BIOS infection - an item for discussion
in [Viruses]
|
From: ~BD~ on 20 Jun 2010 10:21 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:hvl6n30838(a)news4.newsguy.com... > From: "~BD~" <BoaterDave.(a)hotmail.co.uk> > > > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > | news:hvl5g6029k(a)news4.newsguy.com... >>> From: "~BD~" <BoaterDave.(a)hotmail.co.uk> > > >>> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message >>> | news:hvl08q01f2l(a)news3.newsguy.com... >>>>> From: "~BD~" <BoaterDave.(a)hotmail.co.uk> > > >>>>> < snip > > >>>>> | Using Trend Micro 'Housecall' I identified >>>>> 'Trojan.Java.ByteVer.R' >>>>> as >>>>> | the possible culprit. Here's an old item to confirm this: > >>>>> < snip > > >>>>> That's just exploit code affecting Sun Java. > >>> | Which means .......... what, David? > >>> | Let's assume that I had Sun Java installed at the time. > >>> | Are you implying that my identity theft was a result of something >>> else? > >>> Yes ! > >>> That was just exploit code. The questions are... >>> - was the PC vulnerable ? > > | Probably - isn't *any* computer connected to the Internet? <smile> > > | I had been using AVG Anti-virus, Ad-aware, Spybot etc +PrevX > > | At that time I was using a Modem supplied by Freeserve - not a > Router! > >>> - was the exploitation effective ? > > | It seems so ............ > >>> - what was the end result of the exploitation (if the exploit was >>> effective) ? > > | ............ somebody stole my money! > > | I did get my money back - eventually! It was only *then* that I > received > | threats and involved the police. > > > I won't answer your stupidity because you keep adding; > alt.politics.scorched-earth > I don't honour your troll activity. David I add it because I perceive that there *is* a connection between what happened to me and some of the folk 'watching' at SE. It is, of course, your prerogative to withhold advice/comment, but I cannot see why you care one way or another why I choose to include the group of people I have assembled at Scorched-Earth. It has taken me much time and effort to achieve this! Maybe it's simply because you have no answers. <shrug> -- Dave BD
From: ~BD~ on 20 Jun 2010 10:28 Please log this post, David Lipman ************************** Just so that the wrongness of BD posting people's simple information is proven - since he has so graciously provided us with so much information on himself expect to soon find his boat floating aimlessly, containing the bodies of he and his wife with their throats slit ear to ear. Path: eternal-september.org!feeder.erje.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!news.wiretrip.org!news.dizum.com!sewer-output!mail2news From: Anonymous <nobody(a)remailer.paranoici.org> Newsgroups: alt.politics.scorched-earth Subject: Re: Is this really your home, Dustin? References: <ga8Tn.38077$OF3.15916(a)hurricane> <hvj3g6$u1g$1(a)news.eternal-september.org> <Xns9D9C98A6FC79DHHI2948AJD832(a)69.16.185.250> <hvj4n4$9de$1(a)news.eternal-september.org> <Xns9D9C9C017AACDHHI2948AJD832(a)69.16.185.250> <hvjb1h$of$1(a)news.eternal-september.org> Message-ID: <bfcd38f580ac13f2e8fbf184472ec655(a)remailer.paranoici.org> Date: Sun, 20 Jun 2010 14:07:03 +0000 (UTC) Mail-To-News-Contact: abuse(a)dizum.com Organization: mail2news(a)dizum.com Xref: eternal-september.org alt.politics.scorched-earth:27528
From: David H. Lipman on 20 Jun 2010 11:14 From: "~BD~" <BoaterDave.(a)hotmail.co.uk> | Please log this post, David Lipman N O ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 20 Jun 2010 18:15 "~BD~" <BoaterDave.(a)hotmail.co.uk> wrote in message news:hvl8hr$pd9$1(a)news.eternal-september.org... Mail-To-News-Contact: abuse(a)dizum.com ....not that it will do you any good, but it is the only way. Involve the local police authority (if you haven't alienated them).
From: "FromTheRafters" erratic on 21 Jun 2010 10:32
"~BD~" <BoaterDave.(a)hotmail.co.uk> wrote in message news:hvkrhn$4qn$1(a)news.eternal-september.org... > It is heartening to know that you have actually read and *remembered* what > I have said in the past, FTR! I, too, like to try to understand people and what motivates them, I tend to use a more passive approach than you do though. That is not to say that I haven't on occasion 'stirred the pot' just a little. :o) >> Rationalization - if it is possible for malware to reside this deep, that >> must have been what *I* was afflicted with, and it's a good thing I fed >> the computer into the woodchipper. > Folk here in the alt.comp.virus group are entitled to hold whatever views > they feel appropriate. Most seem to ridicule the idea that malware can > only reside on a hard disk and assure me that it can survive nowhere else > within a computer. Most of the antimalware industry deals with the kind of malware one can generally expect to be exposed to. Malicious hacks (or other targeted attacks) that subvert your firmware might just as well be nonexistent. If and when someone puts together a malware entity capable of affecting a wide variety of firmware, *then* they will take it seriously. Think of how much information would be needed to give the malware the ability to "know" the addresses and routines necessary to affect changes to all of the BIOS and Option ROM chips whos code is accessible during the bootstrapping process. The mobile code malware couldn't very well carry all that information internally, I'm thinking a central repository would be needed. Such an entity would hardly go unnoticed for long - and the repository is the Achilles heel of the malware's ability to thrive and would have to be de-centralized or mobilized itself. That's an awful lot of work when a simple "click here to rid your computer all the nasty malware I pretend to find" works just as well. Persistence appears overrated when it is so easy to just re-infest. > As I've mentioned already, a real-life pal from IBM has assured me that is > *not* the case - as did the police of our then High-Tech Crime Unit after > I had suffered a monetary loss of �245 via identity theft back in 2005. *Both* of them should be able to identify such a malware by name if either are true authorities on the subject. Some oddball malicious hacks might do something with firmware, but that is not the same thing as a malware instance. > Using Trend Micro 'Housecall' I identified 'Trojan.Java.ByteVer.R' as the > possible culprit. Here's an old item to confirm this: > > http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2007-08/msg00263.html > > My subsequent research of Malware has convinced me that once a machine has > actually been compromised, one can never be 100% certain that it is > 'clean' - no matter *what* cleaning tools are used! Compromised by a malware atack? That would depend on the malware involved. Compromised by a determined hacker, I would include verifying the firmware as part of the cleaning process. |