zombie pc

[RB]

http://wired.com/news/technology/0,1282,61457,00.html?tw=wn_techhead_5

Check out the above report. It's something that should be of concern to
those of us who run either cable or DSL.

The questions left hanging by the article are:

1. How does one tell if his pc has this going on?

2. What the heck do you do about it if you think your pc may be infected?

Anyone have answers to these questions?

 

[Chris Norton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

1. How does one tell if his pc has this going on?

If your internet connection all of a sudden seems to be always in use
even when you are not using it.
This could be a sign that someone or something is using your computer
as a "host" for something.

2. What the heck do you do about it if you think your pc may be
infected?

Press ctrl+alt+del and look at the current programs running. look for
something out of the ordinary.
If you are using Windows XP the following are normal XP run programs:
services.exe, spoolsv.exe sbchost.exe
taskmgr.exe, winlogon.exe are all normal XP processes. If you have a
program running that you did not start
or do not know about simply goto start > search and look for the .exe
file and see where they are located

Keep up to date with anti-virus software DAT files and check your
system once a week. Don't open email
attachments unless you scan them for viruses first but even then be
careful. I am sure someone else can give
you even more tips.

Chris Norton

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA+AwUBP+HqWOr4xSt9KmOhEQIeQQCbBAvrg17X+i5BBEg2taYytHiQLt8Al2VX
/jChw82F9FWw1MtEu7NtBGk=
=BWwy
-----END PGP SIGNATURE-----

 

[null]

http://wired.com/news/technology/0,1282,61457,00.html?tw=wn_techhead_5

Check out the above report. It's something that should be of concern to
those of us who run either cable or DSL.

Or dialup or whatever.

The questions left hanging by the article are:

1. How does one tell if his pc has this going on?

The usual way is to use a good antivirus scanner. There are other more
general ways to detect many backdoors and internet worms.

2. What the heck do you do about it if you think your pc may be infected?

Eradicate the malicious code.

Anyone have answers to these questions?

Why are you fussing over this article in particular? Backdoors and
internet worms have been around for quite some time now.


Art
http://www.epix.net/~artnpeg

 

[Chris Norton]

that should be svchost.exe not sb. sorry about that.

 

[RB]

}}} Why are you fussing over this article in particular? Backdoors and
internet worms have been around for quite some time now. {{{

Sorry 'bout that. The way I read the threat in the article it comes at me
as if it's something recent. If what is being written about in the article
are plain old worms or backdoors, then yes, those are "old business", and
that fits in with your stating the fix is an a/v program.

However, note the phrase in the article "within the last six months", and
the dateline of Dec 3. That leads me to believe what the author is
addressing IS a new threat.

 

[null]

}}} Why are you fussing over this article in particular? Backdoors and
internet worms have been around for quite some time now. {{{

Sorry 'bout that. The way I read the threat in the article it comes at me
as if it's something recent. If what is being written about in the article
are plain old worms or backdoors, then yes, those are "old business", and
that fits in with your stating the fix is an a/v program.

However, note the phrase in the article "within the last six months", and
the dateline of Dec 3. That leads me to believe what the author is
addressing IS a new threat.

The only thing new that the article points out is the depth to which
spamming has sunk


Art
http://www.epix.net/~artnpeg

 

[David W. Hodgins]

However, note the phrase in the article "within the last six months", and
the dateline of Dec 3. That leads me to believe what the author is
addressing IS a new threat.

Six months is a very long time in the development of malware and
anti malware.

The author is probably referring to the release of the sobig virus,
and many since then, that appear to have been written for big time
spammers.

Regards, Dave Hodgins

 

[Gabriele Neukam]

On that special day, RB, ([email protected]) said...

http://wired.com/news/technology/0,1282,61457,00.html?tw=wn_techhead_5

Check out the above report. It's something that should be of concern to
those of us who run either cable or DSL.

I've seen it for *months*, spam mail sent to me from such zombies.

Read
http://www.lurhq.com/sobig-f.html
http://www.securityfocus.com/news/4217
http://www.kaspersky.com/news.html?id=982906

to understand what's going on.

The questions left hanging by the article are:

1. How does one tell if his pc has this going on?

Your ISP will tell you that your machine is spewing. The ISP is told by
some aggravated recipients of the spam, like me.

2. What the heck do you do about it if you think your pc may be infected?

Format all partitions.
Re-install
Apply all patches, especially those regarding internet security
DUMP that goddamn security lacking barndoor "Internet Explorer and
Outlook Express", use Mozilla or its derivatives instead


Gabriele Neukam

(e-mail address removed)

 

[Dirk]

http://wired.com/news/technology/0,1282,61457,00.html?tw=wn_techhead_5

Check out the above report. It's something that should be of concern to
those of us who run either cable or DSL.

The questions left hanging by the article are:

1. How does one tell if his pc has this going on?

2. What the heck do you do about it if you think your pc may be infected?

Anyone have answers to these questions?

What is new about this? Nothing to my knowneldge.

 

[mzlindyone]

However, note the phrase in the article "within the last six months", and
the dateline of Dec 3. That leads me to believe what the author is
addressing IS a new threat.

I think a couple of the issues they bring up are cause for concern if
not alarm, given that "AV on every PC" is a worthy but probably not
achievable goal (nevermind more technically detailed education), and
these and worse are likely to continue.

"British police recently warned that crime syndicates, many in Eastern
Europe, are using denial-of-service attacks to blackmail businesses,
threatening to knock them offline unless they pay a small fee."

Seems a decent enough description of a virtual protection racket.

However I think Eastern European crime sydicates have little to do
with the Mimail worm being used to DoS major spam blocklist
maintainers like monkeys.com, which was shut down by the attacks, and
spamhaus.org, which survives. I don't think there was any blackmail
involved there - spammers just wanted them offline, period.

This isn't some cracker managing to grab some idiot's Visa number
because they were stupid enough to run that interesting looking file
that came in e-mail, nor is even some spammer finding or installing a
proxy or relay by the same means -- this article is talking about
*organized crime*, and no amount of knowledge on the victim's end
could stop it. At the moment only massive available bandwidth works.

Carol

 

[FromTheRafters]

What is new about this? Nothing to my knowneldge.

Nor mine. It is probably new in the sense that they are only now
beginning to comprhend how *very serious* this can get.

 

[RB]

The article was dated Dec 6th, and refers to events and threats in the last
six months, and calls them emergent threats.

Nothing new about DOS. But, if there are new threats (not clear) being
written about, then maybe there is a new problem. Then again, maybe it's
only the widespread use of DOS that's the threat being described, rather
than isolated occurrences.