• Indestructible botnet?

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Indestructible botnet?

    Author
    Topic
    WSJust Plain Fred
    AskWoody Lounger
    July 4, 2011 at 3:54 pm #477594

    Hello all,
    Yes … This is really evil check out this article.cnet[/url] :flee:Regards Fred

    Reply | Quote
    Viewing 6 reply threads
    Author
    Replies
    • browni
      AskWoody MVP
      July 4, 2011 at 4:30 pm #1286552

      Looks like this is the same (or related) botnet referenced in this thread

      Reply | Quote
    • WSBanyarola
      AskWoody Lounger
      July 5, 2011 at 4:52 am #1286599

      How does someone get the infection ?

      Reply | Quote
      • WSmidnight
        AskWoody Lounger
        July 5, 2011 at 6:40 am #1286642

        There is also an article this week at http://www.ghacks.net/2011/07/01/indestructible-botnet-discovered/ which elaborates a bit more. Says it has been found in porn sites, pirated movie sites and on ‘some’ free photo hosting sites. “THEY” are always out to get us!!

        Reply | Quote
        • WSJust Plain Fred
          AskWoody Lounger
          July 5, 2011 at 7:30 am #1286643

          “THEY” are always out to get us!!

          midnight,
          Yes it would seem so…Also this is why i use a security system (Norton Internet Security 2011) that performs a “Boot Time Scan” (selectable option) Hopefully keeping the “nasties” out before they have a chance to load with windows.:cheers:Regards Fred

          Reply | Quote
    • WSmidnight
      AskWoody Lounger
      July 5, 2011 at 8:57 am #1286652

      Thanks Fred
      I also run Norton Int. Sec. 2011 but I don’t see the option for “Boot Time Scan”. A search of the Symantec site says it runs automatically with Auto Protect. Have I missed something? The beer is mighty good in this weather!
      BJ

      Reply | Quote
      • WSJust Plain Fred
        AskWoody Lounger
        July 5, 2011 at 10:06 am #1286662

        I also run Norton Int. Sec. 2011 but I don’t see the option for “Boot Time Scan”. The beer is mighty good in this weather!

        BJ,
        Hello… It’s in settings…see screen shot:cheers: Regards Fred

        Reply | Quote
    • satrow
      AskWoody MVP
      July 5, 2011 at 9:52 am #1286658

      A boot time scan is useless if your real-time or passive protection didn’t prevent the initial trigger from happening, this loads and is active before Windows is.

      Reply | Quote
      • WSJust Plain Fred
        AskWoody Lounger
        July 5, 2011 at 10:15 am #1286664

        A boot time scan is useless if your real-time or passive protection didn’t prevent the initial trigger from happening, this loads and is active before Windows is.

        satrow,
        Hello… Norton scans for it before your “OS” boot’s …and then deals with it…and hopefully catches it there:cheers: Regards Fred

        Reply | Quote
        • WSmidnight
          AskWoody Lounger
          July 5, 2011 at 11:10 am #1286670

          Slap my head! I didn’t scroll down far enough! Thanks.

          BJ

          Reply | Quote
        • satrow
          AskWoody MVP
          July 5, 2011 at 11:30 am #1286673

          satrow,
          Hello… Norton scans for it before your “OS” boot’s …and then deals with it…and hopefully catches it there:cheers: Regards Fred

          Fred, you say one thing then you illustrate it with a link that contradicts you. Has Norton discovered a way to boot and run from thin air, if so, you’d think they’d be boasting about how the only way to remove it would be to use their products.

          Explain please how Norton can operate and detect it without having any ‘OS’ started?

          Reply | Quote
          • WSJust Plain Fred
            AskWoody Lounger
            July 5, 2011 at 3:06 pm #1286692

            Fred, you say one thing then you illustrate it with a link that contradicts you. Has Norton discovered a way to boot and run from thin air, if so, you’d think they’d be boasting about how the only way to remove it would be to use their products.

            Explain please how Norton can operate and detect it without having any ‘OS’ started?

            satrow,
            Hello… There are two actually …
            1. Norton has a “Bootable Recovery Tool”… so if something does get past your security and “hoses your OS”…. Load up the CD and boot from it,and it will search for the “infection” and remove it. (before windows loads up) Although i have not used it ( didn’t have a need to yet) I view it as a good “tool” to have.

            2. If this new ( zero day) “Bot” resides in your MBR…at least Norton will “run” a scan of your entire OS before it boots …and remove it. (presuming that Norton has discovered how) Look I’m not trying to pick a fight just passing along some info… So if I’m wrong I Apologize …ask for your money back:cheers:. Regards Fred

            Reply | Quote
            • satrow
              AskWoody MVP
              July 5, 2011 at 3:52 pm #1286698

              A lot of presumptions there Fred 😉

              A guess: number of Norton users with the bootable CD = less than 10%

              There must be a reason MSFT are saying that it isn’t guaranteed that it can be successfully removed and that fixing the MBR then wiping/reinstalling is the only way to be sure 🙂

              Check the link Doc Brown gave.

              Bottom line: normal A/V tools can’t touch it.

              Reply | Quote
    • WSDoc Brown
      AskWoody Lounger
      July 5, 2011 at 9:58 am #1286660

      So far, the major A/V vendors aren’t detecting this via the normal means. If you suspect you have it, you’ll be tipped off by noticing strange behavior and performance issues. There are several companies that have tools to run from a bootable disk to fix it: http://update.pcantivirusreviews.com/news/bootkit/

      Reply | Quote
    • joep517
      AskWoody MVP
      July 5, 2011 at 9:45 pm #1286749

      It may be difficult to eradicate but certainly not impossible.

      Joe

      --Joe

      Reply | Quote
      • WSsuniljoseph
        AskWoody Lounger
        August 5, 2011 at 11:33 am #1291641

        Hi,
        You can fix Gen.TDL!4 infection by using Kaspersky’s TDSSKiller, or else the techies would like to do a fixmbr… 😉

        Reply | Quote
    • WSMalwarekiller
      AskWoody Lounger
      August 10, 2011 at 11:59 pm #1292542

      i think my avast! will catch it and throw it into the chest….:^_^:

      Reply | Quote
    Viewing 6 reply threads
    Reply To: Indestructible botnet?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.