|
-
August 18th, 2004, 09:17 PM
#1
Member
New supposable virus/trojan
http://forums.spywareinfo.com/index.php?showtopic=6056
Um... ok...
I really don't believe that it's true. But, if it is, I say that we install .50 cal machine guns at all PC service stores.
Tell me if you think I\'m spamming or doing something stupid, please.
-
August 18th, 2004, 09:30 PM
#2
Not for nothin but this is a piss poor post. Call me moody or cranky but why not add some useful information rather than a link to a message board.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 18th, 2004, 10:23 PM
#3
I just read the whole thread hoping against hope.... (5 pages I might add), that someone would do something right..... No-one seems to want to even though a few amongst them want them to post specifics... ok... there was one... a linux kernel start dump that was immediately refuted as normal.....
Methinks it's a lot like the "TCP flaw that will bring down every router on the internet and bypass them and get every machine on the internet", (or theories to that effect), that went around a few months ago..... It withered on the vine as this one will since there is even less critical thought being put into this.....
As one person mentioned..... Where are the vendors and heavy hitters on this? People in the thread claim to have been "battling" it for over a year..... Yet no-one else has seen it.... 
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 18th, 2004, 10:31 PM
#4
Hmm,
239.255.255.250 port 1900 is the simple service discovery protocol (SSDP), using multicast to locate a gateway. It is "normal".
This will fire off when you are not connected to the internet, and even ZoneAlarm free edition will detect and report on this activity.
As far as I know this happens in WinME and WinXP?
maybe a free firewall would be more effective than a .50cal, and turn off UPNP, whilst you are at it?
-
August 18th, 2004, 10:40 PM
#5
Johhno... Just back from the pub? How was the wine?
Yeah, I don't know if you read the whole thing but it comes across as a serious comedy of errors.
There seems to be no "method" to the investigative "madness" just a frenzy of "let's change this and that and see what happens". There's one chap, (pilloxx or something), that seems to have a clue as to how things work and how to proceed and the rest seem to be lost sheep that are determined to avoid his questions and method.
As an "issue" this fits perfectly in the "fire and _forget_" category at this point.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 18th, 2004, 10:55 PM
#6
It is the worst one on the net because it hit HIM..
This Malware is not the first and is not the Last to use various vectors to keep the users machine F****d.
It has obviously written itself to the BIOS (not just the cmos mem) - needs to clear the CMOS then Flash the BIOS
Next a Low level Format of the HDD, then partition and format.
And finaly stay the F**k away from Warez Sites
I have only had to go to this level once in the last year ..
Did a search on the Trojan his AV claimed to have detected.. only found a couple of forums mentioning it but no real info from the AV co's
but that didn't suprise me..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 18th, 2004, 11:09 PM
#7
Undies.... Funny.... I started a response, went back to look at something... saw there was 5 pages and stopped my initial response until I read the whole diatribe.....
My initial response started:-
"Firstly, if Undertaker had written this I might wish to take it seriously...."
Having read the whole 5 pages I'm not convinced that there is a high level threat in the wild that is "unstoppable". There may be something out there that, with a certain combination of circumstances, requires such drastic measures as you had to take but I don't believe for a second there is a serious threat from an active source that has only been noticed by three or four people, randomly, across the whole internet.....
I'll follow your lead where this stuff is concerned.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 19th, 2004, 12:16 AM
#8
Johhno... Just back from the pub? How was the wine?
Hi Tiger~..................I think that damn trojan got into my house and drank all my wine and beer 
Undies could be right about it having infected/flashed the BIOS, but the question remains: why so few reports (anecdotal at that?).
It sounds like a combination of circumstances coupled with a good dose of mass hysteria, urban legend, and ignorance to me.
I picked on 239.255.255.250 port 1900 because that has been around for a long time AFAIK it is a windows thing, and will not take you anywhere?
just my thoughts...........I agree about the thread though, this is how urban legends start is it not?
Cheers
-
August 19th, 2004, 12:19 AM
#9
[off-topic] Nihil: HOLY ****! Where you been man? Damn, I haven't seen your misunderstandable language in so damn long. You gotta come back to AO more often and lay the drink down, no?  [/off-topic]
Oh, and btw to the original poster of this thread: I agree with horseman. Why post a link to a thread at another forum and give no feedback..?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
