Rootkit author offer fix for MS patch problem
in [Windows XP]
|
Prev: WinXP Driver Issue
Next: can't delete program
From: HeyBub on 18 Feb 2010 14:48 Daave wrote: > HeyBub wrote: >> "According to security vendor Prevx, the authors of the rootkit which >> was the cause of a large number of unbootable systems which applied >> the MS10-015 patch issued last week have issued a patch to fix the >> incompatibility." >> http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php >> >> All your roots belong to us... > > OK, so here's the plan. > > I will shut off my firewall and disable my AV program. I will then > intentionally get infected with that particular rootkit. Then I will > download and install the patch that the authors of this rootkit issued > last week so that when I apply the MS10-015 patch, I won't get the > BSOD. Cool! No more incompatibility! Right. As I understand the problem, the rootkit authors coded an absolute address for a critical Windows function; this address was changed by the Microsoft update. The rootkit authors then went back and made the address a variable to be deduced at run time, thereby making their product more robust. This is not the first time Microsoft has changed an un-documented item to the cost of developers.
From: PA Bear [MS MVP] on 18 Feb 2010 15:14 I think it disingenuous at best to consider malware writers & botnet owners "developers." HeyBub wrote: <blithersnippage> > This is not the first time Microsoft has changed an un-documented item to > the cost of developers.
From: David H. Lipman on 18 Feb 2010 17:32 From: "PA Bear [MS MVP]" <PABearMVP(a)gmail.com> | I think it disingenuous at best to consider malware writers & botnet owners | "developers." I second that ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Jose on 18 Feb 2010 17:47 On Feb 18, 3:14 pm, "PA Bear [MS MVP]" <PABear...(a)gmail.com> wrote: > I think it disingenuous at best to consider malware writers & botnet owners > "developers." > > HeyBub wrote: > > <blithersnippage> > > > > > This is not the first time Microsoft has changed an un-documented item to > > the cost of developers. Their efforts are sometimes clever, usually merely annoying and fairly easy to outsmart. I think there is some sick, twisted and perverted reward (there - that's all the good words) and competition between the authors to see who can be the most likely to induce a complete reinstall of Windows when some person on the receiving end is unable or unwilling to try to figure out their products and fix the problem and just gives up. Victory is theirs! They could certainly be malicious and destructive if they wanted to be, but so far... they seem to be mostly just annoying.
From: VanguardLH on 18 Feb 2010 20:21
HeyBub wrote: > "According to security vendor Prevx, the authors of the rootkit which was > the cause of a large number of unbootable systems which applied the MS10-015 > patch issued last week have issued a patch to fix the incompatibility." > > http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php > > All your roots belong to us... So rather than get RID of the rootkit malware, users are expected to get an update to the malware. Uh huh. In similar manner, put the malware authors up against a wall and I'll SHOOT them in their heads with hollow-point bullets. Then I'll offer to remove to the flattened bullets, bend them into a slightly different form, and then hammer them back into their dead brains. Works for me. |