On Mon, 14 Jul 2008 14:33:18 -0400 'Beauregard T. Shagnasty'
wrote this on alt.comp.freeware:

>hummingbird wrote:
>
>> 'Beauregard T. Shagnasty' wrote:
><snippage>
>>> So that was a Windows trojan then?
>>
>> The one in question is called "trojan.systemposer".
>
>That is a nasty one. It's a rootkit as well, and - depending on what
>else it downloaded and installed - nearly impossible to get rid of.
>Experts suggest you flatten and reinstall to be totally sure you are rid
>of everything.

Interesting.
I researched at the time but found conflicting descriptions.

Anyway, I noticed what was happening at the time and shut down
the browser and ADSL connection within about 10secs.

I found 7-8 small programs on my system and wrapped them in
a zipfile for safety (later sent to SuperAntiSpyware guys for
analysis).

I then spent 2-3 hours running every piece of anti-malware s/w
I have, including several root kit programs. All came up clear.

Since then, I've seen no abnormal activity on my system using
packet sniffers and monitoring ports etc. My guess is that I
killed it before it had hardly got started doing its evil work.


>>> Ok, I understand. To become infected, you probably needed to be using
>>> a Windows OS,
>>
>> I use XP-Pro. I have no idea if *nix suffers the same problems. Some
>> people say it's more secure, but that's probably because the hackers
>> focus on MS s/w.
>
>Linux is not affected. And not because hackers focus on Windows, it's
>because they won't be successful targeting Linux. In order to install
>anything, my Linux operating system will ask me for my root password.
>When that occurs, everything else on the desktop is frozen. All I have
>to do is answer [ Cancel ] - if it would ever occur in the first place.
>There are no Linux viruses/trojans in the wild, simply because they
>can't be reproduced outside a lab.
>
>In order to successfully compromise a Linux PC, you have to be sitting
>in front of it.

I believe you, thousands wouldn't ;-)

>>> probably Internet Explorer,
>>
>> I use an IE clone (Avant).
>
>That's an IE shell rather than a clone, so you are still using IE
>beneath that shell, with much of the same security issue.

Indeed.

>>> probably allowing ActiveX, probably don't have patches to stop
>>> malicious iframe redirection (which is quite common on hacked
>>> sites). [I guess you meant iframe, rather than a-frame.]
>>
>> Sorry, yes I meant i-frame.
>
>http://htmlhelp.com/reference/html40...al/iframe.html

Thanks, I'll take a look at that.
I presume it's easy to imbed a malware URL into one of those.


>> The problem with banning Active-X across the board in IE browsers is
>> that some websites simply don't display correctly without it.
>
>There are so few of those sites anymore, and in most cases, you can find
>alternative sites for the same information. You could also use Firefox
>with the 'simulate ActiveX' extension, which would probably work but be
>a lot more secure.

A site I read a bit is the UK Telegraph newspaper which requires
Active-X. But I now have my browser set to prompt for Active-X
use.

>>>> After I got hit by it, I added the URL into my HOSTS file to prevent
>>>> myself ever going there again in error.
>>>
>>> If you got hit by this trojan, then which of the above were you not
>>> securing yourself from? Windows/IE/ActiveX/patches/iframes ?
>>
>> All, but I took immediate to kill it and recovered within an hour.
>
>Some sites about that trojan indicate that an hour might not be long
>enough. <g>

see above. I jumped into action like greased lightning!

>> I might add that that was the first time ever I got hit, and that
>> is without running AV s/w and not having a lot of browser patches,
>> although my browsing security is quite tight.
>>
>> I read in the thread that you don't use Windows, so you probably
>> don't have all these problems. But my earlier point was about them
>> affecting a majority of users using Windows.
>
>Sure, almost everyone uses Windows. And the hackers love it because of
>all the holes in it. ;-)

When I build my next system, I hope to install a version of *nix
as well as XP-Pro-SP3, probably using VMPC.


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)