Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.




97 posts

Master Geek
+1 received by user: 45


Topic # 102524 16-May-2012 12:05 Send private message

I found this interesting thread on reddit:

http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/

Best quotes:

People who can just about start facebook and put in their credit cards are the reason such things exist. Antivirus companies selling snakeoil and lull consumers into absolute security are another one.

At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.

If your AV says it's clean or even if Virustotal gives you 0/43 it can still be malware, been there, seen that. Srsly, don't trust your AV.

Kaspersky was the most challenging at first, Kaspersky is paranoid as f***! But it has an exploit in KIS, KAV and PURE, allowing to start malicious code in the memory context of a trusted system process unnoticed. Kaspersky won't interfere if it thinks it's the system process doing changes to the system.

It is possible to create a perfect protection, trusted boot, rootkit hooks on all system calls and looking into not WHO changed something, but WHAT was changed in the system. Some application added an autorun? That's a paddle. Some application tried to f*** with the memory of another application? That's a paddle. But then you would only need to buy the protection ONCE and not a recurring 50$/year for some sh*tty signature updates every hour. AVs leave protection holes on purpose to make money! (Or the whitehats just suck. Unlikely, because their blogs are awesome)

I do it mostly for fun, beating the shady whitehats that sell their snakeoil is the most fun part.

No AV will save you. The majority of my bots uses MSE, but its not because its worse but because more popular. AVs however will protect you from the usual trash, like 2008 conficker virus and "stealers" from 14 year old hackforums scum.

Such snakeoil will live just as long as the myth that personal firewalls behind a NAT router give additional security.




Create new topic
Watchmaker Wizard
2431 posts

Uber Geek
+1 received by user: 58

Subscriber

  Reply # 626106 16-May-2012 13:29 Send private message

You'd be fool to run a Windows system without _some_ sort of antivirus software, even if it's just Microsoft's own Security Essentials. Just because they won't detect the amazing stuff this dbag writes, doesn't mean they won't block this weeks Conficker variant.

Heuristic algorithms are supposed to detect this kind of thing, but who knows if they actually work or not.

People like this are also fairly likely to think that they're a lot more awesome than they actually are.






97 posts

Master Geek
+1 received by user: 45


  Reply # 626206 16-May-2012 15:01 Send private message

stevenz: You'd be fool to run a Windows system without _some_ sort of antivirus software, even if it's just Microsoft's own Security Essentials. Just because they won't detect the amazing stuff this dbag writes, doesn't mean they won't block this weeks Conficker variant.

Heuristic algorithms are supposed to detect this kind of thing, but who knows if they actually work or not.

People like this are also fairly likely to think that they're a lot more awesome than they actually are.


He does have good points though. A personal firewall is snake oil. I am torn with AV as the heuristic algorithms dont work very well and are easily circumvented. Users should be aware that only known viruses or rootkits can be found but the AV solutions are next to useless when it comes to finding new stuff (polymorhphing code).

He seems fairly level headed and gives some good advice that I would give as well, like buy your software or secure your browser (only enable plugins when needed).

gzt

4740 posts

Uber Geek
+1 received by user: 277


  Reply # 626244 16-May-2012 15:47 Send private message

Mainly he is talking about defense against attacks he uses to install botnets. He does not discuss other threats at all. There are still many common threats AV and firewalls actually do a very good job defending.

I didn't read the whole thing but did he mention any attacks at all which are not browser based?



97 posts

Master Geek
+1 received by user: 45


  Reply # 626273 16-May-2012 16:35 Send private message

gzt: I didn't read the whole thing but did he mention any attacks at all which are not browser based?


His main attack is maleware that users install voluntary (think Photoshop.CS6.cracked.exe). What he says is that AV wont find him as he randomly morphes his code, but he does mention tools (GMER) who can find root kits.

What does your personal firewall protect you from? If you get a message from you firewall that svhost.exe is trying to establish a connection do you let it?



gzt

4740 posts

Uber Geek
+1 received by user: 277


  Reply # 626302 16-May-2012 16:57 Send private message

testha:
gzt: I didn't read the whole thing but did he mention any attacks at all which are not browser based?


His main attack is maleware that users install voluntary (think Photoshop.CS6.cracked.exe). What he says is that AV wont find him as he randomly morphes his code, but he does mention tools (GMER) who can find root kits.

What does your personal firewall protect you from? If you get a message from you firewall that svhost.exe is trying to establish a connection do you let it?

Did he mention any attacks against o/s other than windows? But seriously, that is outbound, A personal firewall still prevents many types of inbound tcp attack, and compensates average users somewhat for their own bad sharing decisions. Just because personal firewalls and dsl router/firewalls have made that kind of attack relatively rare does not mean the prevention is no longer needed.

Vaccination has made many once common diseases extremely rare, but when vaccination incidence drops you start to have problems spreading very quickly.

Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Has Spark (Telecom) locked their iphone 6 ?
Created by anewguy2014, last reply by michaelmurfy on 17-Dec-2014 14:32 (25 replies)
Pages... 2


forgot how to unlock a car door
Created by joker97, last reply by joker97 on 19-Dec-2014 19:10 (49 replies)
Pages... 2 3 4


Police Camera Van Disguise
Created by Reanalyse, last reply by joker97 on 20-Dec-2014 11:41 (46 replies)
Pages... 2 3 4


In defence of cats
Created by Rikkitic, last reply by DarthKermit on 17-Dec-2014 15:40 (68 replies)
Pages... 3 4 5


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3


How to upload 150GB of photos to iCloud?
Created by josephhinvest, last reply by timbosan on 17-Dec-2014 15:05 (35 replies)
Pages... 2 3


Why I’m a paid subscriber to geekzone
Created by sdavisnz, last reply by freitasm on 20-Dec-2014 11:49 (33 replies)
Pages... 2 3



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.