I'm having a discussion with one of my brothers (who that was intended for - he had his own list) in the aftermath of recovering a machine that was recently attacked like a lightning bolt.
I'm using MS Security Essentials, because I believe it's MS's job to protect Windows from these attacks (and why are they still called "viruses" anyway?). As it happened, MS Security Essentials did stop it on re-boot, so kudos for that. Of course the machine is now compromised, and I would regard it as that no matter how many "a/v" programs I run, until I rebuild it (again). I'm a small operation and I'm struggling to keep things as simple as possible, but I'm thinking I need to either brush off Norton Ghost (which I abandoned after it failed me ... It wants Net 2.0 and higher, but I needed to use a C compiler that required Net 1.1, so I installed .NET 1.1 for it (insert other steps, but basically restored back to .NET 2.0 after doing C work) - but it turned out that these changes permanently broke Ghost's ability to read any it's own backups in my library. So much for Ghost, for the while anyway) Considering VMWARE Workstation, which can create a succession of 'images' of the OS that can be restored from. I never liked the fact that it requires a host OS to run on, which makes the active OS a 3rd layer. Assuming I can live with it (as the price of useful protection), I'm wonder if the host OS (for VMWARE) is vulnerable to attack. I read one post saying "no - if you do not share common OS files", which is encouraging, but it seems other people believe otherwise, so the real answer isn't clear. This approach would be useless if the base OS can be attacked. I don't think this was a drive-by. It's software running IP ranges, probably 24x7. And there's more then 1 group of these bastards out there. It's even possible to write programs that generate unique programs that do the same thing, so the number of attackers and machines compromised must already be in the stratosophere. They know, as we do, that they don't have to put something on the screen when they attack - that's just taunting us - once they've got control they can do anything they want to, and the possibilities are seemingly endless. It has crossed my mind that's gold in being able to "protect and recover" machines, but I want no part of any of it. The solution is to fix the problem at it's root, which is serious gov't pressure on MS and the ISP's, and tracking down the bastards behind it. Considering the scale of it, and the trajectory, this is a really big thing. Yet it seems not to be registering anywhere. I hate to suggest that the Internet be controlled, but to a large extent it already is. For example, I've no doubt that the CIA/FBI/KBG/et al know exactly how to pinpoint the source and target of any traffic sent over the net. Bill > It's a never-ending battle. > > --- On Sun, 1/10/10, Bill Arnold > <[email protected]> wrote: > > > From: Bill Arnold <[email protected]> > > Subject: RE: [NF] An email was sent using my yahoo address > book,but no virusfound. > > To: [email protected] > > Date: Sunday, January 10, 2010, 11:58 PM > > Jim, > > > > Here's another note on the subject of "attacks" just > > received. Everyone has > > their own combination of what works. If's a freaking > > career. > > > > And then tomorrow the mouse types a few lines to change the > > code, and the > > cycle repeats. > > > > > > Bill > > > > > > > -----Original Message----- > > > From: [email protected] > > > > > [mailto:[email protected]] > > On Behalf Of Nicholas Geti > > > Sent: Sunday, January 10, 2010 10:08 PM > > > To: [email protected] > > > Subject: Re: [NF] An email was sent using my yahoo > > address > > > book,but no virusfound. > > > > > > > > > That package is incredibly powerful. It has worked > > everytime for me. > > > However, you should run Malwarebytes and Spybot > > afterwards. Then run > > > combofix again. > > > > > > > > > ----- Original Message ----- > > > From: "Michael Madigan" <[email protected]> > > > To: "ProFox Email List" <[email protected]> > > > Sent: Sunday, January 10, 2010 1:00 PM > > > Subject: Re: [NF] An email was sent using my yahoo > > address > > > book,but no virus > > > found. > > > > > > > > > > It looks like combofix may have fixed the > > problem. There > > > was no spam sent > > > > in my name since the last time, over 24 hours. > > > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/f6c5358d8f6340e49bf06894cceee...@bills ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
