DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th June 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,150
Thanked 182 Times in 149 Posts
Default 'Indestructible' rootkit enslaves 4.5m PCs in 3 months

From http://www.theregister.co.uk/2011/06...reon_advances/

Quote:
One of the world's stealthiest pieces of malware infected more than 4.5 million PCs in just three months, making it possible for its authors to force keyloggers, adware, and other malicious programs on the compromised machines at any time.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 30th June 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Thanks for the great article!
Reply With Quote
  #3   (View Single Post)  
Old 30th June 2011
Randux Randux is offline
Disgruntled desktop user
 
Join Date: May 2008
Location: Siberia
Posts: 100
Thanked 0 Times in 0 Posts
Default

It sounds trivial to defeat if you know you have it though. It's a boot sector virus, so pop in a live CD, dd your boot sector, and do a fresh install.

How does it get in there in the first place? I didn't see any explanation.
__________________
BSDForums.org refugee #27
Multibooting with LILO
Reply With Quote
  #4   (View Single Post)  
Old 1st July 2011
Ninguem Ninguem is offline
Shell Scout
 
Join Date: Jun 2011
Posts: 138
Thanked 0 Times in 0 Posts
Default

Updates from Slashdot in my mailbox:

Links:
0. http://twitter.com/mikeatcw
1. http://www.computerworld.com/s/artic...ay_researchers
2. http://www.securelist.com/en/analysi...0/TDL4_Top_Bot
3. http://www.computerworld.com/s/artic...s_blue_screens
Reply With Quote
  #5   (View Single Post)  
Old 2nd July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Randux,

You say,
Quote:
Originally Posted by Randux View Post
It sounds trivial to defeat if you know you have it though. It's a boot sector virus, so pop in a live CD, dd your boot sector, and do a fresh install.
So you have to sacrifice all your data is that not correct?
Reply With Quote
  #6   (View Single Post)  
Old 5th July 2011
Randux Randux is offline
Disgruntled desktop user
 
Join Date: May 2008
Location: Siberia
Posts: 100
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by CyberJet View Post
Randux,

You say,


So you have to sacrifice all your data is that not correct?
As if Windows didn't do that for you already?

In all seriousness, the article says the virus is indestructable because it's a boot sector virus. Boot sector viruses are probably the oldest kind. And yes, if you get one you need to install a clean system. What will they tell you to do if your BSD box is rooted? Same thing, do a new install.
__________________
BSDForums.org refugee #27
Multibooting with LILO
Reply With Quote
  #7   (View Single Post)  
Old 5th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

You right, what was I thinking.
Reply With Quote
  #8   (View Single Post)  
Old 6th July 2011
Randux Randux is offline
Disgruntled desktop user
 
Join Date: May 2008
Location: Siberia
Posts: 100
Thanked 0 Times in 0 Posts
Default

I have no idea since you didn't say.
__________________
BSDForums.org refugee #27
Multibooting with LILO
Reply With Quote
  #9   (View Single Post)  
Old 15th July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

CyberJet's digression into OpenBSD-specific questions has been moved to the following thread:

http://www.daemonforums.org/showthread.php?t=6162
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Console hangs every 2.5 months mbw OpenBSD General 2 20th October 2010 09:55 AM
IRC server had backdoor in source code for months J65nko News 2 15th June 2010 04:36 PM
Google's Go programming language - four months on J65nko News 0 24th March 2010 10:58 PM
Virus & Rootkit protection jaymax FreeBSD Ports and Packages 1 18th June 2008 02:46 PM


All times are GMT. The time now is 05:33 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick