certain.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/
Papa_Complex is offline   Reply With Quote
Old 10-27-2009, 04:33 PM   #27
Papa_Complex
Nomadic Tribesman
 
Papa_Complex's Avatar
 
Join Date: Nov 2008
Location: Brampton, Canada
Moto: '09 ER-6n
Posts: 11,150
Default

Quote:
Originally Posted by Amblyopic View Post
There's a lot of bad people out there who want either A) to get your identity or B) just make your day as shitty as possible with these malware advertisements, viruses, etc. I mean, Mitnick didn't do it to really do harm to peoples stuff, he did it just to see if he could.... Have you met Mitnick before? I haven't had the chance yet (was supposed to be at a conference he was going to speak but didn't get to go), but I did get a chance to hear a speaking by Johnny Long.... cool dude.
Last Spring the infections were trying to communicate with Ukraine. That raises some obvious possibilities.
__________________
"Everything's better with pirates." - Lodge, "Dorkness Rising"

http://www.morallyambiguous.net/
Papa_Complex is offline   Reply With Quote
Old 10-27-2009, 04:42 PM   #28
pauldun170
Serious Business
 
pauldun170's Avatar
 
Join Date: Nov 2008
Location: New York
Moto: 1993 ZX-11 2008 CBR1000rr
Posts: 9,723
Default

Quote:
Originally Posted by Papa_Complex View Post
If it took that long, then you can bet that there is still something on the system; back door, bot net, fake service... One interesting trick that they've started to use is a hidden chron job in the Windows\Tasks directory. You think that the system is clean and then the next morning it's re-virused. These days I recommend that most home user's just back their shit up and blow the drive away. It takes less time and it's the only way to be reasonably certain.
Most of that time was spent on scans and writing a cheat sheet for her in case it happens again.

Normally I would just do a fresh install but on that occasion I didn't feel like wasting all that time on it.
__________________


Quote:
Originally Posted by Dave View Post
feed your dogs root beer it will make them grow large and then you can ride them and pet the motorcycle while drinking root beer
pauldun170 is offline   Reply With Quote
Old 10-27-2009, 08:43 PM   #29
Lamnidae
CMDLINE
 
Lamnidae's Avatar
 
Join Date: Feb 2008
Location: Huntsville, AL
Moto: 2008 Black/Grey Hayabusa
Posts: 1,406
Default

Quote:
Originally Posted by Papa_Complex View Post
If it took that long, then you can bet that there is still something on the system; back door, bot net, fake service... One interesting trick that they've started to use is a hidden chron job in the Windows\Tasks directory. You think that the system is clean and then the next morning it's re-virused. These days I recommend that most home user's just back their shit up and blow the drive away. It takes less time and it's the only way to be reasonably certain.
yeah, blow it away and be done with it. I typically don't recommend really repairing a system.... if you do, its only to get that last bit of "OMG I can't loose it!" personal data that the user should have had backed up..... Get your stuff then blow it away. not worth it to have something even remotely in the background. Typical system restore for me takes about an hour and a half if that.



Quote:
Originally Posted by Papa_Complex View Post
Last Spring the infections were trying to communicate with Ukraine. That raises some obvious possibilities.
You see a lot of that. Several other countries not just Ukrane as well though. Use your imagination.
__________________
Quote:
Originally Posted by PhiSig1071 View Post
TLS' are more fun then a room full of hookers and a gallon zip-loc of X, but almost as likely to get you in trouble.
Lamnidae is offline   Reply With Quote
Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 05:43 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.