Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it,
follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given
their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!
[Shields Up] Computer Security Thread
Posts
Read that first as "poperub." Pictured someone rubbing the Pope. This has already been a very damaging virus for me.
Sweet. I just used fixmbr today repair a hosed image gone bad.
Kaspersky offers a free download 'TDSSKiller'. Works great.
TDSSKiller is an excellent suggestion (though I believe it only works on x86 systems - could be wrong, but I'm not sure). Another measure you can take would be to boot from a LiveCD or USB stick and use a scanner from outside the OS, where the rootkit can't hide as easily.
On the Topic of TDSS/TDL, recently Kaspersky did an interesting write up of the threat's evolution here. Some interesting tidbits include an examination of the affiliate program (i.e. people get paid to infect machines, to the tune of $20 - $200 per 1,000 infections, depending on region), and an analysis of the bootkit component of TDL, which includes its own antivirus to remove rival infections. The botnet is also controlled via a public P2P system, where newly infected machines automatically connect, and are then given specific instructions to connect to other TDSS infected machines - effectively creating a private P2P network which the malware authors control. Not only does control of such a network decentralize their command and control (meaning the network is harder to take out), but they've started to monetize the P2P network. By installing proxy-server type software on infected machines, TDL controllers are offering anonymous internet browsing for all who want to pay $100 a month. Essentially, if you pay for this service you connect to a proxy server that is (in actually) someone else's infected computer. So activity from your end looks to be originating from the victim's IP.
And perhaps the most notable element of the article? Kaspersky managed to penetrate the TDL botnet's command and control databases, where they found some interesting data:
Good God Damn.
Given those numbers, how would I go about ensuring I haven't in fact been infected? Running Malware Bytes and MSE right now and haven't seen any weird behaviors...but goddamn if that doesn't make me paranoid.
The 2012 issue of Fornax. | Steam and Origin: Espressosaurus
Actually, to those of you who use TDSSKiller frequently, is it a pretty safe tool to employ on a system? Or are we talking about something like Combofix here, where you don't want to run it at all unless positively necessary? Combofix can mess your computer up proper if you run it when you don't need to.
I have to agree. For as scary as the malware is, it's genius level amazing stuff. Evil genius, of course, but still impressive. TDL4 truly is a magnificent bastard.
TDSSKiller hardly ever finds anything. When it does, it gets rid of it. Never seen anything go wrong with it yet.
Damn, they're still hitting the AZ PD? I had no idea that they were still targeting them after Lulzsec disbanded (and arguably diffused into Anon). That's... a pretty huge leak right there. I wonder if the media will cover the actual documents leaked, or just focus on the fact that the hack occurred. Either way, I imagine the AZPD and the associated entities involved are squirming in the wake of this breach. They really dug deep this time, and I'd imagine this leak will hurt quite a bit in the long run. To say nothing of the morality of the hack itself, some of the things that Anon/Lulzsec have uncovered and disclosed about these guys is patently shocking, and frankly disturbing.
On the topic of Anon/Lulzsec claiming to be Antisec: I brought this up in the G&T Lulzsec thread, but it seems that they're completely missing the point of Antisec. Antisec isn't a 'Fuck the Power! Wooo Anarchy!' movement. It was a movement started in the late 1990s in order to censor the disclosure of vulnerabilities and exploits. Specifically for the purpose of preventing script kiddies from using that information. Considering that Lulzsec/Anon have been vocally anti-censorship, and considering that their tools during the Lulzsec storm were largely SQL injection and Remote File Inclusion attacks (i.e. attacks automated and enabled via methods AntiSec is about censoring), and I have to wonder what the hell they actually have to do with AntiSec besides hijacking the term for their own purposes.
The AntiSec 'manifesto' from Wikipedia is under the spoiler.
I've got that. Much prefer Ultimate Boot CD. I use it all the time to blank out the admin password and get into a system mainly, but use pretty much all of the rest of it as well from time to time.
I'm sure even they don't believe their manufactured anarchist bullshit though.
I'd be interested to know about the techniques they used to steal this information and break into these servers though.
The anarchism stuff is just 'Fight Club' inspired spiel, from people who don't know better.
As of this posting, the offending tweets were made twelve hours ago, and are still up and visible on the afflicted Twitter page.
A minor bump in the hacking news, by itself. I have heard some grumblings around various other message boards, though, that Twitter accounts are getting compromised with higher frequency recently. There's some speculation that hashed password tables may have been stolen, so people with weak/dictionary passwords might be getting picked off as a result. That's just rumor and conjecture at this point, though it might explain the story above.
One interesting story I read recently has dealt with the growing trend of imported hardware/pre-built computer systems being loaded with malware before being purchased by the end consumer.
We knew this was happening with thumbdrives, but pre-infected off-the-shelf systems is a new one on me.
True enough. This reminds me of a writeup I saw via Reddit's NetSec feed recently. The security firm (and I use the term loosely) Netagard was charged with compromising a specific machine within a corporation, but their customer laid down some requirements that "excluded the use of social attack vectors based on social networks, telephone, or email and disallowed any physical access to the campus and surrounding areas."
Because the dangers of USB stick malware are becoming better understood, what Netagard wound up doing was making a mouse with an embedded piece of hardware to infect the machine as soon as it was plugged in. The reasoning here being that someone's more likely to plug in a mouse thoughtlessly than a USB stick. They called the device Prion (Note that the images are broken on the blog entry as of writing this, for some reason. But the text is the interesting part).
ZDNet has a story here, though it's a scant one.
Running a Google search for any term will display the notification if you're infected. Otherwise, this particular strain of nasty probably hasn't touched you.
Internet Explorer 9 really has stepped up the security game in a number of ways. To be fair, this test was about URL blocking, less than it was about browser flaws/exploits, but prevention can be extremely effective in situations where social engineering is the primary vector. It's just a shame that IE still carries a heavy stigma with it. The most blanket advice I see about security on various sites and message boards is still "Use Firefox instead of IE". I maintain that any browser is going to be as secure or vulnerable as you make it, and that IE can be a good, solid choice if configured and updated correctly.
Here's another interesting, if old, discussion. A while ago there was an article published about how the password "This is fun" would be more secure than "J4fS<2". I'm not going to link to this article, because it is incredibly wrong and misleading. Instead, I'll link to Troy Hunt's evisceration of that article, wherein he discusses that entropy is still king when it comes to (relative) password security.
It's an excellent read, and goes into detail about brute-forcing techniques, rainbow tables, and dictionary attacks. His ultimate conclusion, though, is "The only secure password is the one you can’t remember". Nevertheless, I recommend reading it, if just to dispel the myths about how brute-force attacks work (Hint: No one sits at the GMail login page and attempts to crack passwords remotely).
My computer is not obeying me when I click on a Google result. Instead of going to "delicious beef jerky recipes" on the website I want, it loads up "vice-presidentliquid.com or verseinequality.com" or some other ridiculous result. I've run microsoft security essentials, windows defender, and malwarebytes but none of those have picked up anything.
Any suggestions?
Certainly the right place to ask! Sounds like a Google redirect infection, which is sometimes caused by TDL3, a rather nasty rootkit/bootkit. If you are infected with TDL3, then none of the antivirus/antimalware solutions you listed would be able to see it.
As a recommendation to begin with, I'd start with running a scan with TDSSKiller. Run it once in normal operation, which will ensure you've got the latest version. Then try running the same tool in safe mode - but ensure you've started safe mode without networking. As another measure, you can try running Hitman Pro, which is also pretty good at sniffing out rootkits.
If either of these tools find a TDL3 infection (or any rootkit), they will offer to remove it for you. You can do that if you want, but my advice in any situation where a computer has been infected with a rootkit is to backup and reformat the machine (complete reformat - NOT just a reinstall of the OS) as soon as is convenient for you. Rootkit compromised machines just can't be trusted after the fact, owing to the level of access the infection's been provided with. Opinions on this matter vary widely, so obviously take the course that you feel best with. If you opt not to reformat, be sure to run MSE and Malware bytes after the rootkit's been removed. Rootkits tend to open the door for a number of other nasties, ones that TDSSKiller won't find or remove.
If the tools turn up with nothing, or you still see a redirect after rootkit removal, you might try looking at your HOSTS file (See Wikipedia for explanation and file location, depending on OS), and see if anything nasty has pointed www.google.com to some look-alike domain. Essentially, you shouldn't see anything in your HOSTS file for www.google.com at all.
The most interesting fact on there is by far how much search engines are used to spread malware. Google Image Search in particular seems to be the big culprit these days for spreading around the nasties. Perhaps they're not too far off when they say "Image searchs are the most dangerous activity users can engage in on the web."
Most malware/viruses attack third party plug-ins now, the browsers themselves are all pretty secure. And because several plugins are written for multiple browsers, and the exploits work in each of the browsers equally, virus/maleware makers are finding it a better vector of attack.
Why attack IE when you can attack Adobe Flash which is installed on 96% of computers connected to the internet? Far greater than IE's share. In a way the stigma IE has is a good thing, simply because it helps expand the alternatives, which means a virus that does target a specific exploit in a specific browser is going to cause less overall damage.
The interesting part of that article to me is the introduction of Application Reputation in IE9, and according to that study 100% of (social engineering) malware was blocked between smart screen and AR.
wow.
This is one of the reasons I'm still using Spybot SD. It's the only malware cleaner I've seen that checks the HOSTS file and locks it.
But generally no, you can never be certain its 100% gone without a reformat. But in a general sense you are probably safe right now especially if several other scanners didnt pick up anything.
I've just started an internet security subject, so I'm in the awkward phase where I know a lot of terrible things that can go wrong, but I don't know much of anything else, so when MSE warns me about stuff I get super-paranoid.
It's a Wi-Fi hacking, Password cracking, Cell phone jacking UAV?