Jump to content

Viruses

Guest Patty

By Guest Patty
in Windows XP

 Share

Recommended Posts

Guest ArameFarpado

Guest ArameFarpado

Posted
Posted

Re: Viruses

 

Em Terça, 23 de Setembro de 2008 01:31, David H. Lipman escreveu:

>

> The fact remains.

> I posted... "as malware affects every OS."

> And you replied... "Not true."

>

> What I posted were well known bits of malware and they affected the OS.

> That's a fact.

or tryed to...

>

> So I repeat emphatically... "malware affects every OS."

> With the disclaimer...

> "The only thing is some operating systems are targeted more than others".

>

> BTW: The Slapper had spread pretty well and caused financial loses.

slapper atacked the apache web server and only it, not the OS...

anyway, a patch was applied and that worm will never work again.

an antivirus wasn't needed.

> Since you mention Symbian...

> http://www.f-secure.com/weblog/archives/00001368.html

symbian have the same weekness regarding filename extentions... is easy to

fool a system that uses filename extentions

> Oh you also mention the MAC OS. OS/X had the OSX/Leap-A

>

i don't know much about Macs. tell me, does OSX/Leap-A still works in newer

MacOS systems?

  • Replies 36
  • Created
  • Last Reply

Popular Days

Popular Days

Guest ArameFarpado

Guest ArameFarpado

Posted
Posted

Re: Viruses

 

Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>

> I forgot to mention...

>

> The RBN (before Atrivo was exposed) had begun to target MAC computers with

> the same kind of Fake Codecs that were so prevalent in the distribution of

> the ZLob trojans for Win32.

>

>

http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/

>

> And I personnaly have seen the code that decides what OS you are using and

> what file will be downloaded to the PC.

>

 

""The site serving the fake codecs detects the user agent in a browser in

order to distinguish between Mac and Windows PCs before delivering the

appropriate malware,""

 

 

any web server can read the type of OS that the clients have...

i do have access to web servers (i'm not a web designer), and we can see a

lot about our clients:

OS

OS version

browser name and version

screen resolution

color resolution

system language

.... etc...

what this server did was dispatch the proper software for the visitor OS.

Guest ArameFarpado

Guest ArameFarpado

Posted
Posted

Re: Viruses

 

Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>

> I forgot to mention...

>

> The RBN (before Atrivo was exposed) had begun to target MAC computers with

> the same kind of Fake Codecs that were so prevalent in the distribution of

> the ZLob trojans for Win32.

 

why do you keep talking about win32?

64bit windows is vulnerable to malware too.

 

i lost count of how many 64bit vista(s) i've seen infected...

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: Viruses

 

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

 

| Em Terça, 23 de Setembro de 2008 01:31, David H. Lipman escreveu:

 

>> The fact remains.

>> I posted... "as malware affects every OS."

>> And you replied... "Not true."

>> What I posted were well known bits of malware and they affected the OS.

>> That's a fact.

| or tryed to...

 

>> So I repeat emphatically... "malware affects every OS."

>> With the disclaimer...

>> "The only thing is some operating systems are targeted more than others".

>> BTW: The Slapper had spread pretty well and caused financial loses.

| slapper atacked the apache web server and only it, not the OS...

| anyway, a patch was applied and that worm will never work again.

| an antivirus wasn't needed.

>> Since you mention Symbian...

>> http://www.f-secure.com/weblog/archives/00001368.html

| symbian have the same weekness regarding filename extentions... is easy to

| fool a system that uses filename extentions

>> Oh you also mention the MAC OS. OS/X had the OSX/Leap-A

 

| i don't know much about Macs. tell me, does OSX/Leap-A still works in newer

| MacOS systems?

 

OSX/Leap-A affects Macintosh OS X 10.4 and was bad enough for MITRE to give it the Common

Malware Enumerator (CME) value of CME-4. I believe MAC OS X is at 10.5 now and is slated

for 10.6 in '09.

 

Getting back to the Slapper, if anti virus was installed and was up to date, its

dessmination would have been greatly dimminshed. But this is NOT about installing anti

virus software as you seem to want to keep moving to. It is and was about the sheer fact

that every OS is targeted for malware. It doesn't matter if it attacks the OS or a

software installed on the OS. If there is a exploit it will be targeted. If there is

montary gain as in in the Fake Codec/ZLob Trojan the platform will be a target. It

doesn't have to be just a software vulnerability/exploit vector it can be Social

Engineering which is the most effective way to get past security software.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: Viruses

 

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

 

| Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

>> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>> I forgot to mention...

>> The RBN (before Atrivo was exposed) had begun to target MAC computers with

>> the same kind of Fake Codecs that were so prevalent in the distribution of

>> the ZLob trojans for Win32.

 

 

| http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/

>> And I personnaly have seen the code that decides what OS you are using and

>> what file will be downloaded to the PC.

 

 

| ""The site serving the fake codecs detects the user agent in a browser in

| order to distinguish between Mac and Windows PCs before delivering the

| appropriate malware,""

 

 

| any web server can read the type of OS that the clients have...

| i do have access to web servers (i'm not a web designer), and we can see a

| lot about our clients:

| OS

| OS version

| browser name and version

| screen resolution

| color resolution

| system language

| ... etc...

| what this server did was dispatch the proper software for the visitor OS.

 

 

Right, and through Social Engineering the MAC was trageted for non-viral malware.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: Viruses

 

From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

 

| Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

>> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>> I forgot to mention...

>> The RBN (before Atrivo was exposed) had begun to target MAC computers with

>> the same kind of Fake Codecs that were so prevalent in the distribution of

>> the ZLob trojans for Win32.

 

| why do you keep talking about win32?

| 64bit windows is vulnerable to malware too.

 

| i lost count of how many 64bit vista(s) i've seen infected...

 

 

Ha, ha...

 

You said it not me :-)

 

The fact is there are a perponderance of Win32 coded malware and some Win64 coded malware

but, Win64 is a traget and that's the point.

 

I think I have made my case. Every OS is a target of malware. It all depends on the

infection vector, the authors intent, the payload and the author's desires. Yesterday is

was bragging rights. Today it is monetary gain.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest Unknown

Guest Unknown

Posted
Posted

Re: Viruses

 

After all that, you now agree it is OK to post malware posts in this

newsgroup?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:%23Fo2KzRHJHA.1160@TK2MSFTNGP05.phx.gbl...

> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>

> | Em Terça, 23 de Setembro de 2008 01:38, David H. Lipman escreveu:

>

>>> From: "ArameFarpado" <a-farpado.spam@netcabo.pt>

>

>>> I forgot to mention...

>

>>> The RBN (before Atrivo was exposed) had begun to target MAC computers

>>> with

>>> the same kind of Fake Codecs that were so prevalent in the distribution

>>> of

>>> the ZLob trojans for Win32.

>

> | why do you keep talking about win32?

> | 64bit windows is vulnerable to malware too.

>

> | i lost count of how many 64bit vista(s) i've seen infected...

>

>

> Ha, ha...

>

> You said it not me :-)

>

> The fact is there are a perponderance of Win32 coded malware and some

> Win64 coded malware

> but, Win64 is a traget and that's the point.

>

> I think I have made my case. Every OS is a target of malware. It all

> depends on the

> infection vector, the authors intent, the payload and the author's

> desires. Yesterday is

> was bragging rights. Today it is monetary gain.

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

Guest Unknown

Guest Unknown

Posted
Posted

Re: Viruses

 

If you see any then, simply ignore them.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:uZEwsxbHJHA.4232@TK2MSFTNGP03.phx.gbl...

> From: "Unknown" <unknown@unknown.kom>

>

> | After all that, you now agree it is OK to post malware posts in this

> | newsgroup?

>

> No!

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

Guest Unknown

Guest Unknown

Posted
Posted

Re: Viruses

 

You must agree that you're a puzzle. First you respond to posts concerning

malware and then you in effect tell

the poster to post elsewhere. Are you getting up in age?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:ezIsY1oHJHA.1308@TK2MSFTNGP02.phx.gbl...

> From: "Unknown" <unknown@unknown.kom>

>

> | If you see any then, simply ignore them.

>

> Again...

>

> No !

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: Viruses

 

From: "Unknown" <unknown@unknown.kom>

 

| You must agree that you're a puzzle. First you respond to posts concerning

| malware and then you in effect tell

| the poster to post elsewhere. Are you getting up in age?

 

LOL

 

I someone posts a malware related query I'll reply if possible.

 

If I can guide them to post in a more targeted subject matter related news group I will.

This includes scripting, MS Office products, etc.

 

You'll note that I helped Patty first and then I staed...

"In the future, please post malware related problems in a virus related news group such

as;

microsoft.public.security.virus"

 

EOD

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 Share
Go to topic listing
×
×
  • Create New...