http://www.microsoft.com/emea/spotli...px?videoid=359
Gets into removing manually, what tricks malware uses to hide from
anti-malware, and you that can't always be sure you got it.
It really is enough to scare the heck out of you.
http://www.microsoft.com/emea/spotli...px?videoid=359
Gets into removing manually, what tricks malware uses to hide from
anti-malware, and you that can't always be sure you got it.
It really is enough to scare the heck out of you.
AMUN wrote:
> http://www.microsoft.com/emea/spotli...px?videoid=359
>
> Gets into removing manually, what tricks ...
Do you have a better link?
"To view this video, you'll need to
download the new Silverlight plugin."
Just for kicks, I clicked the button.
"Microsoft Silverlight may not be supported on your computer's hardware
or operating system."
--
-bts
-Friends don't let friends drive Windows
"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:gdcq5e$c3g$1@registered.motzarella.org...
> AMUN wrote:
>
>> http://www.microsoft.com/emea/spotli...px?videoid=359
>>
>> Gets into removing manually, what tricks ...
>
> Do you have a better link?
>
> "To view this video, you'll need to
> download the new Silverlight plugin."
>
> Just for kicks, I clicked the button.
>
> "Microsoft Silverlight may not be supported on your computer's hardware
> or operating system."
>
> --
> -bts
> -Friends don't let friends drive Windows
That'll teach you to buy a MAC
Or use one of those free -nix boxes.
But if you use either, why do you worry about malware at all ? <g>
I suppose Micro$oft can't be faulted too much, for aiming their video at
those who are going to fill their wallets.
While you may not watch it, one thing I was aghast about is how trivially
the microsoft rep glanced over the fact that Windoze really does not care
what file extension is used, it can execute ANY file, if the flag is there.
But no real mention of why they did it or don't completely close that hole
up.
So malware writers can and do hide their work in those naked_hot_babe.jpg
files that everyone circulates all over the web.
BTW I stumbled across that video, while on a page to download a program
called Autoruns.
http://technet.microsoft.com/en-us/s...s/default.aspx
Which is a power users "msconfig.exe" replacement.
Great program, that let me clean up a lot of the junk the anti-malware
programs left behind.
AND it's FREE.
From: "AMUN" <antispam@sparmmstop.net>
| That'll teach you to buy a MAC
| Or use one of those free -nix boxes.
| But if you use either, why do you worry about malware at all ? <g>
| I suppose Micro$oft can't be faulted too much, for aiming their video at
| those who are going to fill their wallets.
| While you may not watch it, one thing I was aghast about is how trivially
| the microsoft rep glanced over the fact that Windoze really does not care
| what file extension is used, it can execute ANY file, if the flag is there.
| But no real mention of why they did it or don't completely close that hole
| up.
| So malware writers can and do hide their work in those naked_hot_babe.jpg
| files that everyone circulates all over the web.
| BTW I stumbled across that video, while on a page to download a program
| called Autoruns.
| http://technet.microsoft.com/en-us/s...s/default.aspx
| Which is a power users "msconfig.exe" replacement.
| Great program, that let me clean up a lot of the junk the anti-malware
| programs left behind.
| AND it's FREE.
Actually through steganographic techniques an EXE file (or any binary for that matter) can
be inserted into a graphic file.
As for malware, the most common is known as the Frogger. It was named this because when
you view the JPEG all you see is a frog. Internally is stored Tibs Trojan EXE file.
However, you need to have an external application to extract the EXE file from the JPEG.
I will also note that steganography is now being applied to audio files. Thus you can
download a WAV file and you wouldn't know that it can contains a EXE file. Again here you
would need to have an external application to extract the EXE file from the audio file.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:joedna1Sw4Jd72fVnZ2dnUVZ_uCdnZ2d@giganews.com ...
> From: "AMUN" <antispam@sparmmstop.net>
>
>
>
> | That'll teach you to buy a MAC
> | Or use one of those free -nix boxes.
>
> | But if you use either, why do you worry about malware at all ? <g>
> | I suppose Micro$oft can't be faulted too much, for aiming their video at
> | those who are going to fill their wallets.
>
> | While you may not watch it, one thing I was aghast about is how
> trivially
> | the microsoft rep glanced over the fact that Windoze really does not
> care
> | what file extension is used, it can execute ANY file, if the flag is
> there.
> | But no real mention of why they did it or don't completely close that
> hole
> | up.
>
> | So malware writers can and do hide their work in those
> naked_hot_babe.jpg
> | files that everyone circulates all over the web.
>
>
> | BTW I stumbled across that video, while on a page to download a program
> | called Autoruns.
> | http://technet.microsoft.com/en-us/s...s/default.aspx
>
> | Which is a power users "msconfig.exe" replacement.
>
> | Great program, that let me clean up a lot of the junk the anti-malware
> | programs left behind.
> | AND it's FREE.
>
>
> Actually through steganographic techniques an EXE file (or any binary for
> that matter) can
> be inserted into a graphic file.
>
> As for malware, the most common is known as the Frogger. It was named
> this because when
> you view the JPEG all you see is a frog. Internally is stored Tibs Trojan
> EXE file.
> However, you need to have an external application to extract the EXE file
> from the JPEG.
>
> I will also note that steganography is now being applied to audio files.
> Thus you can
> download a WAV file and you wouldn't know that it can contains a EXE file.
> Again here you
> would need to have an external application to extract the EXE file from
> the audio file.
>
> --
> Dave
The video is something you might want to find a windoze box to see it for
yourself.
All they do is talk about all the holes in windows where attacks can come
from.
Including that while microsoft has been shoveling all that marketing garbage
about "windows certificate verified" was going to save us all, Even a lot of
Vista still doesn't have it.
My point was they were dense to have left a gaping hole like that and not
expect that one or two people MIGHT exploit it. <g>
And while the presenter tried to push Microsoft's offerings, even he
admitted the best thing is to grab every anti-malware tool you can find and
run them all, as none catch everything.
Also you should run any anti-malware tool only while OFFLINE.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:joedna1Sw4Jd72fVnZ2dnUVZ_uCdnZ2d@giganews.com :
> From: "AMUN" <antispam@sparmmstop.net>
>
>
>
>| That'll teach you to buy a MAC
>| Or use one of those free -nix boxes.
>
>| But if you use either, why do you worry about malware at all ? <g>
>| I suppose Micro$oft can't be faulted too much, for aiming their video
>| at those who are going to fill their wallets.
>
>| While you may not watch it, one thing I was aghast about is how
>| trivially the microsoft rep glanced over the fact that Windoze really
>| does not care what file extension is used, it can execute ANY file,
>| if the flag is there. But no real mention of why they did it or don't
>| completely close that hole up.
>
>| So malware writers can and do hide their work in those
>| naked_hot_babe.jpg files that everyone circulates all over the web.
>
>
>| BTW I stumbled across that video, while on a page to download a
>| program called Autoruns.
>| http://technet.microsoft.com/en-us/s...s/default.aspx
>
>| Which is a power users "msconfig.exe" replacement.
>
>| Great program, that let me clean up a lot of the junk the
>| anti-malware programs left behind.
>| AND it's FREE.
>
>
> Actually through steganographic techniques an EXE file (or any binary
> for that matter) can be inserted into a graphic file.
>
> As for malware, the most common is known as the Frogger. It was named
> this because when you view the JPEG all you see is a frog. Internally
> is stored Tibs Trojan EXE file. However, you need to have an external
> application to extract the EXE file from the JPEG.
>
> I will also note that steganography is now being applied to audio
> files. Thus you can download a WAV file and you wouldn't know that it
> can contains a EXE file. Again here you would need to have an
> external application to extract the EXE file from the audio file.
>
Tagteam malware. One has the extractor, the other is already embedded
waiting to go.
--
Regards,
Dustin Cook, Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
From: "Dustin Cook" <bughunter.dustin@gmail.com>
| Tagteam malware. One has the extractor, the other is already embedded
| waiting to go.
Audio steganography
http://www.snotmonkey.com/work/school/405/overview.html
You and I have discussed this before but I'll post this for those who have missed it.
Trojan Frog on the Loose
http://www.avertlabs.com/research/blog/?p=36
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
AMUN wrote:
> "Beauregard T. Shagnasty" wrote:
>> "Microsoft Silverlight may not be supported on your computer's
>> hardware or operating system."
>
> That'll teach you to buy a MAC
> Or use one of those free -nix boxes.
GNU/Linux, actually. The flavor is Ubuntu. (I'm using my only Windows
program, this 40tude Dialog newsreader, here in Wine.)
> But if you use either, why do you worry about malware at all ? <g>
Oh, I'm not worried. Not at all. :-)
> I suppose Micro$oft can't be faulted too much, for aiming their video
> at those who are going to fill their wallets.
If only they would take some of that money, and hire a core of
programmers who knew what they were doing...
> So malware writers can and do hide their work in those
> naked_hot_babe.jpg files that everyone circulates all over the web.
http://outside.arc.ab.ca/staff/erkamp/security.jpg
--
-bts
-Friends don't let friends drive Windows
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
