Viruses

[ArameFarpado]

Em Terça, 23 de Setembro de 2008 00:36, Leythos escreveu:

Many Unix/Linux systems are compromised every year, not by a "Virus" but
by exploits and root hacking.

It's incorrect to say that Unix or Linux is secure.

any server machine can be hacked, there is allways a way... only they are
not hacked by a peace of software, but by a human being that somehow can
crack it's defences. it's dificult to secure a server, needs constant
monitoring.
while windows clients and server systems can be hacked so easy if the system
is compromised by a backdoor malware, and there are lots of them surfing
the internet right now, pousing as frendly software.
you know what a "botnet" is don't you? you maybe even using one without
knowing.
you guys put to much trust on your antivirus, and that is a big weekness
that leads your to be careless... only i understand you don't have much of
a choice these days

regards

 

[ArameFarpado]

Em Terça, 23 de Setembro de 2008 00:46, David H. Lipman escreveu:

Attempts at infecteing Unix/Linux didn't fail. They weren't as successful
as with Win16 and Win32.
Let see...

There was the Bliss. Remember that ?

""When executed, it attempts to attach itself to Linux executable files, to
which regular users do not have access. ""

had to be root activated to do it...

""Although it was probably intended to prove that Linux can be infected, it
does not propagate very effectively because of the structure of Linux's
user privilege system.""

see what i mean?

anyway, all the other you pointed are old news and all it's exploits wore
corrected.

 

[David H. Lipman]

From: "ArameFarpado" <[email protected]>

| Em Terça, 23 de Setembro de 2008 00:46, David H. Lipman escreveu:

| ""When executed, it attempts to attach itself to Linux executable files, to
| which regular users do not have access. ""

| had to be root activated to do it...

| ""Although it was probably intended to prove that Linux can be infected, it
| does not propagate very effectively because of the structure of Linux's
| user privilege system.""

| see what i mean?

| anyway, all the other you pointed are old news and all it's exploits wore
| corrected.


Doesn't matter. I can pull up new ones if need be.

The fact remains.
I posted... "as malware affects every OS."
And you replied... "Not true."

What I posted were well known bits of malware and they affected the OS. That's a fact.

So I repeat emphatically... "malware affects every OS."
With the disclaimer...
"The only thing is some operating systems are targeted more than others".

BTW: The Slapper had spread pretty well and caused financial loses.

Since you mention Symbian...
http://www.f-secure.com/weblog/archives/00001368.html

Oh you also mention the MAC OS. OS/X had the OSX/Leap-A

 

[David H. Lipman]

From: "ArameFarpado" <[email protected]>

I forgot to mention...

The RBN (before Atrivo was exposed) had begun to target MAC computers with the same kind
of Fake Codecs that were so prevalent in the distribution of the ZLob trojans for Win32.

http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/

And I personnaly have seen the code that decides what OS you are using and what file will
be downloaded to the PC.

 

[ArameFarpado]

Em Terça, 23 de Setembro de 2008 01:31, David H. Lipman escreveu:

The fact remains.
I posted... "as malware affects every OS."
And you replied... "Not true."

What I posted were well known bits of malware and they affected the OS.
That's a fact.

or tryed to...

So I repeat emphatically... "malware affects every OS."
With the disclaimer...
"The only thing is some operating systems are targeted more than others".

BTW: The Slapper had spread pretty well and caused financial loses.

slapper atacked the apache web server and only it, not the OS...
anyway, a patch was applied and that worm will never work again.
an antivirus wasn't needed.

Since you mention Symbian...
http://www.f-secure.com/weblog/archives/00001368.html

symbian have the same weekness regarding filename extentions... is easy to
fool a system that uses filename extentions

Oh you also mention the MAC OS. OS/X had the OSX/Leap-A

i don't know much about Macs. tell me, does OSX/Leap-A still works in newer
MacOS systems?

 

[ArameFarpado]

Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

From: "ArameFarpado" <[email protected]>

I forgot to mention...

The RBN (before Atrivo was exposed) had begun to target MAC computers with
the same kind of Fake Codecs that were so prevalent in the distribution of
the ZLob trojans for Win32.

http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/

And I personnaly have seen the code that decides what OS you are using and
what file will be downloaded to the PC.

""The site serving the fake codecs detects the user agent in a browser in
order to distinguish between Mac and Windows PCs before delivering the
appropriate malware,""


any web server can read the type of OS that the clients have...
i do have access to web servers (i'm not a web designer), and we can see a
lot about our clients:
OS
OS version
browser name and version
screen resolution
color resolution
system language
.... etc...
what this server did was dispatch the proper software for the visitor OS.

 

[ArameFarpado]

Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

From: "ArameFarpado" <[email protected]>

I forgot to mention...

The RBN (before Atrivo was exposed) had begun to target MAC computers with
the same kind of Fake Codecs that were so prevalent in the distribution of
the ZLob trojans for Win32.

why do you keep talking about win32?
64bit windows is vulnerable to malware too.

i lost count of how many 64bit vista(s) i've seen infected...

 

[David H. Lipman]

From: "ArameFarpado" <[email protected]>

| Em Terça, 23 de Setembro de 2008 01:31, David H. Lipman escreveu:

| or tryed to...

| slapper atacked the apache web server and only it, not the OS...
| anyway, a patch was applied and that worm will never work again.
| an antivirus wasn't needed.
| symbian have the same weekness regarding filename extentions... is easy to
| fool a system that uses filename extentions

| i don't know much about Macs. tell me, does OSX/Leap-A still works in newer
| MacOS systems?

OSX/Leap-A affects Macintosh OS X 10.4 and was bad enough for MITRE to give it the Common
Malware Enumerator (CME) value of CME-4. I believe MAC OS X is at 10.5 now and is slated
for 10.6 in '09.

Getting back to the Slapper, if anti virus was installed and was up to date, its
dessmination would have been greatly dimminshed. But this is NOT about installing anti
virus software as you seem to want to keep moving to. It is and was about the sheer fact
that every OS is targeted for malware. It doesn't matter if it attacks the OS or a
software installed on the OS. If there is a exploit it will be targeted. If there is
montary gain as in in the Fake Codec/ZLob Trojan the platform will be a target. It
doesn't have to be just a software vulnerability/exploit vector it can be Social
Engineering which is the most effective way to get past security software.

 

[David H. Lipman]

From: "ArameFarpado" <[email protected]>

| Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:


| http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/


| ""The site serving the fake codecs detects the user agent in a browser in
| order to distinguish between Mac and Windows PCs before delivering the
| appropriate malware,""


| any web server can read the type of OS that the clients have...
| i do have access to web servers (i'm not a web designer), and we can see a
| lot about our clients:
| OS
| OS version
| browser name and version
| screen resolution
| color resolution
| system language
| ... etc...
| what this server did was dispatch the proper software for the visitor OS.


Right, and through Social Engineering the MAC was trageted for non-viral malware.

 

[David H. Lipman]

From: "ArameFarpado" <[email protected]>

| Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

| why do you keep talking about win32?
| 64bit windows is vulnerable to malware too.

| i lost count of how many 64bit vista(s) i've seen infected...


Ha, ha...

You said it not me

The fact is there are a perponderance of Win32 coded malware and some Win64 coded malware
but, Win64 is a traget and that's the point.

I think I have made my case. Every OS is a target of malware. It all depends on the
infection vector, the authors intent, the payload and the author's desires. Yesterday is
was bragging rights. Today it is monetary gain.

 

[Unknown]

After all that, you now agree it is OK to post malware posts in this
newsgroup?

 

[David H. Lipman]

From: "Unknown" <[email protected]>

| After all that, you now agree it is OK to post malware posts in this
| newsgroup?

No!

 

[Unknown]

If you see any then, simply ignore them.

 

[David H. Lipman]

From: "Unknown" <[email protected]>

| If you see any then, simply ignore them.

Again...

No !

 

[Unknown]

You must agree that you're a puzzle. First you respond to posts concerning
malware and then you in effect tell
the poster to post elsewhere. Are you getting up in age?

 

[David H. Lipman]

From: "Unknown" <[email protected]>

| You must agree that you're a puzzle. First you respond to posts concerning
| malware and then you in effect tell
| the poster to post elsewhere. Are you getting up in age?

LOL

I someone posts a malware related query I'll reply if possible.

If I can guide them to post in a more targeted subject matter related news group I will.
This includes scripting, MS Office products, etc.

You'll note that I helped Patty first and then I staed...
"In the future, please post malware related problems in a virus related news group such
as;
microsoft.public.security.virus"

EOD