Viruses

  • Thread starter Thread starter Patty
  • Start date Start date
Re: Viruses

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

| Em Segunda, 22 de Setembro de 2008 23:25, David H. Lipman escreveu:

>> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>> | Em Segunda, 22 de Setembro de 2008 22:04, David H. Lipman escreveu:

>>>> as malware
>>>> affects every OS.

>> | Not true.

>> It sure is.
| No.

>> The only thing is some operating systems are targeted more than others.
>> Win32 is the most targeted OS familiy (and we are in the Microsoft Usenet
>> hierarchy)
| almost all huge internet servers runs on unix like OSs, so as big company
| servers... are you thinking this machines are not tempting targets?

| Ms OSs are the most target by malware because it is easy to target them...

| There had been several attempts to create a virus that infect unix like
| systems like they infect windows, and they all failed, because they can
| only workout in badly configured or wrongly used systems.

>> but you name an OS and there is some form of malware for it.
| They can be hacked if they have open ports like all servers have, but can't
| be infected like windows and symbian (nokia phones) can.
| Actualy, these are the two systems that need to be protected by anti-malware
| progs... an MacOS or Linux user will only install an antivirus if he is
| paranoid.

| For windows to get the same level of imunity, it would have to change a lot:
| ---stop identifying file types by its extention's name (weekness)
| ---stop loading bynaries (as programs) by clicking directly on them (extreme
| weekness)
| ---create a new permissions system that really works...
| ---ban the autorun in removable volumes.
| ---does not allow the administrator to have a grafical desktop.
| and this would go on and on...

| the best way to fight the threat of malware is to correct the flaws and
| weekness they exploit... not trusting on anti-malware to solve it...
| anti-malware could be used only as a temporary solution, not a permanet
| one.

| Microsoft did some of these corrections allready (the RPC exploit) but they
| wore not enought

| regards


Attempts at infecteing Unix/Linux didn't fail. They weren't as successful as with Win16
and Win32.
Let see...

There was the Bliss. Remember that ?
Then there is the RST.a/RST.b (aka; ELF.RST.a), Rike, Ramen, Metaphor, Lindoes, Kagob and
the infamous OSF.8759.
We also have the Lion, Kork, Millen and Slapper worms and the Obsidian.

I'm sorry...

There is malware for the 'nix families whether they are configured properly or not, they
exist and there will continue to be new ones created. As the MAC and 'nix OS' become more
prevalent they too will have a larger targeting base.

Even the venerable VM/CMS had its virus holiday in '88 on Christmas < LOL >

Like the Amiga ? It had viruses. It even got Aids < lol >


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Viruses

Em Terça, 23 de Setembro de 2008 00:36, Leythos escreveu:

> In article <gb97ua$l4i$1@registered.motzarella.org>, a-
> farpado.spam@netcabo.pt says...
>> There had been several attempts to create a virus that infect unix like
>> systems like they infect windows, and they all failed, because they can
>> only workout in badly configured or wrongly used systems.
>
> Many Unix/Linux systems are compromised every year, not by a "Virus" but
> by exploits and root hacking.
>
> It's incorrect to say that Unix or Linux is secure.
>

any server machine can be hacked, there is allways a way... only they are
not hacked by a peace of software, but by a human being that somehow can
crack it's defences. it's dificult to secure a server, needs constant
monitoring.
while windows clients and server systems can be hacked so easy if the system
is compromised by a backdoor malware, and there are lots of them surfing
the internet right now, pousing as frendly software.
you know what a "botnet" is don't you? you maybe even using one without
knowing.
you guys put to much trust on your antivirus, and that is a big weekness
that leads your to be careless... only i understand you don't have much of
a choice these days :(

regards
 
Re: Viruses

Em Terça, 23 de Setembro de 2008 00:46, David H. Lipman escreveu:

>
> Attempts at infecteing Unix/Linux didn't fail. They weren't as successful
> as with Win16 and Win32.
> Let see...
>
> There was the Bliss. Remember that ?
""When executed, it attempts to attach itself to Linux executable files, to
which regular users do not have access. ""

had to be root activated to do it...

""Although it was probably intended to prove that Linux can be infected, it
does not propagate very effectively because of the structure of Linux's
user privilege system.""

see what i mean?

anyway, all the other you pointed are old news and all it's exploits wore
corrected.
 
Re: Viruses

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

| Em Terça, 23 de Setembro de 2008 00:46, David H. Lipman escreveu:


>> Attempts at infecteing Unix/Linux didn't fail. They weren't as successful
>> as with Win16 and Win32.
>> Let see...

>> There was the Bliss. Remember that ?
| ""When executed, it attempts to attach itself to Linux executable files, to
| which regular users do not have access. ""

| had to be root activated to do it...

| ""Although it was probably intended to prove that Linux can be infected, it
| does not propagate very effectively because of the structure of Linux's
| user privilege system.""

| see what i mean?

| anyway, all the other you pointed are old news and all it's exploits wore
| corrected.


Doesn't matter. I can pull up new ones if need be.

The fact remains.
I posted... "as malware affects every OS."
And you replied... "Not true."

What I posted were well known bits of malware and they affected the OS. That's a fact.

So I repeat emphatically... "malware affects every OS."
With the disclaimer...
"The only thing is some operating systems are targeted more than others".

BTW: The Slapper had spread pretty well and caused financial loses.

Since you mention Symbian...
http://www.f-secure.com/weblog/archives/00001368.html

Oh you also mention the MAC OS. OS/X had the OSX/Leap-A

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Viruses

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

I forgot to mention...

The RBN (before Atrivo was exposed) had begun to target MAC computers with the same kind
of Fake Codecs that were so prevalent in the distribution of the ZLob trojans for Win32.

http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/

And I personnaly have seen the code that decides what OS you are using and what file will
be downloaded to the PC.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Viruses

Em Terça, 23 de Setembro de 2008 01:31, David H. Lipman escreveu:

>
> The fact remains.
> I posted... "as malware affects every OS."
> And you replied... "Not true."
>
> What I posted were well known bits of malware and they affected the OS.
> That's a fact.
or tryed to...

>
> So I repeat emphatically... "malware affects every OS."
> With the disclaimer...
> "The only thing is some operating systems are targeted more than others".
>
> BTW: The Slapper had spread pretty well and caused financial loses.
slapper atacked the apache web server and only it, not the OS...
anyway, a patch was applied and that worm will never work again.
an antivirus wasn't needed.

> Since you mention Symbian...
> http://www.f-secure.com/weblog/archives/00001368.html
symbian have the same weekness regarding filename extentions... is easy to
fool a system that uses filename extentions

> Oh you also mention the MAC OS. OS/X had the OSX/Leap-A
>
i don't know much about Macs. tell me, does OSX/Leap-A still works in newer
MacOS systems?
 
Re: Viruses

Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>
>
> I forgot to mention...
>
> The RBN (before Atrivo was exposed) had begun to target MAC computers with
> the same kind of Fake Codecs that were so prevalent in the distribution of
> the ZLob trojans for Win32.
>
>
http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/
>
> And I personnaly have seen the code that decides what OS you are using and
> what file will be downloaded to the PC.
>

""The site serving the fake codecs detects the user agent in a browser in
order to distinguish between Mac and Windows PCs before delivering the
appropriate malware,""


any web server can read the type of OS that the clients have...
i do have access to web servers (i'm not a web designer), and we can see a
lot about our clients:
OS
OS version
browser name and version
screen resolution
color resolution
system language
.... etc...
what this server did was dispatch the proper software for the visitor OS.
 
Re: Viruses

Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>
>
> I forgot to mention...
>
> The RBN (before Atrivo was exposed) had begun to target MAC computers with
> the same kind of Fake Codecs that were so prevalent in the distribution of
> the ZLob trojans for Win32.

why do you keep talking about win32?
64bit windows is vulnerable to malware too.

i lost count of how many 64bit vista(s) i've seen infected...
 
Re: Viruses

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

| Em Terça, 23 de Setembro de 2008 01:31, David H. Lipman escreveu:


>> The fact remains.
>> I posted... "as malware affects every OS."
>> And you replied... "Not true."

>> What I posted were well known bits of malware and they affected the OS.
>> That's a fact.
| or tryed to...


>> So I repeat emphatically... "malware affects every OS."
>> With the disclaimer...
>> "The only thing is some operating systems are targeted more than others".

>> BTW: The Slapper had spread pretty well and caused financial loses.
| slapper atacked the apache web server and only it, not the OS...
| anyway, a patch was applied and that worm will never work again.
| an antivirus wasn't needed.

>> Since you mention Symbian...
>> http://www.f-secure.com/weblog/archives/00001368.html
| symbian have the same weekness regarding filename extentions... is easy to
| fool a system that uses filename extentions

>> Oh you also mention the MAC OS. OS/X had the OSX/Leap-A

| i don't know much about Macs. tell me, does OSX/Leap-A still works in newer
| MacOS systems?

OSX/Leap-A affects Macintosh OS X 10.4 and was bad enough for MITRE to give it the Common
Malware Enumerator (CME) value of CME-4. I believe MAC OS X is at 10.5 now and is slated
for 10.6 in '09.

Getting back to the Slapper, if anti virus was installed and was up to date, its
dessmination would have been greatly dimminshed. But this is NOT about installing anti
virus software as you seem to want to keep moving to. It is and was about the sheer fact
that every OS is targeted for malware. It doesn't matter if it attacks the OS or a
software installed on the OS. If there is a exploit it will be targeted. If there is
montary gain as in in the Fake Codec/ZLob Trojan the platform will be a target. It
doesn't have to be just a software vulnerability/exploit vector it can be Social
Engineering which is the most effective way to get past security software.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Viruses

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

| Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

>> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>> I forgot to mention...

>> The RBN (before Atrivo was exposed) had begun to target MAC computers with
>> the same kind of Fake Codecs that were so prevalent in the distribution of
>> the ZLob trojans for Win32.


| http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/

>> And I personnaly have seen the code that decides what OS you are using and
>> what file will be downloaded to the PC.


| ""The site serving the fake codecs detects the user agent in a browser in
| order to distinguish between Mac and Windows PCs before delivering the
| appropriate malware,""


| any web server can read the type of OS that the clients have...
| i do have access to web servers (i'm not a web designer), and we can see a
| lot about our clients:
| OS
| OS version
| browser name and version
| screen resolution
| color resolution
| system language
| ... etc...
| what this server did was dispatch the proper software for the visitor OS.


Right, and through Social Engineering the MAC was trageted for non-viral malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Viruses

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

| Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

>> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>> I forgot to mention...

>> The RBN (before Atrivo was exposed) had begun to target MAC computers with
>> the same kind of Fake Codecs that were so prevalent in the distribution of
>> the ZLob trojans for Win32.

| why do you keep talking about win32?
| 64bit windows is vulnerable to malware too.

| i lost count of how many 64bit vista(s) i've seen infected...


Ha, ha...

You said it not me :-)

The fact is there are a perponderance of Win32 coded malware and some Win64 coded malware
but, Win64 is a traget and that's the point.

I think I have made my case. Every OS is a target of malware. It all depends on the
infection vector, the authors intent, the payload and the author's desires. Yesterday is
was bragging rights. Today it is monetary gain.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Viruses

After all that, you now agree it is OK to post malware posts in this
newsgroup?
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23Fo2KzRHJHA.1160@TK2MSFTNGP05.phx.gbl...
> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>
>
> | Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:
>
>>> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>
>
>>> I forgot to mention...
>
>>> The RBN (before Atrivo was exposed) had begun to target MAC computers
>>> with
>>> the same kind of Fake Codecs that were so prevalent in the distribution
>>> of
>>> the ZLob trojans for Win32.
>
> | why do you keep talking about win32?
> | 64bit windows is vulnerable to malware too.
>
> | i lost count of how many 64bit vista(s) i've seen infected...
>
>
> Ha, ha...
>
> You said it not me :-)
>
> The fact is there are a perponderance of Win32 coded malware and some
> Win64 coded malware
> but, Win64 is a traget and that's the point.
>
> I think I have made my case. Every OS is a target of malware. It all
> depends on the
> infection vector, the authors intent, the payload and the author's
> desires. Yesterday is
> was bragging rights. Today it is monetary gain.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
 
Re: Viruses

You must agree that you're a puzzle. First you respond to posts concerning
malware and then you in effect tell
the poster to post elsewhere. Are you getting up in age?
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ezIsY1oHJHA.1308@TK2MSFTNGP02.phx.gbl...
> From: "Unknown" <unknown@unknown.kom>
>
> | If you see any then, simply ignore them.
>
> Again...
>
> No !
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
 
Re: Viruses

From: "Unknown" <unknown@unknown.kom>

| You must agree that you're a puzzle. First you respond to posts concerning
| malware and then you in effect tell
| the poster to post elsewhere. Are you getting up in age?

LOL

I someone posts a malware related query I'll reply if possible.

If I can guide them to post in a more targeted subject matter related news group I will.
This includes scripting, MS Office products, etc.

You'll note that I helped Patty first and then I staed...
"In the future, please post malware related problems in a virus related news group such
as;
microsoft.public.security.virus"

EOD

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Back
Top