Ping: Dustin Cook - How would *you* find this rootkit?

[~BD~]

FromTheRafters wrote:
> "~BD~"<~BD~@nomail.afraid.com> wrote in message
> news:iup71h$q14$1@dont-email.me...
>> FromTheRafters wrote:
>>> "~BD~"<~BD~@nomail.afraid.com> wrote in message
>>> news:iuh7me$rvc$1@dont-email.me...
>>>> Mike Easter wrote:
>>>>> a.p.s only - no daft x-post to unrelated groups like a BD troll.
>>>>
>>>> Adding an additional 34 readers is hardly trolling!
>>>>
>>>> alt.politics.scorched-earth alt.politics.scorched-earth@googlegroups.com
>>>> Language: English
>>>> 34 subscribers, Messages per month: 4267, Usenet
>>>>
>>>> http://groups.google.com/groups/dir?...ched-earth%2C&
>>>>
>>>>>
>>>>> ~BD~ wrote:
>>>>>
>>>>>> The latest TDL-4 version of the rootkit,
>>>>>
>>>>> The problems are/ start with/ detection. If you can detect a boot sector
>>>>> problem/condition, then you have to 'get rid of' - zero or perhaps
>>>>> replace - the boot sector which is followed by creation of a new boot
>>>>> sector and operating system.
>>>>
>>>> The problem, surely, is knowing why one *should* look for a problem in the
>>>> first place! If all appears quite /normal/ to a computer user ...!!!
>>>
>>> That's true, but what's your point? Are you paving the way to slimey
>>> innuendo, or are you actually asking about detecting or identifying
>>> a rootkit?
>>
>> The latter.
>>
>>> You're probably not going to find such a rootkit unless you suspect one is
>>> present, or you routinely check the startup axis code. The thing is, a
>>> rootkit
>>> will likely be hiding something else, and that something else *does
>>> something*,
>>> more than likely using networking. When network activity is noticed, and an
>>> investigation is conducted, it will be noticed that tools on the computer
>>> doing
>>> the nefarious communicating are not giving a complete picture. It is *that*
>>> that will cause one to suspect a rootkit.
>>
>> I suggest that the /average/ computer user would *not* notice any such network
>> activity whilst his/her computer is carrying out the tasks demanded of it.
>> (email, surfing etc)
>
> That's true, and explains why they are so successful.

I'm pleased that you agree! ;-)

>>> Detection can be a behavioral thing, but identification requires more. Once
>>> you suspect it is there, you inspect it from a clean environment to identify
>>> it and possibly repair/replace affected areas.
>>
>> I agree.
>>
>>> If a certain paranoid fantasy (Edit: are you *sure?!!!) about otherwise
>>> legitimate security software
>>> (antivirus/antimalware) installing rootkits were actually true, said rootkits
>>> would be discovered in short order by the behavior (activity) the programs
>>> that they hide engage in.
>>
>> Would you please expand on that premise?
>
> While an individual home user may miss such activity, there are
> too many other users for one to assume that *none* will notice.
>
>> Who, exactly, will be looking for any unusual behaviour (activity)?
>
> Network administrators.

I have no knowledge of the duties of 'Network administrators'. Will they
be using tools such as Malwarebytes and/or SuperAntispyware?

Will they use the 'services' of an organisation such as Aumha.net -
downloading all manner of 'unknown' cleaning 'tools' until the
helper/adviser deems their network 'clean'? Somehow I doubt that!

--
Dave - tired today, after doing many, many locks! ;-)

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:iuq5op$1f9$1@dont-email.me:


> I have no knowledge of the duties of 'Network administrators'. Will
> they be using tools such as Malwarebytes and/or SuperAntispyware?

Ask Morgan. Perhaps he can enlighten you. He like you, has to use other
peoples tools because, like you, he's unable to write his own.

> Will they use the 'services' of an organisation such as Aumha.net -
> downloading all manner of 'unknown' cleaning 'tools' until the
> helper/adviser deems their network 'clean'? Somehow I doubt that!

Do you have any specific tools in mind which might not work properly BD?
or should this be dismissed as more slime?


--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.com> wrote in
> news:iuq5op$1f9$1@dont-email.me:
>
>
>> I have no knowledge of the duties of 'Network administrators'. Will
>> they be using tools such as Malwarebytes and/or SuperAntispyware?
>
> Ask Morgan. Perhaps he can enlighten you. He like you, has to use other
> peoples tools because, like you, he's unable to write his own.

Maybe he'll simply 'pop in' to this thread. I respect his views.

>> Will they use the 'services' of an organisation such as Aumha.net -
>> downloading all manner of 'unknown' cleaning 'tools' until the
>> helper/adviser deems their network 'clean'? Somehow I doubt that!
>
> Do you have any specific tools in mind which might not work properly BD?
> or should this be dismissed as more slime?

It's good to have a dialogue with you Dustin. Thank you for responding.

No, I am *not* suggesting that any particular 'tool' is suspect.

I suppose it is possible that someone like you, Dustin, has never,
actually, signed up to a 'help' forum and gone through the due process
of having a 'volunteer' check and clean your computer.

You have the ability to determine if all recommendations/advice given is
'sound'. Perhaps you could find the time to put those folk at Aumha to
the test. Conjure up a 'fault' and ask the experts at Aumha for help.
Then you will see for yourself exactly which 'tools' are used to 'clean'
your machine - and be able to determine if, perhaps, something nasty has
been *added* to your computer, rather than simply having had it 'cleaned'.

If the computer appears to 'work' OK after such 'cleaning', nobody else
is ever going to delve any deeper, are they?

Please have a think about this before you simply dismiss my conjecture.

Thanks.

--
Dave - tired today. It's warm and humid! :-)

[Aardvark]

On Sun, 03 Jul 2011 18:25:25 +0100, ~BD~ wrote:

> Perhaps you could find the time to put those folk at Aumha to the test.

LOL.

Yeah, right.

As if Dustin will do a ****ing thing for you.



--
"Those who do not make human beings the center of their concern soon
lose the capacity to make any ethical choices, for they willingly
sacrifice others in the name of the politically expedient and
practical." - Dwight Macdonald, “The Root Is Man.”

[Dustin]

Aardvark <aardvark@youllnever.know> wrote in
news:iuqaff$uh2$1@dont-email.me:

> On Sun, 03 Jul 2011 18:25:25 +0100, ~BD~ wrote:
>
>> Perhaps you could find the time to put those folk at Aumha to the
>> test.
>
> LOL.
>
> Yeah, right.
>
> As if Dustin will do a ****ing thing for you.

Hey. I just had a thought. I'm belittling myself a little with this
snarky post.. but, I'm doing it anyways...

Perhaps, Morgan with his vast superior knowledge would be able to assist
BD in his journey? LOL!


--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over

[G. Morgan]

Dustin wrote:

>Perhaps, Morgan with his vast superior knowledge would be able to assist
>BD in his journey? LOL!

Perhaps, Cook will suck my left nut, too.

[Dustin]

G. Morgan <G_Morgan@easy.com> wrote in
news:2bp3179rnejmic47p7ef0erkg5e55nmh84@Osama-is-dead.net:

> Dustin wrote:
>
>>Perhaps, Morgan with his vast superior knowledge would be able to
>>assist BD in his journey? LOL!
>
> Perhaps, Cook will suck my left nut, too.

Is that a no then, Morgan? Don't you have the uber l33t skills bro?
You're college educated! right? ****ing lamer.


--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over

[Bullwinkle.]

So you are skillless to help bd.

No shame to admit it.

****wit.

"G. Morgan" <G_Morgan@easy.com> wrote in message
news:2bp3179rnejmic47p7ef0erkg5e55nmh84@Osama-is-dead.net...
Dustin wrote:

>Perhaps, Morgan with his vast superior knowledge would be able to assist
>BD in his journey? LOL!

Perhaps, Cook will suck my left nut, too.

[~BD~]

Aardvark wrote:
> On Sun, 03 Jul 2011 18:25:25 +0100, ~BD~ wrote:
>
>> Perhaps you could find the time to put those folk at Aumha to the test.
>
> LOL.
>
> Yeah, right.
>
> As if Dustin will do a ****ing thing for you.

I fully appreciate that few folk, including you, Aardvark, will have the
necessary skill-set to detect anything untoward.

There is no need for you to feel out-classed - you simply do not have
the background nor experience of Dustin Cook. You fix ceilings (at least
you /did/, once upon a time!) - Dustin fixes computers ... and he's good
at it! :-)

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:iuqb8n$4t8$1@dont-email.me:

> There is no need for you to feel out-classed - you simply do not
> have the background nor experience of Dustin Cook. You fix ceilings
> (at least you /did/, once upon a time!) - Dustin fixes computers ...
> and he's good at it! :-)

None of you present have the same background as me, David. Not even
your newest bestest pal, Morgan. His years of college can't make up for
real life experience. He wasn't published in rolling stones, I was. <--
That is bragging, for those who confuse simple facts with it.

While Morgan recently commented that I pull wire for a living, He knows
that I also still run my own technical support company. Similar I
suspect to what he does. Onsite service calls. Only, if the box has
real trouble and the customer is willing to pay for my time, I can save
it, I don't *have to reformat*. <g>

I can also retrieve lost data and information; without HAVING TO RELY
on other peoples tools. I can find hidden software like spectorsoft
(LOL!) in my sleep David.

I come from the other side of the fence as you well know. That's why I
know many of the things I do, that's why whether you like me or not, I
am an expert in malware.

So while your comment was intended as a wiseass remark, it is true. I
do fix computers, and I am good at it.


--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over