Horizon threats, Here already! Direct Memory Access Malware – GPU others

HORIZON THREATS? Here already! DMA and RDMA Threats
Malware could be hiding in your GPU
(Let us become familiar by browsing the DMA Direct Memory Access links below)
Direct memory access
From Wikipedia, the free encyclopedia
What is DMA? – A Word Definition From the Webopedia
What is Direct Memory Access (DMA)? – Definition from Techopedia
Remote direct memory access (RDMA)
From Wikipedia, the free encyclopedia
Introduction to direct memory access
Implementing direct memory access is straightforward, once you know how it works and how to configure your DMA controller. Here’s a primer on this most efficient means of moving data around in a system.
“Malware writers have worked out ways of hiding trojan horses in places where viruses checkers can’t look, according to one security researcher.
Patrick Stewin has demonstrated a a detector which can be built to find sophisticated malware that runs on dedicated devices and attacks direct memory access (DMA).
This will mean that it will finally tell us how effective crackers have been at getting malware into graphics and network cards.
The code has managed to find attacks launched by the malware, dubbed DAGGER, which targeted host runtime memory using DMA provided to hardware devices.
DAGGER attacked 32bit and 64bit Windows and Linux systems and could bypass memory address randomisation. It has now been developed to a point where the host cannot detect its presence, Stewin said.”….
memory address randomisation / Address space layout randomization
http://en.wikipedia.org/wiki/Address_space_layout_randomization
“Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.”
NOW READ THIS…
Direct Memory Access | Security Architect
Sep 5, 2013 – … when someone mentioned “HBGary Direct Memory Access tools. … as well as use tools to protect against malware delivered remotely. ….
“You ask, “Can they really do that?” and you may be thinking “Only in the movies”  but all along I would have told you “Yeah, they probably can.” The other day I got confirmation when someone mentioned “HBGary Direct Memory Access tools.” That was enough of a lead to spawn a Google search and soon I confirmed such tools aren’t just in the movies.
Of course, if you’ve got great contacts in law enforcement and defense/intel you probably knew that already. But for the rest of us, you don’t have to watch the detectives anymore, there’s a considerably better source for such secret knowledge. I pulled up an old Ars Technica titled “Black ops: how HBGary wrote backdoors for the government.” This was written in the wake of the Anonymous attack on Federal contractor HBGary which led to a Wikileaks-style puke out of the company’s email data banks. Per the article:
“In 2009, HBGary…partnered with…General Dynamics to work on a project euphemistically known as ‘Task B.’ The team had a simple mission: slip a piece of stealth software onto a target laptop…they focused on the ‘direct access’ ports [PCMCIA, ExpressCard and Firewire] that provide ‘uninhibited electronic direct memory access’…[allowing] a custom piece of hardware delivered by a field operative to interact directly with the laptop [and] write directly to the computer’s memory…The [USB and wifi ports] needed “trust relationships” or relied on ‘buffer overflows…”
From the email records it seems HBGary wrote multiple exploits including so-called “rootkits,” a type of malware that installs deep in the OS to become undetectable to anti-virus scanners using standard I/O interfaces. The DMA rootkit was the malware of choice on “Task B” because it was thought to have the lowest risk of detection. And it could be used in physical access scenarios such as a spy accessing a laptop left on a desk or in the hotel room. ….”
PRESS:
Hacker Defeats Hardware-based Rootkit Detection – Slashdot
Mar 4, 2007 … And that’s what hardware-based rootkit detection is about. Use hardware with DMA (which you trust) to access memory instead of letting the …
Researchers Find Way to Detect Direct Memory Access Malware
September 27th, 2013, 08:11 GMT · By Eduard Kovacs
http://news.softpedia.com/news/Researchers-Find-Way-to-Detect-Direct-Memory-Access-Malware-386671.shtml
RELATED:
How to Enable Direct Memory Access (DMA) – Microsoft Support
This article describes how to enable Direct Memory Access (DMA) on your Windows 98-based, Windows 95-based or Windows Millennium Edition-based…

Forensics: “Unknown Flash Movie Virus”

(((FORENSICS~BUILD)))

Forensics: “Unknown Flash Movie Virus”

For a friend….

ESTIMATE: Embedded Flash Movie Malware Payload
NOTE: Possible Network Attack Associated – Botnet/Botmaster
SEE: Common Types of Network Attacks – TechNet – Microsoft
http://technet.microsoft.com/en-us/library/cc959354.aspx
(According to payload that executed, spoofed PC Identity apparent, unsuccessful)

DEVICE: Windows Vista HP (Home Premium) SP2 (Service Pack 2, Fully Patched) / IE9 (Internet Explorer Version 9) – on Home Network / Microsoft Security Essentials installed/running.

SYMPTOMOLOGY:
Viewing Flash Movie in embedded webpage player. Best description from user was sudden turbulence of browser and disconnection and system crashings and then the WGA (Windows Genuine Advantage) panel pop up on restart identifying PC as an illegitimate copy of Windows was running. Connectivity was not further possible.

SUSPENDED FORENSICS:
A full payload forensics was suspended citing any in-the-wild attack or proof-of-concept – and is not being posted publicly. Operating System was reinstalled to Factory Fresh – wiping the disk – now fully patched to current operation.
HISTORY: New virus first to infect Macromedia Flash (January 8, 2002)
http://news.cnet.com/New-virus-first-to-infect-Macromedia-Flash/2100-1023_3-803829.html

SYNOPSIS:
Apparently malware payload (not just a virus) executed on Windows Vista HP SP2 / IE9 while viewing flash movie in an embedded player at website. This was the only affected computer on a Home Network with other computers unaffected. Other peripherals and router were not affected. This may constitute as specific targeting of the IP via Network Attack. It seems possible a botnet infection was unsuccessful as connectivity was destroyed, yet the operating system was spoofed and identified as now a pirated copy of Windows via WGA technologies apparently. There were no ransomware activities observed http://en.wikipedia.org/wiki/Ransomware_(malware) …thus the spoofing of the Windows OS (operating system) itself as now a pirate copy indicates the WGA notification window/panel was valid and not a fake shell as some ransomware scam. Note it is possible it was simply a targeted payload to simply destroy the system from further use as the intended malware malicious intent.

DIAGNOSIS:
Apparent multi-malware payload executed through infected flash movie possibly originating from Apple/Mac computer as possibly an iFrame Movie.

iFrame (video format)
http://en.wikipedia.org/wiki/IFrame_(video_format)

Universally and historically Apple/Mac users are in ‘caveman’ days as not using antimalware. Recently things have changed, as infections have increased dramatically in infancy for this operating system. Linux even more so, their users are now told it is “polite” to use antivirus to protect uploading or exchanging any Windows infecting files from a Linux computer that do not affect Linux – but will infect Windows PCs. Newer Community guidelines. Years ago…..

Microsoft JPEG Vulnerability and the Six New Content Security Requirements
http://whitepapers.silicon.com/0,39024759,60129423p-39000575q,00.htm
In November 2004, a critical Microsoft security vulnerability (MS04-028) was discovered which could allow attackers to embed malicious code inside JPEG image files. Until that time, JPEG image files were considered immune to attack. To effectively deal with this vulnerability, security and IT professionals need to incorporate six new and critical content security requirements into their networks.

…..so that this is the idea with an infected flash movie. Simply visiting a website with the infected picture (JPEG) would infect the unprotected PC. Same with infected flash files is apparent here as source of infection.

NOTE…. Was a novice user and is believed there were possible additional clicks not mentioned possible that caused the malware payload execution.

REMEDY:
With a multi-malware payload as opposed to just a virus, the operating system was reinstalled / restored to Factory Fresh condition – wiping the disk first of all data. A much higher quality paid subscription antimalware product was installed and absolutely recommended! Note that Microsoft Security Essentials was the installed and active protection on the PC…. HOWEVER:

Is Microsoft Security Essentials adequate protection?
http://bluecollarpc.us/2013/04/21/is-microsoft-security-essentials-adequate-protection/
Review: Microsoft Security Essentials
http://www.expertreviews.co.uk/software/1295698/microsoft-security-essentials
Microsoft Security Essentials bombs AV-TEST, loses certification
http://www.geek.com/articles/geek-pick/microsoft-security-essentials-bombs-av-test-loses-certification-20121129/
Microsoft Security Essentials Fails Tests, Loses Antivirus Certificate
http://www.bit-tech.net/news/bits/2013/01/17/ms-security-av-test/1
Microsoft Security Essentials fails AV-TEST again
http://www.bit-tech.net/news/bits/2013/01/17/ms-security-av-test/1
Microsoft fights back on antivirus certification fail, claims malware tests …
http://www.zdnet.com/microsoft-fights-back-on-antivirus-certification-fail-claims-malware-tests-arent-realistic-7000009998/

PLEASE REVIEW THE FOLLOWING INFORMATION AND RECOMMENDATIONS….

How to Fix a Flash Virus | eHow.com
http://www.ehow.com/how_5998536_fix-flash-virus.html

Adobe Flash
http://en.wikipedia.org/wiki/Adobe_Flash

SWF (ShockWave Flash)
http://en.wikipedia.org/wiki/SWF

What Is a Flash Cookie?
http://www.ehow.com/info_10020896_flash-cookie.html

Can Flash Extensions Be Harmful?
http://www.ehow.com/info_12229878_can-flash-extensions-harmful.html

How to Check & Uninstall Flash Cookies
http://www.ehow.com/how_5943906_check-uninstall-flash-cookies.html

How to Clear Macromedia Flash Shared Objects
http://www.ehow.com/how_6182429_clear-macromedia-flash-shared-objects.html

Website Storage Settings panel
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Visit the Adobe Flash Player Settings Manager http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html

It is recommended to be aggressive here and deny all actually, especially noting that nefarious hackers break into microphones and webcams to spy. If having trouble after choosing to block all from being stored on computer go back and make adjustments. Any ‘faster’ use of allowing storage is antiquated and ancient as pertaining to 56K Dial Up years and years ago – as the vast majority have switched to broadband/dsl where available – not quite everywhere though (rural etc).

WEBMASTER BLUECOLLARPC.US
http://bluecollarpc.us/

The BlueCollarPC.US (and former domain extensions) has always been a free Community Help Site and here is a mock severe billing if able to work from an official PC Repair Shop…… LOL

————

JOB BILL / TICKET #001

# Bench Charge………………….$75.00

# Forensics Basic / Suspended…….$25.00
(Normally $150.00 with full reporting)
Discounted!

# Reinstall Factory Fresh Windows…$50.00
…Discounted !

# Fully Patched and Reinstalled
softwares, 18 hours (Vista SP2)….$100.00

TOTAL ……..$250.00

DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)

DNSCHanger Malware Removal – Notes Show All (Internet goes dark March 8)

BELOW IS MOST OF WHAT THE AVIRA TOOL IS DOING WITH A CLICK ….

Tool available for those affected by the DNS-Changer
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199

The Truth About the March 8 Internet Doomsday
http://www.pcworld.com/article/250296/the_truth_about_the_march_8_internet_doomsday.html#tk.nl_spx_t_cbintro

US-CERT Current Activity – DNSChanger Malware
http://www.us-cert.gov/current/index.html
http://www.us-cert.gov/current/index.html#operation_ghost_click_malware

Hi all….. one area that is common with this area of malware changes is malware getting into the PC and changing “Hosts Files” for a redirect usually to more malicious websites for nefarious reasons. There are more key words for search such as “IP Spoofing” and “DNS Cache Poisoning” ….

http://www.webopedia.com/TERM/I/IP_spoofing.html
http://en.wikipedia.org/wiki/DNS_cache_poisoning

This is off the cuff but from years of experience with the “badware” as it is sometimes called for a universal term covering all and all they do. I am throwing an educated guess at the payload involved and may even involve some variants or residuals on individual basis per handfuls here and there of hundreds to thousands of personal computers. A Botherder or Botmaster is a Command and Control console type arrangement the culprit (s ) runs and attempts clandestine contact to infected computers that can go into the millions – but to partially set some aside to test out how their malware payload is holding up against detection. They may have purposely infected the handfuls with variants of the payload in an attempt to resurrect the whole episode all over again. They (cyber criminals) have become very, very sophisticated anymore. Any phrase like “doomsday” today can actually be no exaggeration anymore.

The measures taken here by the FBI et al are unprecedented and on the scale of “State Sanctioned”. It has been obviously a measure not only to attempt correction and for protection of all infected computers and their users private data – but to keep internet commerce itself alive, as the loss of millions would obviously have a large effect.

I admittedly only perform some amateur forensics and would need probably days upon days upon days to do a write up for full manual removal and correction of an affected system. I most likely could find the actual payload, as there are handfuls of company online search engines for just that. But, if one has a little savvy and wants to attempt further manual removal of the malware to avoid cost at a PC Repair Shop – here are some tips. Mind you, in this case a Shop will obviously advise to reinstall Windows after completely wiping (erasing) the disk first – a common automatic procedure with a Windows CD/DVD or if you have made an Emergency CD Repair CD/DVD. (I would advise do NOT hit “Repair” but go ahead and back up all files first you wish to save and the completely reinstall Windows and THEN also scan the backed up files for malware before reinstalling to the PC now in Factory Fresh condition. )

REVIEW THIS FOR HOSTS FILES….
Blocking Unwanted Parasites with a Hosts File
http://winhelp2002.mvps.org/hosts.htm
(In other words in this area you are looking for how to Restore your Hosts
Files before infection that changed them.)

How can I reset the Hosts file back to the default?
http://support.microsoft.com/kb/972034
MICROSOFT FIX IT TOOL ***** HOSTS FILES

ALSO….
How to reset Internet Protocol (TCP/IP)
http://support.microsoft.com/kb/299357

A Point of Entry and Attack is the firewall that may even have been circumvented.
Tunneling to circumvent firewall policy
http://en.wikipedia.org/wiki/Tunneling_protocol#Tunneling_to_circumvent_firewall_policy
You may want to uninstall it and clean up left over files and registry
entries (Registry Cleaner) … Here is about the best and indeed they have finally released a free home version ….
PowerTools Lite 2011 [Genuine Freeware]
– The Freeware Registry and System Cleaner
http://www.macecraft.com/powertoolslite2011/
(Which is of course by the famous jv16 PowerTools – by far the top recommended for a decade, about. )

YUCK… one more area to review….

TCP reset attack
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/TCP_reset_attack

Bottom line….Above was posted for review, and hastily, if there are still problems and if need be to mention in the event of a necessary trip to the PC Repair Shop. Attempt recommended Avira Tool in these emails as advised. Check out the US CERT links if needed or as double check after Avira clean up – there is a link for detection at the FBI sight for anyone fearing infection I believe. (Avira has consistently had one of the best detection/blocking/removal ratings for years – visit VirusTotal).

AS I SUSPECTED THERE ARE MANY VARIANTS …… LIST (omg There are 23 variants presently ! ! ! – (Absolutely a Shop will advise to reinstall Windows without batting an eye)

*COMPUTER ASSOCIATES*
SOURCE / ONLINE SEARCH ENGINE AND TYPE IN “DNSChanger” as malware payload
look up…
CA Spyware Information Center (Search Engine)
http://www3.ca.com/securityadvisor/pest/
CA Spyware Information Center search engine (ComputerAssociates, makers of
PestPatrol and many security wares)
(*Malware search engine look up is top right)

SEARCH RESULTS: (hot links at results link for each below)
http://www.ca.com/us/search/default.aspx?q=dnschanger&sk=findthreat&backUrl=http%3A%2F%2Fwww.ca.com%2Fus%2Fspyware.aspx
1 DNSChanger B – CA Technologies Quick View
Description: DNSChanger B
Size: 36 KBDate: 01/09/20072 DNSChanger P – CA Technologies Quick View

Description: DNSChanger P
Size: 36 KBDate: 02/22/20123 DNSChanger P – CA Quick View

Description: DNSChanger P
Size: 50 KBDate: 11/20/20094 DNSChanger G – CA Technologies Quick View

Description: DNSChanger G
Size: 37 KBDate: 02/19/20125 DNSChanger C – CA Technologies Quick View

Description: DNSChanger C
Size: 36 KBDate: 04/19/20076 DNSChanger S – CA Technologies Quick View

Description: DNSChanger S
Size: 36 KBDate: 02/22/20127 DNSChanger U – CA Technologies Quick View

Description: DNSChanger U
Size: 36 KBDate: 01/29/20108 DNSChanger T – CA Technologies Quick View

Description: DNSChanger T
Size: 36 KBDate: 01/29/20109 DNSChanger M – CA Technologies Quick View

Description: DNSChanger M
Size: 36 KBDate: 02/21/201210 DNSChanger L – CA Technologies Quick View

Description: DNSChanger L
Size: 36 KBDate: 07/17/200911 DNSChanger – CA Technologies Quick View

Description: DNSChanger
Size: 36 KBDate: 06/14/200612 DNSChanger r – CA Technologies Quick View

Description: DNSChanger r
Size: 36 KBDate: 02/21/201213 DNSChanger I – CA Technologies Quick View

Description: DNSChanger I
Size: 36 KBDate: 02/20/201214 DNSChanger azf – CA Technologies Quick View

Description: DNSChanger azf
Size: 36 KBDate: 02/20/201215 DNSChanger H – CA Technologies Quick View

Description: DNSChanger H
Size: 36 KBDate: 02/19/201216 DNSChanger E – CA Technologies Quick View

Description: DNSChanger E
Size: 37 KBDate: 11/26/200717 DNSChanger D – CA Technologies Quick View

Description: DNSChanger D
Size: 37 KBDate: 02/19/201218 DNSChanger k – CA Technologies Quick View

Description: DNSChanger k
Size: 36 KBDate: 08/04/200819 DNSChanger A – CA Technologies Quick View

Description: DNSChanger A
Size: 36 KBDate: 07/29/200820 DNSChanger ayy – CA Technologies Quick View

Description: DNSChanger ayy
Size: 36 KBDate: 02/05/201221 DNSChanger arn – CA Technologies Quick View

Description: DNSChanger arn
Size: 36 KBDate: 03/11/200822 DNSChanger aum – CA Technologies Quick View

Description: DNSChanger aum
Size: 36 KBDate: 03/11/200823 DNSChanger F – CA Technologies Quick View

Description: DNSChanger F
Size: 37 KBDate: 02/19/2012
——–>

BASIC PAYLOAD…..
DNSChanger
Date Published:
Wednesday, June 14, 2006
Alias
W32/Backdoor.KGE [F-Prot Antivirus]
Overall Risk : HIGH
Category
Trojan: Any program with a hidden intent. Trojans are one of the leading
causes of breaking into machines. If you pull down a program from a chat
room, new group, or even from unsolicited e-mail, then the program is likely
trojaned with some subversive purpose. The word Trojan can be used as a
verb: To trojan a program is to add subversive functionality to an existing
program. For example, a trojaned login program might be programmed to accept
a certain password for any user’s account that the hacker can use to log
back into the system at any time. Rootkits often contain a suite of such
trojaned programs.
Date of Origin
date of origin: Variants from September, 2009 to September, 2009
Operation
DNSChanger: at least DNSChangerKB
Files:
[tn]dnschanger.exe
2701526
hgqhp.exe
kdrgh.exe
virtue_7884154
kdrgh.exe
hgqhp.exe
[tn]dnschanger.exe

WEBMASTER / http://www.bluecollarpc.us/

PS – a quality real time protection antimalware installed no doubt would have blocked this infection and variants to date. Cyber Crime Units have about the rest of all information needed no doubt by now with professional forensics performed.

 

Information: “Will Your Browser Go Dark on March 8?” (DNSChanger attack left overs)

Will Your Browser Go Dark on March 8? (DNSChanger attack left overs)
PC Magazine
This cyber criminal ring had infected about 4 million machines with malware worldwide, about half a million of them in the United States. FBI caught ’em. End of story, right? Well, not entirely. First, it’s important to understand what DNSChanger did….
http://securitywatch.pcmag.com/malware/293327-will-your-browser-go-dark-on-march-8 
“Yes, the FBI also offered a page to help with this problem. ….”
https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

“Mustaca’s blog post explains how to determine whether your system is affected…..”
Avira DNS-Repair-Tool released
http://techblog.avira.com/2012/01/23/avira-dns-repair-tool-released/en/


NOTES you can also try a quick instant check for botnet infection here….

Online Tool Developed to Check for Botnet Activity   [wrkx w/ Netbooks]
BotnetChecker.Com
Go To: http://botnetchecker.com/
PRWeb via Yahoo! News Wed, 12 Dec 2007 5:00 AM PST
http://news.yahoo.com/s/prweb/20071212/bs_prweb/prweb575432_1
It is estimated that 1 in 4 computers on the internet today are part of a botnet. After observing bot activity from thousands of compromised computers, local administrator develops easy way to check for botnet activity.

Trend Micro RUBotted (free) 4-5* (Detect only) [wrkx w/ Netbooks]
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted
Malicious software called Bots can secretly take control of computers and make them participate in networks called “Botnets.” These networks can harness massive computing power and Internet bandwidth to relay spam, attack web servers, infect more computers, and perform other illicit activities.
Security experts believe that millions of computers have already joined Botnets without the knowledge of their owners. By using remotely-controlled computers, the criminals in charge of the Botnets try to remain anonymous and elude authorities seeking to prosecute them. RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.

ADVANCED:

Bothunter – Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Bothunter
BotHunter is a free utility for Windows XP and Unix, which aims at detecting botnet activity within a network. It does so by analyzing network traffic and …
http://www.bothunter.net/ 

PLEASE SEE MY REPLIES FOR FURTHER INFORMATION AND REMOVALS….

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

New Portable – Microsoft releases Windows Defender Offline tool beta (create bootable CD,DVD,USB flash drive)

Microsoft releases Windows Defender Offline tool beta
The H
Users can choose to create a bootable CD, DVD or USB flash drive
Microsoft has published a public beta of an offline version of its
Windows Defender spyware removal software, formerly known as Microsoft
AntiSpyware. Using the Windows Defender Offline …
http://www.h-online.com/security/news/item/Microsoft-releases-Windows-Defender-Offline-tool-beta-1392853.html

GET IT FREE HERE ……
What is Windows Defender Offline Beta?
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

NOTES…. A big plus here is the antimalware product runs before a
bootkit can apparently, which coincides with the new security technology
in Windows 8 which unfortunately has already been cracked….

” Windows 8 Boot Security Cracked”
http://www.crn.com/news/security/231903295/windows-8-boot-security-cracked.htm;jsessionid=NZjzL4QedChUWf+VUz6Tyg**.ecappj02

THREAT http://en.wikipedia.org/wiki/Bootkit#bootkit

\sarcasm\ …So Micro$oft will be passing out a free Windows Defender
Anti-Bootkit USB Drive stick and a Norton CD with each new Windows 8
purchase ? ! LOL ….sounds eerily like a Microsoft apology or the
opposite being offering the same type technology for XP users as
conceivably a bootkit can not run on Vista because rootkits can not.
Since Vista UAC has reportedly been cracked
<https://bluecollarpcwebs.wordpress.com/2011/08/26/vista-user-account-control-uac-finally-cracked/>;
…THEN it would seem this is indeed the next attack vector as creating
the bootkit to then circumvent Vista security to attempt running the
very first rootkit on Vista which means a payload described as a
“blended threat” <http://en.wikipedia.org/wiki/Blended_threat>; as
massive, is necessary, and will no doubt be tracked back by Cyber
Security agencies (FBI et al) and the antimalware industry and possibly
private citizen groups that go botnet hunting. BUT the obvious question
is hot to upload the payload to Vista ? Only those that could care less
about security or love to run Vista without UAC (turning it into a XP or
98 0r ME) are the ones that can even be infected with the payload to
even attempt to deliver the payload and attempt reports back as to how
well they did. Massive hit and miss circumstances for this ever to
become reality. Since Vista has not climbed too much above 10 to 12
percent of sales seems it would be missed by this pipe dream to date.
Still, food for thought – and I am still in the “I love my Vista” crowd
for life ! ! ! She will be most secure even over and above Windows 8.

REFERENCE ….
Techworld.com – Vista’s UAC spots rootkits, tests find
http://www.techworld.com/security/news/index.cfm?newsid=101583

I personally called Vista as the crown of security software for the
decade (2000-2010) as the operating system itself achieving what NO
other defense software did…..

QUOTES
AV-Test.org, which set out to find out how well anti-virus programmes
fared against known rootkits….
The answer was not particularly well at all, either for Windows XP, or
Vista-orientated products. Of 30 rootkits thrown at XP anti-malware
scanners, none of the seven AV suites found all 30, a similar story to
the six web-based scanners assessed. Only four of the 14 specialised
anti-rootkit tools managed a perfect score.

The best of the all-purpose suites was Avira AntiVir Premium Security
Suite, which found 29 active rootkits, with Norton finding as few as 18.
The anti-rootkit tools fared better, with AVG Anti-Rootkit Free, GMER,
Rootkit Unhooker LE, and Trend Micro Rootkit Buster achieving perfect
scores. The scores for removal were patchy, however, with all failing to
remove 100 percent of the rootkits they had found.

The results for Vista products were harder to assess because only six
rootkits could run on the OS, but the testers had to turn off UAC to get
even this far. Vista’s UAC itself spotted everything thrown in front of
it.

Only three of the 17 AV tools for Vista managed to both detect and
successfully remove them, F-Secure Anti-Virus 2008, Panda Security
Antivirus 2008, and Norton Antivirus 2008.

That UAC can tell a user when a rootkit is trying to install itself is
not in itself surprising, as Vista is supposedly engineered from the
ground up to intercept all applications requests of any significance.

OTHERS ——–>

Emsisoft Emergency Kit 1.0 [FREE]
http://www.emsisoft.com/en/software/eek/
[Software collection]
Version 1.0.0.25 – 6/8/2011
Your emergency kit for infected PCs!
Detects and removes Malware
>4 million known dangers
100% portable – perfect for USB sticks
HiJackFree and BlitzBlank included

ClamWin Portable (Antivirus, more) [FREE]
http://portableapps.com/apps/utilities/clamwin_portable
Antivirus to go…. ClamWin Portable is the popular ClamWin antivirus
packaged as a portable app, so you can take your antivirus with you to
scan files on the go. You can place it on your USB flash drive, iPod,
portable hard drive or a CD and use it on any computer, without leaving
any personal information behind.
NEWS: ClamWin Portable 0.97.1 (anti-virus) Released | PortableApps.com

ClamWin Portable 0.97.1 (anti-virus) Released. Submitted by John T.
Haller on June 17, 2011 – 7:46pm. logo ClamWin Portable 0.97.1 has been
released. …
http://portableapps.com/news/2011-06-17_-_clamwin_portable_0.97.1_released

Microsoft Standalone System Sweeper (Beta) [FREE]
http://connect.microsoft.com/systemsweeper
Note “beta” means it is actually still a test version with ability of
feedbacks from the community for any bugs found they need to correct. It
then is released as normal “alpha” version.
NEWS:
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support
call costs, Microsoft has released a malware recovery tool that boots
from a CD or USB stick. Ryan Naraine is a journalist and social media
enthusiast specializing …
http://www.zdnet.com/blog/security/microsoft-ships-free-malware-cleaner-that-boots-from-cd-or-usb/8712

SUPERAntiSpyware Portable Scanner (Antispyware) [FREE]
http://www.superantispyware.com/portablescanner.html
Follow the instructions below to download the SUPERAntiSpyware Portable
Scanner. The scanner features our complete scanning and removal engine
and will detect AND remove over 1,000,000 spyware/malware infections.
The scanner does NOT install anything on your Start Menu or Program
Files and does NOT need to be uninstalled. The scanner contains the
latest definitions so you DO NOT need Internet Access on the infected
system to scan.

Comodo Cleaning Essentials
Comodo Cleaning Essentials is a set of portable antivirus tools
that will help you to detect and remove malware from an infected PC.
http://www.comodo.com/business-security/network-protection/cleaning_essentials.php
(DESKTOP http://www.comodo.com/ )

ESET SysInspector is a powerful, portable security tool that will
inspect your system’s files, running processes, Registry keys and more,
looking for and highlighting anything that could be a sign of malware.
(Makers of famous Eset NOD32 Antivirus – most awarded in history)
http://www.downloadcrew.com/article/20672-eset_sysinspector_12026_32-bit
(DESKTOP http://www.eset.com/us/ )

Norman Malware Cleaner is an interesting portable antivirus tool which
will scan your PC, detecting and removing any malware that it uncovers.
http://www.downloadcrew.com/article/23283-norman_malware_cleaner
(DESKTOP http://www.norman.com/en-us )

The AVG Rescue CD is a portable environment that comes with a range of
tools to help you clean up a virus-infected PC, fix hard drive problems,
and get an unbootable system working again. This variant of the rescue
CD is intended for installation on a USB flash drive. After downloading,
you should extract the archive contents directly to the root folder of
the USB drive
you’d like to use. (If you don’t have a tool that can read RAR files,
then try 7-ZIP).
http://www.downloadcrew.com/article/4650-avg_rescue_cd_usb_flash_drive_edition
(DESKTOP http://www.avg.com/us-en/homepage

CCleaner Portable
CCleaner Portable is a compact version of CCleaner that you can store on
a CD, USB flash drive, microSD, or even two floppy disks if you still
use those.
http://www.softpedia.com/get/PORTABLE-SOFTWARE/Security/Secure-cleaning/Windows-Portable-Applications-CCleaner-Portable.shtml
(DESKTOP http://www.piriform.com/ccleaner )
 
 SENDER:

Webmaster/malware removal help
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

Question was: Is anyone using antivirus software on Linux ?

Question was…. Is anyone using antivirus software? (On Linux, at a different group)

List of Linux computer viruses
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses

KlamAV has included directory of threats built in.

My answer is yes absolutely. If you can’t seem to get Clam for Linux working, go to System>  Synaptics and type in Clam as search word. Mark for installation ALL that apply and click Apply to install them. The
simple Clam download is basically an empty shell. You need like the fresh clam etc to get the definitions and as well you need to open Preferences and set Updates to every hour all the way up to once a day.
Once a day is generally sufficient. They will install silently in the back ground on log in session daily. If you simply click HOME – this is much like a quick scan of all the usual targets.

Yes, getting hit with malware is rare on Linux but not so much anymore. Companies do not spend zillions of dollars making a Linux antimalware solution with Real Time Protection – YES – Real Time Protection such as
….. 
ESET Announces ESET NOD32 Antivirus for Linux 
EON: Enhanced Online News (press release)
“Given the importance of consumer and business usage of Linux, it is
essential to equip users with advanced security software to protect
against cyber-attacks,” said Richard Marko, CEO of ESET. “With ESET
NOD32 Antivirus for Linux, ESET’s protection is …
http://eon.businesswire.com/news/eon/20110412007003/en

MORE: 
ESET File Security for Linux receives VB100 award [perfect scores
against malware]
BRATISLAVA – ESET File Security 3.0.20 for Linux has received a “VB100”,
the award from Virus Bulletin, UK’s independent testing antivirus
authority. …
http://www.adaox.ae/index.cfm/id/1024
Simple or average users sometimes have the attitude of “your not going to drag that windows crap into here – Linux users – are you ? “…. but they do not realize you may be performing financial transactions or are
a webmaster and even using FTP to websites etc. These type users WELCOME such products for confidence and peace of mind in Safe Computing for like $30 to $40 USD yearly. I myself have tried the 30 day evaluation of ESET (best windows at over 59 VB100 Awards, labs can’t lie) for Linux and am seriously impressed and will be using it permanently on my Linux Netbook. I have tried free AVG – as Clam has only a very fair as opposed to excellent detection rating. It completely bogged down the system so bad I could not navigate the computer system. Fighting fighting fighting just to get rid of it ! Finally !

Again, the average user is not even aware of the great botnet plague of the which the Linux operating system has been used as well as windooooze. Freely in Linux there is pipelining and torrents and so on
that are weapons in botnet payloads. There is the infamous IRC Chat Relay used for botmasters and botherders to communicate clandestinely beyond legal authorities in too many cases. In fact as a windows die
hard user switching over to Linux – it was like duhh—- where do you think it all came from. They have no compunction about decompiling software to reengineer it for malware strikes and payload deliveries.
The Open Source community needs to be protected by us as they many times do not have the resources for legalities as do the billionare windows security firms. Read about tunneling to circumvent firewall policies.
This is another area of pipelining. Originally, IPv4 allocation was running out as Windows Vista was released with IPv6 native. All these type communications by malware writers into new Vista users over IPv6
tunneling and pipelining was sticking out like a sore thumb and actually only the stupid would attempt it and like at a softer target such as some unpatched software in the system. That was about the last hope of
fresh air in a malware free internet since about the day the first virus went public. Gone.

So, do I use antivirus on Linux… are you kidding me ? You NEVER operate ANY computer without antivirus as minimum security defense. Anyone who tells you different is either security ignorant (newbie novice user) or is intentionally socially engineering you to circumvention of your personal computing security solution (add suite) to make you their mark (IDTheft etc). There is no in between. This is black and white. This is the “cyber ghetto” that used to be called that wonderful information super highway known as the world wide web – WWW …. The more Linux gets used, the more it will look like all the Mac attacks going on and getting worst by the day.

For the average user – If you practice Safe Practices (don’t go to shady places on net, don’t do shady downloads, etc) and you use Clam or Klam and at least scan weekly or monthly you are fairly safe. NO argument
there. Fairly safe. Notice that does not say you are protected. You need a Linux antimalware product with Real Time Protection (heuristics) to be protected.

It depends on what you have to loose and was my reason for this reply. I don’t say “Shut Up” to all those that want to call this “snake oil” and hey dude you are an unwelcomed alarmist spreading FUD  <http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt>  ==== I say “Wake Up” and history reveals you are a fool who’s money is soon parted. Ask the victims.

I qualify my answer as advancing to IT Security Home/Small Business and Amatuer Forensics (Computer)…. http://bluecollarpc.us/forensics.php (webmaster). The former are generally those the Microsoft threatened to sue for damages during their last “Vista Bashing” episodes of entire proven lies about Computing Security and Vista itself.

Simple answer… hey guy get Clam AV at Software Repositiory (in System >  Ubuntu Software) built into Linux and use it once and a while and your good to go for now. Try the more advanced stuff when you are ready
or feel the need to. Simple. Understand no malware written for windows or others works on Linux and vice versa – different operating system code.

gerald philly pa usa
http://linuxducks.webs.com/
On 5/25/2011 5:12 PM, xxxx wrote:
>  Here’s an Ubuntu-specific list of every known (to them) virus/worm.
>  Read the comments on each; you’re pretty immune to all of them
>
<https://help.ubuntu.com/community/Linuxvirus>

%d bloggers like this: