A few years ago I saw a demonstration of a virus creation toolkit which had dozens of attack vectors and you simply ticked the boxes of what you wanted to use. The trick was to get a virus that would spread without being detected for a few days. I guess now the virus writers want us to think the machine is clean, then once we have typed in a few passwords and done some online banking and shopping they can capture the cache files and start the infection again.
Is it wrong to be fascinated by the ingenuity of the virus writers - who I assume are a very small number rather than the script kiddies that just churn out the muck? I feel disappointed when I am just settled down for a long virus removal and with a quick click on the task manager the virus stops and vanishes. I have another few attack vectors that would work but have not been used, so there's plenty to look forward to. So far we have not seen a W7 machine with a proper infestation, but that will only be a matter of time. W7 viruses seem to be where Vista viruses were this time last year. Mike From: Erik Goldoff [mailto:[email protected]] Sent: 04 December 2009 2:54 PM To: NT System Admin Issues Subject: RE: New virus trick saw a similar mechanism used to reinfect qakbot systems, scheduled task was on a 4 day timer. Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: John Aldrich [mailto:[email protected]] Sent: Friday, December 04, 2009 9:39 AM To: NT System Admin Issues Subject: New virus trick I was at a seminar yesterday put on by Sunbelt and during a break I had a chance to talk to one of the presenters and told him of a recent malware incident I'd cleaned up. He'd never heard of such a trick before so I thought I'd bring it to y'all's attention so you can be on the lookout for it. Basically it was the same old malware that's been going around with the Antivirus Pro sort of stuff, but the twist was that even using Malware Bytes we were not able to get rid of it. After I was poking around a bit, (I don't recall why I was looking at the root of C:, but I was) I noticed a batch file in the root of the C: drive that, when I opened it and looked at it, it created a bunch of scheduled tasks to re-download the malware/adware. I wised up and deleted that file, then went into the Scheduled Tasks and deleted all the malware-created scheduled tasks. Then I was able to successfully clean the stuff out! What really got us was that Malware Bytes would clean it, then say it needed to reboot to finish, and then as soon as we came back, the fake antivirus was right back there. What I believe it was doing was re-downloading itself from the internet each time we cleaned it. So, anyway, if you guys ever have a problem like this, it wouldn't hurt to check the scheduled tasks! [cid:[email protected]][cid:[email protected]] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<inline: image001.jpg>>
<<inline: image002.jpg>>
