holy rootkit

[hardline]

so i just spent the whole day trying to get rid of a rootkit virus on my laptop. it basically bricked my lappy. i just got back to day 1 status. the people at dell(india) where idiots. the guy was insisting that i had to pull my cd drive out, its slot loading cd/dvd. be very carefull people. i got this while looking at cars using opera.

 

[drjeff]

so i just spent the whole day trying to get rid of a rootkit virus on my laptop. it basically bricked my lappy. i just got back to day 1 status. the people at dell(india) where idiots. the guy was insisting that i had to pull my cd drive out, its slot loading cd/dvd. be very carefull people. i got this while looking at cars using opera.

Yup, my business partner got his lappy slammed with it a few days ago. The tech support folks that handle my office just got his lappy back to him this AM after picking it up Monday PM. Rootkit was what the said also, and he was just viewing regular e-mail funnies through yahoo mail that he gets daily from his regular group of friends.

Nasty one!

 

[Marc]

Yup, my business partner got his lappy slammed with it a few days ago. The tech support folks that handle my office just got his lappy back to him this AM after picking it up Monday PM. Rootkit was what the said also, and he was just viewing regular e-mail funnies through yahoo mail that he gets daily from his regular group of friends.

Nasty one!

It's not just one, it's a family, or type of malware. There are lots of them written and floating around, but they're all designed to provide root access to the machine on which they've been installed.

Just another reason to partition data from OS, so when a need like this arises, you can wipe your OS clean and start over without losing everything.

Yes, some viruses can affect entire drives, partitions or not, but from what I've seen, not the more popular ones that are used for profit (rather than just general shenanigans) like keyloggers, bots and data stealing in general.

 

[Geoff]

I picked up a virus on Sunday. It took me 8 or 9 hours of screwing around to get rid of it.

 

[Marc]

According to Wiki, as many as 1 in 4 pc's contected to the internet maybe a bot in a botnet. I can picture in my head right now what the type of people with these 1 in 4 pc's look like.

 

[ctenidae]

I picked up a virus on Sunday. It took me 8 or 9 hours of screwing around to get rid of it.

Usually it's 8 or 9 hours of screwing around that will get you a virus. Or at least a nasty rash.

 

[WJenness]

I've had to rip TDSS off of a couple machines here at work recently... not fun times.

-w

 

[Geoff]

According to Wiki, as many as 1 in 4 pc's contected to the internet maybe a bot in a botnet. I can picture in my head right now what the type of people with these 1 in 4 pc's look like.

I imagine most of them are normal, mildly computer-literate people. If your machine is hijacked, it's tough to know it's happening if the bot is crafted properly to masquerade as one of the well-known Windows-NT process names, avoids hogging too many CPU cycles so you can see it in the Task Manager, and doesn't do too much comms. You basically have to fire up Wireshark and sniff the packets leaving your machine.

Fortunately, most bots are easier to detect since they make the machine run like crap.

 

[hardline]

this one was really nasty it actually was able to modify the bios. took me an hour to get the cd drive back so i could boot to cd. it was on of the few times i still wish i had floppy.

as far as just partitioning the harddrive just for the os it doesnt work because i have to still reinstall every app on my laptop. so i just have a harddrive with my docs dir backed up so after i reinstall i drag that dir back and im back in action. i wonder if i could ghost my whole drive

 

[Trekchick]

This is why I'm on a Mac. I had some major issues with my PC TWICE! I told my computer guy, "honey, if I have to wipe it all out and start over, I'm doing it with a mac!"

And I did!

 

[Marc]

this one was really nasty it actually was able to modify the bios. took me an hour to get the cd drive back so i could boot to cd. it was on of the few times i still wish i had floppy.

as far as just partitioning the harddrive just for the os it doesnt work because i have to still reinstall every app on my laptop. so i just have a harddrive with my docs dir backed up so after i reinstall i drag that dir back and im back in action. i wonder if i could ghost my whole drive

Partition, 2nd hard drive... accomplishes mostly the same thing. My point was to keep apps/os separate from data.

Also, yes.. because I got sick of installing apps if I needed to wipe the slate clean and start over, I kept an image of the drive on a separate drive that I made just after a fresh start with all the appropriate applications and drivers.

I take some of the same precautions, but not as many, now I'm with Ubuntu. And loving it.

 

[mondeo]

This is why I'm on a Mac. I had some major issues with my PC TWICE! I told my computer guy, "honey, if I have to wipe it all out and start over, I'm doing it with a mac!"

And I did!

http://www.appleinsider.com/articles/08/12/01/apple_now_encourages_antivirus_use_for_mac_os_x.html

*nix OSs are not immune. Heck, at this point, Vista and Linux are about on equal ground in that they both request admin approval any time you try to install anything. The funny thing is that what's made Linux so famousley "virus-proof" is what made everyone mad at Vista. Mac is safe because Apple is so monopolistic in their control of software (APIs and SDKs in particular) that no one is allowed enough knowledge of the OS to do as much harm. Which also limits software development.

The main difference, though, is market share. No one cares enough about Macs to write viruses for them. Now that Mac has made some significant progress (by admitting the limitations of their own OS and allowing Windows to be installed, by the way,) it's just a matter of time before there's a widespread Mac virus.

 

[drjeff]

http://www.appleinsider.com/articles/08/12/01/apple_now_encourages_antivirus_use_for_mac_os_x.html

*nix OSs are not immune. Heck, at this point, Vista and Linux are about on equal ground in that they both request admin approval any time you try to install anything. The funny thing is that what's made Linux so famousley "virus-proof" is what made everyone mad at Vista. Mac is safe because Apple is so monopolistic in their control of software (APIs and SDKs in particular) that no one is allowed enough knowledge of the OS to do as much harm. Which also limits software development.

The main difference, though, is market share. No one cares enough about Macs to write viruses for them. Now that Mac has made some significant progress (by admitting the limitations of their own OS and allowing Windows to be installed, by the way,) it's just a matter of time before there's a widespread Mac virus.

Also, since Mac has gathered a BIG market share of many a college campus these days, as the college age crew moves forward, if they stay Mac, I'd bet that the age of Mac-attack viruses is a given. In one sense for Mac users the best thing that could happen with respect to viruses is if Steve Jobs is indeed done with Apple and they loose some of their luster thus keeping them a "small fish" in the computing sea

 

[Marc]

http://www.appleinsider.com/articles/08/12/01/apple_now_encourages_antivirus_use_for_mac_os_x.html

*nix OSs are not immune. Heck, at this point, Vista and Linux are about on equal ground in that they both request admin approval any time you try to install anything. The funny thing is that what's made Linux so famousley "virus-proof" is what made everyone mad at Vista. Mac is safe because Apple is so monopolistic in their control of software (APIs and SDKs in particular) that no one is allowed enough knowledge of the OS to do as much harm. Which also limits software development.

Yes, but far more users regularly use their admin account at all times in Windows, because of the features attached to the admin. In the last Linux distro I use, you'd never log in as root, and any time you need root priveledges you execute the command as a temporary super user.

Also, mail clients and other apps in Linux never execute attached code automatically. Last I read, there were still instances in Vista where this was allowed.

Plus if you really want to get hardcore about it, there are free security enhancements (thinking of SELinux here) that step things up further.

 

[hardline]

Partition, 2nd hard drive... accomplishes mostly the same thing. My point was to keep apps/os separate from data.

Also, yes.. because I got sick of installing apps if I needed to wipe the slate clean and start over, I kept an image of the drive on a separate drive that I made just after a fresh start with all the appropriate applications and drivers.

I take some of the same precautions, but not as many, now I'm with Ubuntu. And loving it.

ya once i was able to get to the point of booting to cd it took me like 4 hours to be back to fulltilt. 2 hours of install and 2 of copying files

 

[mondeo]

Yes, but far more users regularly use their admin account at all times in Windows, because of the features attached to the admin. In the last Linux distro I use, you'd never log in as root, and any time you need root priveledges you execute the command as a temporary super user.

Also, mail clients and other apps in Linux never execute attached code automatically. Last I read, there were still instances in Vista where this was allowed.

Plus if you really want to get hardcore about it, there are free security enhancements (thinking of SELinux here) that step things up further.

If I remember my Ubuntu machine correctly, it just pops a box any time it needs root privledges and automates the sudo command from an 'ok' click. Basically what makes everyone mad about Vista. The other reason far more people use an admin account in Windows than in Linux is that people using Linux are more aware of the problems associated with remaining logged on as an admin. The Linux user base probably has significantly lower rates of security issues on their Windows boxes than typical PC users anyways. I also like how when I do log on as root in Ubuntu (or OpenSUSE, can't remember which it is) due to difficulties using sudo, the default background is bombs and caution signs.

 

[Marc]

If I remember my Ubuntu machine correctly, it just pops a box any time it needs root privledges and automates the sudo command from an 'ok' click. Basically what makes everyone mad about Vista. The other reason far more people use an admin account in Windows than in Linux is that people using Linux are more aware of the problems associated with remaining logged on as an admin. The Linux user base probably has significantly lower rates of security issues on their Windows boxes than typical PC users anyways. I also like how when I do log on as root in Ubuntu (or OpenSUSE, can't remember which it is) due to difficulties using sudo, the default background is bombs and caution signs.

It's not Ubuntu (at least I've never had that happen with Ubuntu, what release are you using, Intrepid Ibex?)... and Ubuntu forces you (I think, or at least strongly encourages) on install to create a default user separate from root. My father's new Dell laptop with Vista did not do that. I seem to remember installing Firefox for him using his admin account without being prompted for a pw... this also may have been my sister's new craptop with XP, so feel free to correct me if I'm wrong. When installing on Ubuntu, if you're not in the terminal, yes, it automates sudo as an OK click but you do have to provide the password...

And Linux users do have far lower rates of security problems than Windows users, because besides being more knowledgeable about hardware and software, most hackers writing malware are doing it on Linux and therefore don't care to exploit its weaknesses.