[Full-disclosure] about PC AntiSpyware 2010
Hi. My PC infected Fake PC Antispyware 2010 . I contacted PCA2010 support, I had a Reply to download and run the removal tool. What you know about the authenticity of this tool? -- YK Email: mana...@suiseeda.ddo.jp HP:http://suiseeda.ddo.jp/wordpress/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] about PC AntiSpyware 2010
On Sat, Aug 29, 2009 at 4:49 AM, KYmana...@suiseeda.ddo.jp wrote: What you know about the authenticity of this tool? Not much, but with the right information, one could easily find out. From: http://en.wikipedia.org/wiki/Digital_signature A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. There's also the ill-suited and over used md5 hash method... -Guy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Fwd: Re: windows future]
Computers are far too easy to use (and far too easy to use badly) so people use them very badly. There was a time when only people intelligent enough to use computers, could. This was one of the best things...though that being said there are many LOL's to be had because stupid people get on the internet. Example; http://www.theregister.co.uk/2009/08/24/4chan_pwns_christians/ -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thor (Hammer of God) Sent: 28 August 2009 14:39 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [Fwd: Re: windows future] On Thursday 27 August 2009 13:33:37 Thor (Hammer of God) wrote: But that's the same on my Mac and Ubuntu distro too. The first user is the admin. Granted, the default behavior on Mac/nix requires the admin password That's a big difference. Entering a password counts as more of a deterrence. Having seen my co-workers on their home machines, it's pretty clear that it's too easy to click OK without thinking. Entering a password, especially when the prompt doesn't occur as often as the UAC prompt is a more significant action. Personally, I prefer arrangements where the administrator uses a separate password. Not only do you need a password, but it's a different one. It's seldom used. The end user probably has to go look it up. I'm not a big fan of sudo. Right - which was my original point. Only if you are running as admin do you get the UAC confirm dialog (by default). I always run as a regular user, and must enter an admistrator username and password when I need to escalate. Even if you are running as admin, you still get the dialog, but you can certainly change that if you want to require an admin username and password. The point still stands: if you have ignorant users who won't read anything, but you insist on letting them run as admin (which is just crazy in the first place) then change the behavior of the UAC. They, of course, should be running as normal user anyway. Again, it's all in what you want. You can remove the UAC completely if you want to, but there's no feasible excuse to hold on to the they running as admins, but won't read anything, and won't ever read anything, but we're going to let them continue to be admins even though they're stupid, but will still contend that it's the OS's fault mindset. If the entire argument is around the default escalation behavior being enter a password (which they already know) vs clicking OK because you assume entering the password is more of a deterrent, then OK, but the premise of the people I work with are too stupid to know the difference kind of takes away from that. And one should also note that in a domain environment, the default behavior is indeed username and password. Just thought I'd throw that in as well. t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Moar iProphet questions
iProphet (weev) Questions Sorry for being repetitive. FD is mostly hoarsechit and fucin around anyway (not that you do ANY of that). My name is Gary McKinnon, I'm the nerd that hacked into the Pentagon. I'm autistic so I may have difficulty communicating or understanding you. HELLO? Can you hear me? I CAN'T SEE THE SCREEN. LET ME TRY TO TYPE SOME QUEStions 8==^H^H^H^H^HD 1.) Do you have HIV? 2.) Have you ever anointed anyone with your IRL Virus? 3.) Do you think that you could be prosecuted for hacking if you give people your IRL badware? 4.) Do the woman you give HIV to go to heaven? 5.) What does your computer screen look like? You run linux? Do you have an iProphet wallpaper? 6.) When will we be seeing new vlogcasts 7.) Do you plan on writing some subversive PDF's for us? 8.) Do you intend on making a documentary so it can go viral and cause a revolution? 9.) In your mind, what is your picture of an ideal world? This post was by Gary McKinnon [SOLO], elite autistic hacker. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Moar iProphet questions
Now, i think this is really wrong. There is no need of making fun of someone who is disabled by attacking n3td3v. On 8/29/09, Gary McKinnon john.wall...@hush.com wrote: iProphet (weev) Questions Sorry for being repetitive. FD is mostly hoarsechit and fucin around anyway (not that you do ANY of that). My name is Gary McKinnon, I'm the nerd that hacked into the Pentagon. I'm autistic so I may have difficulty communicating or understanding you. HELLO? Can you hear me? I CAN'T SEE THE SCREEN. LET ME TRY TO TYPE SOME QUEStions 8==^H^H^H^H^HD 1.) Do you have HIV? 2.) Have you ever anointed anyone with your IRL Virus? 3.) Do you think that you could be prosecuted for hacking if you give people your IRL badware? 4.) Do the woman you give HIV to go to heaven? 5.) What does your computer screen look like? You run linux? Do you have an iProphet wallpaper? 6.) When will we be seeing new vlogcasts 7.) Do you plan on writing some subversive PDF's for us? 8.) Do you intend on making a documentary so it can go viral and cause a revolution? 9.) In your mind, what is your picture of an ideal world? This post was by Gary McKinnon [SOLO], elite autistic hacker. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Moar iProphet questions
Now even the real name people are trolling. James -Original Message- From: Gichuki John Chuksjonia chuksjo...@gmail.com To: Gary McKinnon john.wall...@hush.com Cc: full-disclosure@lists.grok.org.uk Sent: Sat, Aug 29, 2009 4:37 pm Subject: Re: [Full-disclosure] Moar iProphet questions Now, i think this is really wrong. There is no need of making fun of someone who is disabled by attacking n3td3v. On 8/29/09, Gary McKinnon john.wall...@hush.com wrote: iProphet (weev) Questions Sorry for being repetitive. FD is mostly hoarsechit and fucin around anyway (not that you do ANY of that). My name is Gary McKinnon, I'm the nerd that hacked into the Pentagon. I'm autistic so I may have difficulty communicating or understanding you. HELLO? Can you hear me? I CAN'T SEE THE SCREEN. LET ME TRY TO TYPE SOME QUEStions 8==^H^H^H^H^HD 1.) Do you have HIV? 2.) Have you ever anointed anyone with your IRL Virus? 3.) Do you think that you could be prosecuted for hacking if you give people your IRL badware? 4.) Do the woman you give HIV to go to heaven? 5.) What does your computer screen look like? You run linux? Do you have an iProphet wallpaper? 6.) When will we be seeing new vlogcasts 7.) Do you plan on writing some subversive PDF's for us? 8.) Do you intend on making a documentary so it can go viral and cause a revolution? 9.) In your mind, what is your picture of an ideal world? This post was by Gary McKinnon [SOLO], elite autistic hacker. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Moar iProphet questions
james.. you cholo typin' mother fucker... what did i tell you... nobody has time for da internet p0-p0 here.. now sing it.. n bounce dem b00bies you lil geeks. They see me rollin' They hatin patrollin and tryna catch me ridin dirty Tryna catch me ridin dirty (*4X*) My music so loud I'm swangin They hopin' that they gone catch me ridin dirty Tryna catch me ridin dirty (*4X*) chaaa gurls... /rd On Sat, 29 Aug 2009 13:21:07 -0400 jamesleesmit...@aol.co.uk jamesleesmit...@aol.co.uk wrote: Now even the real name people are trolling. James -Original Message- From: Gichuki John Chuksjonia chuksjo...@gmail.com To: Gary McKinnon john.wall...@hush.com Cc: full-disclosure@lists.grok.org.uk Sent: Sat, Aug 29, 2009 4:37 pm Subject: Re: [Full-disclosure] Moar iProphet questions Now, i think this is really wrong. There is no need of making fun of someone who is disabled by attacking n3td3v. On 8/29/09, Gary McKinnon john.wall...@hush.com wrote: iProphet (weev) Questions Sorry for being repetitive. FD is mostly hoarsechit and fucin around anyway (not that you do ANY of that). My name is Gary McKinnon, I'm the nerd that hacked into the Pentagon. I'm autistic so I may have difficulty communicating or understanding you. HELLO? Can you hear me? I CAN'T SEE THE SCREEN. LET ME TRY TO TYPE SOME QUEStions 8==^H^H^H^H^HD 1.) Do you have HIV? 2.) Have you ever anointed anyone with your IRL Virus? 3.) Do you think that you could be prosecuted for hacking if you give people your IRL badware? 4.) Do the woman you give HIV to go to heaven? 5.) What does your computer screen look like? You run linux? Do you have an iProphet wallpaper? 6.) When will we be seeing new vlogcasts 7.) Do you plan on writing some subversive PDF's for us? 8.) Do you intend on making a documentary so it can go viral and cause a revolution? 9.) In your mind, what is your picture of an ideal world? This post was by Gary McKinnon [SOLO], elite autistic hacker. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosig...@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
Then all we have to worry about are the few bits of code that are capable of getting through our defenses. Problem is, to go forth with the bio analogy, while our antibodies forget with time how to deal with aggressive agents we are not exposed to, antiviruses cannot. This would imply running a full system check, to see what the host is vulnerable to. How can you know? Are you packed with a vulnerability tester? Do you trust the updates installed on the system? If so, what with a malware that makes the system think it's patched? So to me an antivirus still has to check files for system-irrelevant malware (even if it was to prevent the user from being a sane carrier). As an antivirus manufacturer I can't make assumptions about users' hygiene. IMO, this malware threshold will be reached, where signature-based antiviruses will consume a hell of a lot machine ressource to check a given file against all possible signatures (even with optim in the checking process). This will force the manufacturers to move to another paradigm, perhaps behaviour based, checking what the file does to the system rather than what it contains. My 2 cents on the matter.. BTW, I'm all for good hygiene, I'm just not confident the average user is ready for it yet. User education FTW -rd* - Mail Original - De: Rohit Patnaik quanti...@gmail.com À: full-disclosure@lists.grok.org.uk Envoyé: Vendredi 28 Août 2009 17h24:25 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: [Full-disclosure] windows future I'm not sure I agree with the basic premise of this scenario. You're suggesting that getting exposed to malware is some kind of inevitability, and that eventually there will be enough different kinds of malware that filtering them all will be impossible. I don't think that's valid. Good browsing habits, running a firewall, and keeping your machine updated will prevent almost all malware from even getting access to your machine. Then all we have to worry about are the few bits of code that are capable of getting through our defenses. To reiterate the biological analogy, we don't rely on antibiotics to stop infection. We rely on good hygiene. In the same way, just as increased biological infection rates led to a push for greater public hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a push for greater computer hygiene as malware infection rates rise. Windows already includes a firewall to prevent automated worm infections, and Microsoft is working to harden network facing applications, as evidenced by their recent decision to have IE run with limited privileges. As malware becomes more virulent, the immunity of Windows will likewise grow, putting a damper on any sort of exponential growth curve. --Rohit Patnaik lsi wrote: Thanks for the comments, indeed, the exponential issue arises due to use the of blacklisting by current AV technologies, and a switch to whitelisting could theoretically mitigate that, however, I'm not sure that would work in practice, there are so many little bits of code that execute, right down to tiny javascripts that check you've filled in an online form correctly, and the user might be bombarded with prompts. Falling back on tweaks to user privileges and UAC prompts is hardly fixing the problem. The core problem is the platform is inherently insecure, due to its development, licensing and marketing models, and nothing is going to fix that. Even if fixing it became somehow possible, the same effort could be spent improving a competing system, rather than fixing a broken one. Just to complete the extrapolation, the below. Assuming that mutation rates continue to increase exponentially, infection rates will reach a maximum when the average computer reaches 100% utilisation due to malware filtering. Infection rates will then decline as vulnerable hosts die off due to their inability to filter. These hosts will either be replaced with new, more powerful Windows machines (before these themselves surcumb to the exponential curve), OR, they will be re-deployed, running a different, non-Windows platform. Eventually, the majority of computer owners will get the idea that they don't need to buy ever-more powerful gear, just to do the same job they did yesterday (there may come a time when the fastest machine available is unable to cope, there is every possibility that mutation rates will exceed Moore's Law). The number of vulnerable hosts will then fall sharply, as the platform is abandoned en-masse. At this time, crackers who have been depending upon a certain amount of cracks per week for income, will find themselves short. They will then, if they have not already, refocus their activities on more profitable revenue streams. If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of
Re: [Full-disclosure] windows future
I'm saying that the world's malware authors, in their race to stay ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of the world's AV systems. They are flooding the blacklists, and this flooding is accelerating. If it continues, the world's AV systems will be useless, as will be the machines they are protecting. Note, I have NOT gone off and compiled some stats, I've just noted an existing trend, and extrapolated it. Here's an article from 2005, again, the numbers suggest an exponential curve. http://www.theregister.co.uk/2005/01/05/mcafee_avert_report/ The biological metaphor does suggest that Microsoft would take some kind of evasive action, and I think their only option is to license unix, just as Apple did (although Apple did it for different reasons). Doing this will solve many problems, they can keep their proprietary interface and their reputation, and possibly even their licensing and marketing models, while under the hood, unix saves the day. They will need to eat some very humble pie, a few diehards might jump from Redmond's towers, and the clash of cultures will toast some excellent marshmellows... but they will save their business. Do they have a choice? Malware numbers are suggesting they don't. Licensing the solution suits Microsoft's business model (much easier for them to buy in a fix than build one, they tried that already), they did in fact do it many times previously, starting with a certain product called MS-DOS, and it means they can keep their customer base, they just sell them an upgrade which is in fact a completely new system - again, just as Apple did with OSX. Actually, I think the simplest thing for them to do would be to buy Apple, then they can rebadge OSX, instead of reinventing it. Stu On 28 Aug 2009 at 10:24, Rohit Patnaik wrote: Date sent: Fri, 28 Aug 2009 10:24:25 -0500 From: Rohit Patnaik quanti...@gmail.com To: full-disclosure@lists.grok.org.uk Subject:Re: [Full-disclosure] windows future I'm not sure I agree with the basic premise of this scenario. You're suggesting that getting exposed to malware is some kind of inevitability, and that eventually there will be enough different kinds of malware that filtering them all will be impossible. I don't think that's valid. Good browsing habits, running a firewall, and keeping your machine updated will prevent almost all malware from even getting access to your machine. Then all we have to worry about are the few bits of code that are capable of getting through our defenses. To reiterate the biological analogy, we don't rely on antibiotics to stop infection. We rely on good hygiene. In the same way, just as increased biological infection rates led to a push for greater public hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a push for greater computer hygiene as malware infection rates rise. Windows already includes a firewall to prevent automated worm infections, and Microsoft is working to harden network facing applications, as evidenced by their recent decision to have IE run with limited privileges. As malware becomes more virulent, the immunity of Windows will likewise grow, putting a damper on any sort of exponential growth curve. --Rohit Patnaik lsi wrote: Thanks for the comments, indeed, the exponential issue arises due to use the of blacklisting by current AV technologies, and a switch to whitelisting could theoretically mitigate that, however, I'm not sure that would work in practice, there are so many little bits of code that execute, right down to tiny javascripts that check you've filled in an online form correctly, and the user might be bombarded with prompts. Falling back on tweaks to user privileges and UAC prompts is hardly fixing the problem. The core problem is the platform is inherently insecure, due to its development, licensing and marketing models, and nothing is going to fix that. Even if fixing it became somehow possible, the same effort could be spent improving a competing system, rather than fixing a broken one. Just to complete the extrapolation, the below. Assuming that mutation rates continue to increase exponentially, infection rates will reach a maximum when the average computer reaches 100% utilisation due to malware filtering. Infection rates will then decline as vulnerable hosts die off due to their inability to filter. These hosts will either be replaced with new, more powerful Windows machines (before these themselves surcumb to the exponential curve), OR, they will be re-deployed, running a different, non-Windows platform. Eventually, the majority of computer owners will get the idea that they don't need to buy ever-more powerful gear, just to do the same job they did yesterday (there may come a time when the fastest machine available is
Re: [Full-disclosure] windows future
I'm not saying malware will frighten users away, I am saying that malware will leave them no choice but to leave. This is not a decision users make, they will not be able to buy a Windows computer, as they will no longer work. Sure you can turn them on, but that's all. Once you load up your AV, you'll have no RAM left to load Notepad. Your CPU will be constantly processing AV updates and your disk will fill with AV sigs. The machine will be unusable. Also, there are software-imposed limits to malware filtering, as well as the hardware limits I mentioned earlier, I can only think of one right now, and that is 32-bit integer math, I'm pretty sure once the number of mutations gets a bit past 2 billion, there will be problems with this, possibly mitigated, at a significant cost to performance, by using double integers, or by using 64-bit integers and dropping support for 32-bit machines (again, long term these approaches will also be exhausted). Whitelisting ... my guess is that there will be trillions of legitimate pieces of code, and this list will also grow too large for the average computer to handle. However, as noted in my other mail to Rohit, I think that before these limits are reached, Microsoft will bite the bullet and drop in a unix core. Social engineering: yes, point taken, although, someone is still cranking out binaries, as per the original link I posted: http://www.theregister.co.uk/2009/08/13/malware_arms_race/ ... and to be honest, it doesn't matter if it's only one guy who pumps out trillions of mutations, it's still gonna DOS the AV. I'm not commenting on Windows vs unix vs Mac, I didn't mean to start that thread, I'm just commenting on Windows, and how it appears to be holding a one-way ticket to oblivion. Is that an iceberg, dead ahead? The numbers are telling us that it is. PS. Have you seen PC-BSD? :) http://www.pcbsd.org/ ... it's FreeBSD + KDE + sexy installer ... On 28 Aug 2009 at 16:45, Paul Schmehl wrote: Date sent: Fri, 28 Aug 2009 16:45:39 + From: Paul Schmehl pschmehl_li...@tx.rr.com To: full-disclosure@lists.grok.org.uk Subject:Re: [Full-disclosure] windows future Send reply to: Paul Schmehl pschmehl_li...@tx.rr.com full-disclosure.lists.grok.org.uk mailto:full-disclosure- requ...@lists.grok.org.uk?subject=unsubscribe mailto:full-disclosure-requ...@lists.grok.org.uk?subject=subscribe --On Friday, August 28, 2009 09:32:45 -0500 lsi stu...@cyberdelix.net wrote: The world will awaken from the 20+ year nightmare that was Windows, made possible only by manipulative market practices, driven by greed, and discover the only reason it was wracked with malware, was because it had all its eggs in one basket. That's crazy talk. I hate Windows as much as the next guy, but there's a reason they have such a large market share and it's not *just* manipulative market practices. Most people outside the insular geek world use computers to perform tasks for them. They think of the computer as a tool, and they expect it to do the job they want without getting in the way or requiring them to learn to count in hex. When someone else comes up with a system that has excellent graphics, runs Flash and other things without complaint, and just works without expecting them to lift the hood and diagnose problems, doesn't require them to install all sorts of extras to have a working system *and* is priced competitively with Windows, they will buy it. Macs are competitive with Windows in every category except one; price. And by price I mean the cost of walking into a store and walking out with a working system. Apple's biggest mistake has always been trying to hoard the hardware market for their OS - the same mistake Sun makes - which drives up the price and makes them less competitive. Unix (really Linux mostly) is getting there but still has a ways to go. I say these things as a hard core Unix user who loves FreeBSD. There are many reasons that I love FreeBSD and use it exclusively when I can, but things like making Flash work are not for the faint of heart. It won't be the malware that will drive people *away* from Windows (if it was they would have been driven away long ago), it will be the (dare I say it?) user friendliness of a system *and* price competitiveness that will *attract* buyers to it. BTW, your comments about crackers and ecosystems are several years behind. The current technology crackers are using to great success is social engineering. Actually breaking into systems is almost passe these days. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue
Re: [Full-disclosure] windows future
I'm saying that the world's malware authors, in their race to stay ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of the world's AV systems. They are flooding the blacklists, and this flooding is accelerating. If it continues, the world's AV systems will be useless, as will be the machines they are protecting. You are extrapolating, based on an incorrect assumption - that blacklists will exist forever. When the number of bad files exceeds the number of good files, then whitelists will reign instead. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/