wtf kind of virus is this sh*t?

The constant threat: viruses, trojans, spyware, ... the list goes on

Re: wtf kind of virus is this sh*t?

Post by insomaniacal on Fri Dec 04, 2009 11:37 pm
([msg=31019]see Re: wtf kind of virus is this sh*t?[/msg])

I would like to imagine I am one of those exceptions :) , but still, if there are any articles on the topic, it'd be pretty interesting to read. I mean, I'm pretty sure there's the occasional script-kiddie who sneaks a trojan into some software using istealer, then reuploads them to some big torrent site, claiming to be from a prominent cracking group, but I didn't think it would be *that* widespread.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: wtf kind of virus is this sh*t?

Post by thedotmaster on Sat Dec 05, 2009 7:41 am
([msg=31027]see Re: wtf kind of virus is this sh*t?[/msg])

Many people would, but the reality is that there's a lot of money out there for grabs setting up large botnets.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: wtf kind of virus is this sh*t?

Post by insomaniacal on Sat Dec 05, 2009 9:58 am
([msg=31029]see Re: wtf kind of virus is this sh*t?[/msg])

I know all about the big money that you can make from them, by installing affiliate software and such to people on your botnet, I've even considered doing so in the past.

However, with my experience with botnets, they would always force a program to run in the background, and attempt to hide it somehow. It always ended up showing in netstat though, or at least, the one's that I've experimented with on my computers.

My netstat is totally clean, no odd connections or anything. As I've said earlier, most of my software IS pirated, and although I disagree with you about the worm/virus/trojan thing, I'm going to start logging for awhile and see if I pick anything up.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: wtf kind of virus is this sh*t?

Post by thedotmaster on Sat Dec 05, 2009 1:07 pm
([msg=31034]see Re: wtf kind of virus is this sh*t?[/msg])

Sockets are not the lowest level of network communication, you can get one step lower - that would not be picked up by netstat.
However, the people who write rootkits aren't stupid and they won't write rootkits that are going to be sending out packets every minute, every hour, or even every day.
If I were to write a rootkit, I would make it monitor for (first of all, netstat), but secondly - for when there's a lot of network traffic and send data then so it is easier to miss in logs, etc. I might even consider using something like MSN/AIM/etc for some of the communication - most people have those things running anyway, so a few extra packets wouldn't go amiss.
Rootkits will lay dormant for quite some time without doing anything, and when they do do things - it may only be for 5 minutes or so.
Checking that they're still alive however would only take a single bit of data saying "UP" or something, and a few connections to a tracker or other peers. That could be done every week or so.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: wtf kind of virus is this sh*t?

Post by Darkseed The Corrupt on Thu Dec 10, 2009 6:45 pm
([msg=31246]see Re: wtf kind of virus is this sh*t?[/msg])

Chances are, by using torrents, you have contracted some sort of Rouge Antivirus software. Rouge anivirus software is acually not a Anti-virus program but a dangerous virus/trojan that will eventually disable your computer completely :twisted: . Now I Don't normally help people repair infected systems, but go download Malwarebyte's anti-malware and scan your PC using THAT program. I'm not completely sure you have what I think you have but checking never hurts.

Good luck
-Darkseed The Corrupt
Darkseed The Corrupt
New User
New User
 
Posts: 1
Joined: Thu Dec 10, 2009 6:32 pm
Blog: View Blog (0)


Re: wtf kind of virus is this sh*t?

Post by Erlendd on Fri Dec 11, 2009 6:55 am
([msg=31253]see Re: wtf kind of virus is this sh*t?[/msg])

I read through the whole thread.

Scary as hell, taking in consideration almost 50% of my HDD consists of pirated material...

Are there any clever ways to detect basic root-kits? My AVG (pirated) has a rootkit scanning option, not quite sure if it is a function worth trying though. I do however, scan on a daily basis.

Also, when watching the netstat, I do not know which connections I should 'be afraid of', nor which connections are safe. Any help would be hugely appreciated.

-E
Erlendd
New User
New User
 
Posts: 10
Joined: Thu Dec 10, 2009 2:22 pm
Blog: View Blog (0)


Re: wtf kind of virus is this sh*t?

Post by thedotmaster on Fri Dec 11, 2009 7:48 pm
([msg=31267]see Re: wtf kind of virus is this sh*t?[/msg])

Erlendd wrote:I read through the whole thread.

Scary as hell, taking in consideration almost 50% of my HDD consists of pirated material...

Are there any clever ways to detect basic root-kits? My AVG (pirated) has a rootkit scanning option, not quite sure if it is a function worth trying though. I do however, scan on a daily basis.

Also, when watching the netstat, I do not know which connections I should 'be afraid of', nor which connections are safe. Any help would be hugely appreciated.

-E


No, detecting rootkits isn't worth the effort. You'd be better off reinstalling your OS if you're that bothered.
There's an app called RootkitRevealer, but it simply detects rootkit-like files, so a lot of them will not be rootkits. In fact, none may be rootkits, yet that doesn't mean you don't have any.
Again though, netstat will not tell detect well written rootkits as sockets are not the lowest form of network communication.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: wtf kind of virus is this sh*t?

Post by Primux on Thu Mar 18, 2010 12:22 am
([msg=36997]see Re: wtf kind of virus is this sh*t?[/msg])

What was the antivirus program that you used to scan the computer? Was it norton, macafee or AVG? Or was it WinXP Antivirus 2009 or Spyware Destroyer?

The former are real antivirus programs and the latter are what's known as "Rogue Anti-Spyware", essentially a virus posing as an antivirus program. A (probably) full list of Rogue Anti-malware viruses can be found here: http://www.spywarewarrior.com/rogue_anti-spyware.htm

-Primux
Primux
New User
New User
 
Posts: 10
Joined: Mon Aug 03, 2009 1:57 am
Blog: View Blog (0)


Previous

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron