bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 31st Aug 2010, 09:30   #1
julieb
Minimodder
 
Join Date: Aug 2010
Posts: 47
julieb has yet to learn the way of the Dremel
64-bit rootkit spreading

http://www.bit-tech.net/news/bits/20...it-spreading/1


julieb is offline   Reply With Quote
Old 31st Aug 2010, 09:57   #2
fingerbob69
Hypermodder
 
fingerbob69's Avatar
 
Join Date: Jul 2009
Location: East of Ipswich
Posts: 745
fingerbob69 has yet to learn the way of the Dremelfingerbob69 has yet to learn the way of the Dremel
Thanks for the warning ...but how do I best protect myself?
__________________
Antec 902, Asus P6T se, i7-920 D0 oc@3.6ghz, Asaka Nero S, 6gb Corsair, Thermaltake 750w Evo Blue, XFX 4890 + Artic Twin Turbo Pro, Asus Xonar DS, BFG Ageia PhysX, 2x 500gb Seagate HDD, Win7 hp, NEC ea231wmi, MS X4, Cordless Mouseman optical(deceased)..now a Roccat Kova+
fingerbob69 is offline   Reply With Quote
Old 31st Aug 2010, 10:02   #3
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,098
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by fingerbob69 View Post
Thanks for the warning ...but how do I best protect myself?
Well, I moved to Linux - but I appreciate that's not always an option.

Best things to do:
1) Don't download dodgy copies of software.
B) Keep your system up-to-date
iii) Run a decent anti-virus and anti-spyware scanner
IV) Refrain from clicking links that you know you shouldn't

They don't offer complete protection, but that should see you a lot safer than most.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is offline   Reply With Quote
Old 31st Aug 2010, 10:06   #4
leveller
Yeti Sports 2 - 2011 Champion!
 
Join Date: Dec 2009
Posts: 1,107
leveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremel
Gareth, do all current antiV pick up root kits? Going back a couple of years there was only a downloadable detector from MS's website.
leveller is offline   Reply With Quote
Old 31st Aug 2010, 10:15   #5
Neoki
Hypermodder
 
Neoki's Avatar
 
Join Date: Oct 2004
Location: Lincoln
Posts: 948
Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.Neoki is the Cheesecake. Relix smiles down upon them.
Leveller,

All decent AV/IS products will contain Anti-Rootkit modules.
__________________
My Main Rig:|AMD 64 FX60 @ Stock|DFI LanParty SLI-DR | PC Power & Cooling 510 SLI EXTREME |2 GB Crucial Ballistix Tracer | 8800GTS | X-Fi Titanium Fatality®™ | Logitech® Z-5500 5.1|Hitachi 250GB x 3, 400GB, 160Gb, 120GB, SATA|Pioneer DVD-Rewriter Drive Black x 2 |
Neoki is offline   Reply With Quote
Old 31st Aug 2010, 12:08   #6
Joey9801
Eric the Half a Bee
 
Joey9801's Avatar
 
Join Date: May 2009
Location: Hertfordshire, England
Posts: 37
Joey9801 has yet to learn the way of the Dremel
Hurrah for opensuse
__________________
Win7 Home Premium/Linux mint 11 | 2500k @ 4.5GHz | Be Quiet Dark Rock Advanced | Antec 900 | MSI P67a-GD53 (B3) | 8Gb (4x2Gb) 1600Mhz DDR3 | XFX 4870 X2 | 2x 1Tb Samsung F3
Joey9801 is offline   Reply With Quote
Old 31st Aug 2010, 12:29   #7
Unknownsock
Supermodder
 
Join Date: Jul 2009
Posts: 444
Unknownsock has yet to learn the way of the Dremel
The question being is, why do people write stuff like this?

No seriously, I'd love to meet the guy who killed my computer a while back..
Unknownsock is offline   Reply With Quote
Old 31st Aug 2010, 12:43   #8
mrbens
Supermodder
 
mrbens's Avatar
 
Join Date: Aug 2009
Posts: 511
mrbens has yet to learn the way of the Dremel
Quote:
of 4GB - or more - of RAM
What's with all the hyphens (-) all over this news article?!

Hyphens are to join two words, commas are to break up sentences.
mrbens is offline   Reply With Quote
Old 31st Aug 2010, 13:32   #9
LooseNeutral
this Avatar stays till I get bored
 
LooseNeutral's Avatar
 
Join Date: May 2010
Location: Virginia, USA
Posts: 744
LooseNeutral has yet to learn the way of the Dremel
More bad news. I've had to wear out some ears and rear parts about viruses and the like to friends who just won't, or perhaps can't understand. Or, more often don't care that they spread this crap around like a friggin plague! A lot of my Mac friends don't get it either. "Hello, sure your machine is fine but your a CARRIER! What's that... Windows won't work anymore and you don't know what to do? I can't imagine WHY!" I wonder if this will take down a Mac running Boot Camp or the like? So, any idea where they found this wild thing roaming about and why the great protectors (Antivirus devs) haven't raised the red flags yet? SShh! Not so loud
LooseNeutral is offline   Reply With Quote
Old 31st Aug 2010, 13:57   #10
borandi
Multimodder
 
Join Date: Jan 2010
Location: London
Posts: 128
borandi has yet to learn the way of the Dremelborandi has yet to learn the way of the Dremelborandi has yet to learn the way of the Dremel
Quote:
Originally Posted by mrbens
Quote:
of 4GB - or more - of RAM
What's with all the hyphens (-) all over this news article?!

Hyphens are to join two words, commas are to break up sentences.
They're dashes. Dashes are used like commas but often to form a differential clause opposite in context or character to the first. In this case though, commas would be more appropriate
borandi is offline   Reply With Quote
Old 31st Aug 2010, 14:16   #11
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,098
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by mrbens View Post
What's with all the hyphens (-) all over this news article?! Hyphens are to join two words, commas are to break up sentences.
I know, I know, I should be using an Em-dash for asides - but the last time I tried that, it broke non-UTF-8 browsers.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is offline   Reply With Quote
Old 31st Aug 2010, 15:56   #12
bogie170
Supermodder
 
Join Date: Aug 2008
Location: Southampton, UK
Posts: 340
bogie170 has yet to learn the way of the Dremel
So whats the best Alureon Rootkit finder to see if you have been infected?
bogie170 is offline   Reply With Quote
Old 31st Aug 2010, 16:13   #13
greigaitken
Supermodder
 
Join Date: Aug 2009
Posts: 281
greigaitken has yet to learn the way of the Dremel
Microsoft totally missing a great cash cow here. New OS overy six months so once malware developed for it - just buy the new OS. They wont even have to worry about making pointless incapable secuirity anymore
greigaitken is offline   Reply With Quote
Old 31st Aug 2010, 17:59   #14
RichCreedy
Hey What Who
 
RichCreedy's Avatar
 
Join Date: Apr 2009
Location: lost in the middle of lincolnshire
Posts: 4,339
RichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming SaiyanRichCreedy is a Super Spamming Saiyan
will you buy a new os every 6 months i dont think so
__________________
if there are errors in my messages, its because my brain is to far ahead of my hands
RichCreedy is offline   Reply With Quote
Old 31st Aug 2010, 18:11   #15
Bakes
Hypermodder
 
Join Date: Jun 2010
Location: Oxford, UK
Posts: 886
Bakes has yet to learn the way of the DremelBakes has yet to learn the way of the DremelBakes has yet to learn the way of the Dremel
Quote:
Originally Posted by greigaitken
Microsoft totally missing a great cash cow here. New OS overy six months so once malware developed for it - just buy the new OS. They wont even have to worry about making pointless incapable secuirity anymore
That's a great idea! I mean, what with the having to rewrite the entirety of Windows every six months, I think you're on to something here!

Seriously though, security is a journey, not a destination, and if Microsoft's 64bit security principles have been useful in preventing rootkits since Vista (beta builds of Vista were available 4 years ago) that's a massive success in my book. Think of all the computers that haven't been rootkitted due to running 64bit Windows.
Bakes is offline   Reply With Quote
Old 31st Aug 2010, 20:45   #16
veato
I should be working
 
veato's Avatar
 
Join Date: Jan 2010
Location: Nottingham
Posts: 393
veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.veato is the Cheesecake. Relix smiles down upon them.
Got it yesterday. Along with the other crap it brought down too! The other stuff went easily but this nasty bugger hung around. Even when every piece of AV I had couldnt find it anymore I was still getting stuff like URL redirtections. Had to perform a full format last night!
__________________
Blog
veato is offline   Reply With Quote
Old 31st Aug 2010, 21:33   #17
Boogle
Supermodder
 
Join Date: Mar 2002
Location: UK
Posts: 282
Boogle can run CrysisBoogle can run CrysisBoogle can run CrysisBoogle can run CrysisBoogle can run CrysisBoogle can run CrysisBoogle can run CrysisBoogle can run CrysisBoogle can run CrysisBoogle can run CrysisBoogle can run Crysis
Quote:
Originally Posted by LooseNeutral View Post
More bad news. I've had to wear out some ears and rear parts about viruses and the like to friends who just won't, or perhaps can't understand. Or, more often don't care that they spread this crap around like a friggin plague! A lot of my Mac friends don't get it either. "Hello, sure your machine is fine but your a CARRIER! What's that... Windows won't work anymore and you don't know what to do? I can't imagine WHY!" I wonder if this will take down a Mac running Boot Camp or the like? So, any idea where they found this wild thing roaming about and why the great protectors (Antivirus devs) haven't raised the red flags yet? SShh! Not so loud
Aaaarghhh stop bringing back the memories!
Boogle is offline   Reply With Quote
Old 31st Aug 2010, 22:19   #18
thehippoz
Banned
 
Join Date: Dec 2008
Location: Fresno, CA
Posts: 5,780
thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!
Quote:
Originally Posted by Unknownsock View Post
The question being is, why do people write stuff like this?

No seriously, I'd love to meet the guy who killed my computer a while back..
he'd just root you again after you beat him up
thehippoz is offline   Reply With Quote
Old 31st Aug 2010, 22:49   #19
skybarge
just chilling at work
 
skybarge's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 68
skybarge has yet to learn the way of the Dremel
Quote:
Originally Posted by thehippoz
Quote:
Originally Posted by Unknownsock View Post
The question being is, why do people write stuff like this?

No seriously, I'd love to meet the guy who killed my computer a while back..
he'd just root you again after you beat him up
Plus you'd get in trouble for beating up a 10 year old script kiddie most prob or someone with advanced autism
__________________
*Lenovo Y580, GTX660M, 16GB, 128GB SSD, 1TB HDD
*Acer Vivabook 11.6" touchscreen
*Nexus 7, Samsung Galaxy S3
*Xbox360 Slim, PS3 Slim
skybarge is offline   Reply With Quote
Old 31st Aug 2010, 22:54   #20
Pookeyhead
It's big, and it's clever.
 
Pookeyhead's Avatar
 
Join Date: Jan 2004
Location: Blackpool, UK. Cheesecake!
Posts: 10,664
Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.Pookeyhead is definitely a rep cheat.
If you need to check for this beasty being present....

Quote:
If you did not have proactive detection in place, you can (currently) manually check to see if the bootkit is installed. As a side effect of the bootkit, the Disk Management pane of the Computer Management console will fail to show the system drive altogether:



It will also fail to show up in the command line using diskpart:

Lifted from MS Malware Protection Centre.

Keyword there being CURRENTLY. As soon as this is known to the developers of this crap, then that will probably be "fixed".
__________________
MAIN RIG |Intel i7 3960X @ 4.7GHz ¦¦ Asus Rampage IV Extreme ¦¦ 16Gb Mushkin DDR3 2133 ¦¦ 512GB Samsung 830 SSD ¦¦ 4TB of HDD Storage ¦¦ 4GB EVGA GTX670 Superclocked SLI ¦¦ Corsair 650D ¦¦ Eizo ColorEdge CG303W & Dell 2007FP ¦¦ Logitech Z623
EARTH| Celeron E3200 ¦¦ Gigabyte G31M-ES2L ¦¦ LSI SAS9260-8i ¦¦ 3TB RAID5 ¦¦ Headless - VNC administered
MOON | Thecus N3200pro 3TB RAID5
Pookeyhead is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 11:25.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.