New Amatuer Forensics Build in Progress – “Nimrod Botnet”
This is the preliminary notes of the build with an important Estimate.
[NOTE WE CLOSED BLUECOLLARPC.NET OCT 2009 / DEAD LINKS] ———————————
Amatuer Forensics Build – Nimrod Botnet
History: Is Grisoft AVG Free Reverse Engineered by Botnets? By bluecollarpc http://bluecollarpc.wordpress.com/2009/04/15/is-grisoft-avg-free-reverse-enginee\ red-by-botnets/
(((Forensics Build – Nimrod Botnet))) Date: July 30 2009
——- THIS IS A SCRATCH BUILD – ADDING DAILY ——
AMATUER PC SECURITY FORENSICS
Title: “Nimrod Botnet” (Nimrod was a hunter)
a-squared Anti-Malware – Version 4.0 Last update: 4/13/2009 9:45:09 AM
Entry Threat: Win32.Outbreak!IK
(Adding report on trojan found in Windows Error Reporting)
ESTIMATE: Virtualization Comprimise
NON SAMPLE…. US labs virtualise 1m Linux kernels (anti-botnet research) ZDNet UK Wed, 29 Jul 2009 08:37 AM PDT Sandia National Labs have simultaneously run more than a million Linux kernels on a single cluster, an accomplishment that could prove useful for anti-botnet research…. http://news.zdnet.co.uk/software/0,1000000121,39698952,00.htm
TARGET: Windows Server 2008 http://en.wikipedia.org/wiki/Windows_Server_2008
Windows Server 2008 is the most recent release of Microsoft Windows’ server line of operating systems. Released to manufacturing on February 4, 2008 and officially released on February 27, 2008, it is the successor to Windows Server 2003, released nearly five years earlier. A second release, named Windows Server 2008 R2, was released to manufacturing on July 22, 2009.
Like Windows Vista and Windows 7, Windows Server 2008 is built on Windows NT 6.x. Self-healing NTFS In previous Windows versions, if the operating system detected corruption in the file system of an NTFS volume, it marked the volume “dirty”; to correct errors on the volume, it had to be taken offline.
With self-healing NTFS, an NTFS worker thread is spawned in the background which performs a localized fix-up of damaged data structures, with only the corrupted files/folders remaining unavailable without locking out the entire volume and needing the server to be taken down. The operating system now features S.M.A.R.T. detection techniques to help determine when a hard disk may fail. This feature was first presented within Windows Vista.
Best guess….. with Disk Defragger and Disk Check inoperative (begins and moment later progress vanishes – reboot unable to run), and with System Restore corupted – this seemed the target is to hide a dirty disk.
Apparently trial runs on personal Vista PCs (Ho Prem) through the “reverse engineering” of the anitvirus product broken into. Why would they do that…. to install counterfiet components of Unix-Like for example to even run dual server communication undetected.
In other words Windows Server 2008 and Self-healing NTFS are “cracked” and thus the Windows Server 2008 R2 was released to manufacturing on July 22, 2009.
Recommendation – upgrade.
Additional sources… news.admin.net-abuse.sightings http://groups.google.com/group/news.admin.net-abuse.sightings/msg/c26324447d0f23ef
Webmaster BlueCollarPC.Org http://www.BlueCollarPC.Org
and now I know my Vista like the back of my hand.