Rootkit author offer fix for MS patch problem

D

Daave

HeyBub said:
"According to security vendor Prevx, the authors of the rootkit which
was the cause of a large number of unbootable systems which applied
the MS10-015 patch issued last week have issued a patch to fix the
incompatibility."
http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php

All your roots belong to us...
Click to expand...

OK, so here's the plan.

I will shut off my firewall and disable my AV program. I will then
intentionally get infected with that particular rootkit. Then I will
download and install the patch that the authors of this rootkit issued
last week so that when I apply the MS10-015 patch, I won't get the BSOD.
Cool! No more incompatibility!
 
J

Jose

OK, so here's the plan.

I will shut off my firewall and disable my AV program. I will then
intentionally get infected with that particular rootkit. Then I will
download and install the patch that the authors of this rootkit issued
last week so that when I apply the MS10-015 patch, I won't get the BSOD.
Cool! No more incompatibility!
Click to expand...

I want to do that too.

I think the the best way to understand these things is to experience
them for yourself and learn how to fix them.

Where do you go to get infected with that particular rootkit? I have
been trying for a week.
 
B

Bob I

Jose said:
I want to do that too.

I think the the best way to understand these things is to experience
them for yourself and learn how to fix them.

Where do you go to get infected with that particular rootkit? I have
been trying for a week.
Click to expand...

Why not ask ol' ANGELKISSES420 ?
 
H

HeyBub

Daave said:
OK, so here's the plan.

I will shut off my firewall and disable my AV program. I will then
intentionally get infected with that particular rootkit. Then I will
download and install the patch that the authors of this rootkit issued
last week so that when I apply the MS10-015 patch, I won't get the
BSOD. Cool! No more incompatibility!
Click to expand...

Right. As I understand the problem, the rootkit authors coded an absolute
address for a critical Windows function; this address was changed by the
Microsoft update. The rootkit authors then went back and made the address a
variable to be deduced at run time, thereby making their product more
robust.

This is not the first time Microsoft has changed an un-documented item to
the cost of developers.
 
P

PA Bear [MS MVP]

I think it disingenuous at best to consider malware writers & botnet owners
"developers."

HeyBub wrote:
 
J

Jose

I think it disingenuous at best to consider malware writers & botnet owners
"developers."

HeyBub wrote:

<blithersnippage>
Click to expand...

Their efforts are sometimes clever, usually merely annoying and fairly
easy to outsmart.

I think there is some sick, twisted and perverted reward (there -
that's all the good words) and competition between the authors to see
who can be the most likely to induce a complete reinstall of Windows
when some person on the receiving end is unable or unwilling to try to
figure out their products and fix the problem and just gives up.
Victory is theirs!

They could certainly be malicious and destructive if they wanted to
be, but so far... they seem to be mostly just annoying.
 
V

VanguardLH

HeyBub said:
"According to security vendor Prevx, the authors of the rootkit which was
the cause of a large number of unbootable systems which applied the MS10-015
patch issued last week have issued a patch to fix the incompatibility."

http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php

All your roots belong to us...
Click to expand...

So rather than get RID of the rootkit malware, users are expected to get an
update to the malware. Uh huh.

In similar manner, put the malware authors up against a wall and I'll SHOOT
them in their heads with hollow-point bullets. Then I'll offer to remove to
the flattened bullets, bend them into a slightly different form, and then
hammer them back into their dead brains. Works for me.
 
B

Bob I

Jose said:
Their efforts are sometimes clever, usually merely annoying and fairly
easy to outsmart.

I think there is some sick, twisted and perverted reward (there -
that's all the good words) and competition between the authors to see
who can be the most likely to induce a complete reinstall of Windows
when some person on the receiving end is unable or unwilling to try to
figure out their products and fix the problem and just gives up.
Victory is theirs!

They could certainly be malicious and destructive if they wanted to
be, but so far... they seem to be mostly just annoying.
Click to expand...

No the 'bot herders want to remain UNdetected. They DON'T want to lose
control of a PC as it is in their best interest to keep the PC working
for them.
 
M

MowGreen

VanguardLH said:
So rather than get RID of the rootkit malware, users are expected to get an
update to the malware. Uh huh.

In similar manner, put the malware authors up against a wall and I'll SHOOT
them in their heads with hollow-point bullets. Then I'll offer to remove to
the flattened bullets, bend them into a slightly different form, and then
hammer them back into their dead brains. Works for me.
Click to expand...


I'll bring the popcorn and refreshments, Vanguard.

MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft Tries to Avoid Windows Blue Screen Repeat 3
Black ops: how HBGary wrote backdoors for the government (Part 1) 0
Microsoft Turns Up The Heat On Windows 2000 Users 4
OpenOffice.org Newsletter (02/2004) 3
WTD: Nvidia Videocard for 4x AGP Slot 0

Top