what is a bigger problem?viruses or spyware?

[grim_reaper1]

Porn, porn sites, pictures, video clips, etc... are all major platforms for spreading spyware, adware, malicious code and scripts, and yes, mp3's have even started showing up carrying destructive payloads. I also have never had anything make it onto my personal box, but I service many clients who are not so fortunate. You must educate yourself in order to protect yourself. You may feel free to visit my website, currently undergoing some new renovations and additions @ www.centcomcomputers.net.

I hope you can find something there that will help, and more info to come later.

[Und3ertak3r]

UGH.. you need a better colour scheme.. ((that is a bit of the Pot calling the Kettle Black)

A lot of the Adware crap Is NOT comming from Porn sites, while the Virii are comming from email and p2p downloads.. a very small number of the recent removals I have done are not Porn site related.. ie dialers..

Could you send me a active-Virus infected picture please.. haven't seen one yet..
well one that didnt need an active decoder prog on the recipients machine..

BTW.. what has happened to Gator? I havent seen it on a system this week..

Cheers

[grim_reaper1]

I don't know, I kinda like the color scheme I chose. Anyway, I could send you a virus infected picture in any of several formats, but I refuse to do so due to the fact that I have a business to run and my integrity means everything to me. But, let me explain how this new threat is being done. A program called binder can 'bind' two files together, and can institute any attribute to either file. The malicious file is bound with the carrier file or host file, which can be of any file type, and when the host file is opened, it executes the malicious code. This is all done in the background, hidden. I have tested this on several test rigs and so far, it has gone undetected by every single anti-virus software program out, from the free AVG to Panda, Norton, McAfee, etc... I must state again, the host file does not have to be an executable, it can be a .gif, a
.jpeg, anything, and when opened, can do anything the malicious file is designed to do.

This is somewhat similar to the new Netsky.V variant which does not even need to be an attachment to run on an unsuspecting person's computer.

[The Duck]

I was going to say the same thing, your choosing of colors is bad.

Gater...lol...now that brings back some memories, I actually havent seen it in a while myself. Nowadays I just see bad cookies.

I have to agree with Und3ertak3r, most people who make porn sites arent smart enough to figure out how to configure there site to force maleware into peoples' computers lol.

Wow grim, thanks for the heads up on this new form of attack.

[TheSpecialist]

ummm no... I have never heard of malware under those formats. Of course there are always buffer overflows but come on... this did happend but was under MIDI not MP3 this was well over a few years ago but agian because of unchecked buffers in the programs that ran these files. It didn't really have much of a impact infact most malware under that format never even made it very far out of the VX labs. Im not saying its impossable... I just don't think you fully understand how this would work in the real world and I just dissagree with your "major platform for spreading malware".

[edited]
Netsky? Most browser based exploits are nearly same. You base64 encode your executable files, place it on the system, then find a way to execute it. Which this time its exploiting the XML Page Object Type Validation vulnerability in order to execute it I beleave. Actually I think you'd find that XSS has more in common with buffer overflows than this...

[Und3ertak3r]

grim_reaper1

A program called binder can 'bind' two files together, and can institute any attribute to either file. The malicious file is bound with the carrier file or host file, which can be of any file type, and when the host file is opened, it executes the malicious code.

yes i know that but I asked:

Could you send me a active-Virus infected picture please.. haven't seen one yet..
well one that didnt need an active decoder prog on the recipients machine..

What I meant.. that didn't need the binding prog.. the decoder.. when did we read about it? 18months ago.. so you have encountered it fine.. but you havent seen one that executes ONLY from the Picture file..

And you are behind the times

Netsky.V variant which does not even need to be an attachment to run on an unsuspecting person's computer.

Check out Klez/elkern.. they depend on a vulnerability that has, what 1 or 2, patches over the past 2 years.. yes klez is atleast that old now.. but then I suppose it isnt supprising that many people are still unpatched after that time..

I refuse to do so due to the fact that I have a business to run and my integrity means everything to me

What do you think.. I will sue your arse off.. perhaps? zip it and lock the file.. send the key in another message.. forwarding a infected file to other professionals is part of my daytoday.. it has a lot to do with my integrity.. That being, being sure that i have done all that i can to have my customers clean of their infections..... see what may be detected by the various AV scann as nesky.q.. may infact be netsky W or X or Y or Z.. and the difference maybe a backdoor component that may not be removed and worse..

So do i take it you Trust 100% what the AV companies tell you?

I just use them as a guide..

As for the colours.. you do want YOUR customers to read the information on your site..don't you?.. What age group will most of them be in? 12 to 19? or 30 to 45? It's not about what colours you like.. it is more what your clients find easy to read.. Your webpage will most likely be their first port of call..before ringing ypu.. but with very bad Font/colour selection.. it will be a click on their way to someone else..

Cheers

[The Duck]

I have to agree with undertaker, me being a web designer/developer myself, it really doesnt matter what color scheme YOU want it to be, it's whats easy and professional for the customers.

Undertaker, your leaning more towards agreeing that there is a way to do this, or at least has an open mind to this attack.

Specialist, you say it mostl likely cant be done and if it can it wouldnt be a real threat.

So which is it???

[phishphreek]

My understanding of viruses that might be in the form of .gif or .jpeg or which have you...

The image may be infected but unless there is a program loaded to actually execute the code in the image, it won't do anything. So, the image would have to exploit a bug in some program for it to run? IE, mspaint, macromedia fireworks, photoshop, gimp, whatever.

Or, there must be a completely different program loaded that will inspect the image being opened/viewed and then execute the code if the image is infected.

grim_reaper1 I'd (along with many others here) be very interested in learning more about what you're claiming. Which methods did you use (I know a binder... thats not new) and in which environment? Which viewer allowed the execution of the virus? Does it work just on m$ platforms? (guess this depends on which platform the virus is designed )

If you don't want the everyone to know... open up a Private Conference Rooms and invite who you want. http://www.antionline.com/confroom.php?s=

[grim_reaper1]

OK, let me explain a little bit better. Using the binder prog, the pic wouldn't need to be 'executed', only viewed, using any prog, even microsoft fax and picture viewer. When it binds the two progs together, you can choose to run the malicious file hidden when the host file is open, and choose which directory the malicious file sends itself to. Such as Windows dir, or System dir. If anyone would like an example for TESTING purposes, I will mail out test files upon request.

[TheSpecialist]

Specialist, you say it mostl likely cant be done and if it can it wouldnt be a real threat.

Ummm... no duck, I explained how someone could make it work. Meanwhile he claims to explain stuff that only adds more flaws into what he said. Like the first time around what he was basicly saying was that this was a current threat and a major platform for virii... so popular infact that no one has heard of it. Well the thing about buffer overflows is... for this kinda thing you going to need to exploit explorer, netscape, paint, microsoft fax/picture viewer, & the countless *.gif editors out there. These are all different programs therefore they would need various styles of overflows in one file to work for *cough ("everything?"). Besides overflows you could rename a file to executable.rtf then have a entirely seperate program/script to tweak a few things for example file associations or rename it back to executable.exe or whatever.

But if this guy were serious he would have already walked the talk by now... Email is a private thing. Make this public if you have it show it. I even gave a few examples of how under the right kinda things you could make it work. But then he makes posts like the one above and basicly repeats what has already been said only he adds flaws in his comments that clearly shows he has no ****ing idea what he's saying except for the parts where he says: "I got l33t skiddie progs". So grim, I hope by now you are at the very least knowledgeable enought to understand why no one takes you seriously. Or you could just argue with yourself and show how confused you are intil the end of time.