|Re: What's next? Getting a computer to kill it's user? (945200)|
|Home > OTChat|
Re: What's next? Getting a computer to kill it's user?
Posted by SelkirkTMO on Tue May 29 19:27:47 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by 3-9 on Tue May 29 14:28:46 2012.Well ... here's the infection stats map out of Kaspersky Labs ...
Been covering this since yesterday for Infosecisland.com, and we're learning now that this virus has been around since the summer of 2007. Shame on the antivirus companies for missing this one, now that I've seen the code, it was pretty bloody obvious that this was malware and signs of it were QUITE visible with even the most rudimentary scan of a system. It's an ACTIVEX control!
I mean really ... is there anyone anywhere who still ALLOWS ActiveX to just run without so much as a warning box popping up?
The code itself is highly UNsophisticated, it's written largely in Visual BASIC. Only thing "special" about it is that it was wrapped in an encrypted, compressed package. But it leaves obvious signs of network activity, and lives in the TMP folder. Its biggest secret to being undetected is that OCX files aren't normally scanned by antiviruses.
When I wrote our BOClean product years ago, a very simple means was provided in my code to determine whether a file was an executable or not regardless of its name or file extension. EVERY file, no matter what its "type" has to have three magic characters at the very beginning of a file. It it starts with MZ, then it's an executable and should be scanned.
And folks wonder why we wrote our own operating system where none of this can happen. :)