Warning! nasty one

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've seen this thing change group policy, expire passwords and modify the
boot.ini. Warning Newbie's don't go here or you will be asking for help to
get rid of it. 64_201_199_24 it arrives in email claiming to be a youtube
video. Dustin you like shit like this have fun.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell





Re: Warning! nasty one

Quoted text here. Click to load it

Storm of the Day, Now with YouTube:
http://isc.sans.org/diary.html?storyid=3321

-jen



Re: Warning! nasty one

Yep, that be it.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: Warning! nasty one

jen wrote:

Quoted text here. Click to load it

The article doesn't mention it but the IP addresses in the malicious
links are infected zombie computers located all over the world.  I
haven't yet seen two the same in all the samples I've collected,
although it is clear that infected computers can send out numerous
emails.

The F-Secure weblog has been pretty good at keeping up on the new
variants http://www.f-secure.com/weblog /


Re: Warning! nasty one

Mon, 27 Aug 2007 13:51:31 -0700, pcbutts1 wrote: Begin  

Quoted text here. Click to load it

F-Prot sez:
VIDEO.EXE  Infection: Possibly a new variant of
W32/Fathom.3-based!Maximus

--

Bart

Re: Warning! nasty one

Bart Bailey wrote:
Quoted text here. Click to load it

maximus? i guess the folks up at fsi didn't notice all the fuss symantec
had over bloodhound...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Warning! nasty one

pcbutts1 wrote:
Quoted text here. Click to load it



I can't wait for my customers to Click it !!!

Cha Ching!!!


Clark



Re: Warning! nasty one

On Mon, 27 Aug 2007 17:54:18 -0400 Clark
from the village of Clark_throwaway@yahoo.com
felt we might be interested in the following...


Quoted text here. Click to load it

Shouldn't your customers have adequate anti-virus/malware software in
place though?

Quoted text here. Click to load it

nuff said. Clearly someone who only pretends to be knowledgeable of
computers and security in order to cash in on their own incompetence
when their 'victims' have been misled.

Please die.


--
My reply address is valid, but incoming mail is set to 'auto-delete'
so will not be seen. Please post replies to the group.
XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX

Re: Warning! nasty one

/Tx2 wrote:
Quoted text here. Click to load it

LOL you ignorant whatever it is that you are.

Every single computer I work on has an antivirus and anti malware software
installed on them.
most of my customers have teenage kids that will click on and download
anything, and that's how they get infected.
Thank god for the reckless teenage bastards! I LOVE them!
(I make between $75 and $150 a repair). :-)

Clark
 



Re: Warning! nasty one

says...
Quoted text here. Click to load it

You remind me of a car salesman my brother worked with who used to brag
about how upside down his customers were when they left in their new car
then he would cry because he didn't get any repeat business.

  Drum--

Re: Warning! nasty one

Quoted text here. Click to load it

Most of my business is repeat, trust me, I tell them how they get infected
and even print out the warnings from the F.B.I etc.
I can't help it that they cannot control their children, hell I even ask
them why does your 14 year old have broadband in their bedroom?
Then I warn them how dangerous the Internet is etc.,

They don't listen, so I go back 3 months later and clean up their systems
again.
I guess they can afford it.

Clark




Re: Warning! nasty one


Quoted text here. Click to load it

3 months seems to be the average. :( I don't like the idea of malware
mind you, but the business for removing it is good. I see your point and
understand it Clark. Many of my customers also have a dumb look on their
face even after you explain how they got infected, and how to prevent it
from happening again. I suppose, they do like paying for repairs.

The few posters who responded to you obviously don't do this for a
living, or if they do, they have customers without teenage children.


--
####################################################
 Dustin Cook
 Author of BugHunter - MalWare Removal Tool - v2.2c
 Email: bughunter.dustin@gmail.com
 Web..: http://bughunter.it-mate.co.uk
 Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

Re: Warning! nasty one

On Thu, 30 Aug 2007 01:16:27 GMT Dustin Cook
from the village of bughunter.dustin@gmail.com
felt we might be interested in the following...

[...]

Quoted text here. Click to load it

I had a tremendously successful business dealing (in part) with exactly
what 'Clark' suggests requires 3 monthly visits, and rarely (if at all)
had any repeat business to customers with teenage children (having a 16
yr old myself).

A PC/user that are correctly configured/educated need not generate
repeat business in this way.

Indeed, i got more business through recommendation than i ever got
through repeat visits to a resurfaced problem.

Just demonstrating that it is NOT always that way Clark suggests it is,
and my experience of people like that is that they don't do a very good
job at the outset which secures them some repeat business further down
the line, or their competitors when the consumer becomes fed up with
keep calling them out.

I sold my business to a larger company after 5 years because I wanted a
change of direction in what I was doing, but became the top computer
services supplier in my county in that time.


--
My reply address is valid, but incoming mail is set to 'auto-delete'
so will not be seen. Please post replies to the group.
XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX

Re: Warning! nasty one

/Tx2 wrote:
Quoted text here. Click to load it

I'm sorry, I did not suggest 3 month revisits, it just happens that way
sometimes
Most of my customers, I see them maybe twice a year,  either software,
malware, or hardware issues
But I stand by the fact, that after I warn them and tell them how they get
infected (Bearshare etc)
or looking for free porn, or downloading "free" screensavers, They still get
infected.

Hell one customer, she was into online poker (that required her to install
software from the website)
It took me two hours to clean her system (and even found a rootkit)
Three days later she called me back with the same problems of infection,
sure enough she installed the very software I told her not to.
She stated to me that since I installed and updated antivirus, spybot,
adaware, and others
She thought she could just install anything because she was "protected"

Had to charge her another hour for the new infection, which was new, because
I never leave a customer without checking that the machine is really clean.

Clark


Quoted text here. Click to load it



Re: Warning! nasty one


Quoted text here. Click to load it
 
Quoted text here. Click to load it

Indeed, I agree. However, when they insist on downloading, free
screensavers, online poker games, and new desktop themes, they usually
get something additional; despite being warned not to go for these
things. :(
 
Quoted text here. Click to load it

Same here. However, I do have a certain set of customers where on
average, every 3 months I have to pay them another visit. :(
 
Quoted text here. Click to load it

I didn't mean to imply it was always like that, but it certainly can be.
Depends on the customer I suppose. Some of my customers follow
instructions well, and some do not.


Quoted text here. Click to load it

Well, I don't mean to toot my own horn here, but I have no real incentive
to waste the gas to visit them again for the same issue. I usually don't
bill them if the same thing has occured, unless I find evidence of
bearshare or something being installed AFTER I was there the last time.
 
Quoted text here. Click to load it

I worked for a respectable computer company here for the last 10 years
before deciding to go out on my own. I'm familiar with malware from a
programming standpoint as well as removal.


--
####################################################
 Dustin Cook
 Author of BugHunter - MalWare Removal Tool - v2.2c
 Email: bughunter.dustin@gmail.com
 Web..: http://bughunter.it-mate.co.uk
 Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

Re: Warning! nasty one


Quoted text here. Click to load it

I'm a bit behind on things here lately butts. If you want to send a sample
along to my email, your welcome to do so.


--
####################################################
 Dustin Cook
 Author of BugHunter - MalWare Removal Tool - v2.2c
 Email: bughunter.dustin@gmail.com
 Web..: http://bughunter.it-mate.co.uk
 Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

Re: Warning! nasty one


Quoted text here. Click to load it

Hi again PcButts,

Any chance you will send the file for analysis?

If you will, you can send it to my gmail address if you will zip the file
(s), and encrypt them and rename the .zip to .dat or something so google
won't complain. I'd appreciate any cooperation from you that your willing
to give.


--
####################################################
 Dustin Cook
 Author of BugHunter - MalWare Removal Tool - v2.2c
 Email: bughunter.dustin@gmail.com
 Web..: http://bughunter.it-mate.co.uk
 Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

Re: Warning! nasty one

You can get it from the link I posted.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: Warning! nasty one

@blackhelicopter.databasix.com:

Quoted text here. Click to load it

I cannot seem to gain access to anything at that address. :(
If you still have a viable sample of it and wouldn't mind sending it along
for analysis, I would appreciate it.


--
####################################################
 Dustin Cook
 Author of BugHunter - MalWare Removal Tool - v2.2c
 Email: bughunter.dustin@gmail.com
 Web..: http://bughunter.it-mate.co.uk
 Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

Re: Warning! nasty one

I deleted it.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Site Timeline