Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Gameover ZeuS Re-Emerges As Fast-Fluxing Botnet

Soulskill posted about 3 months ago | from the game-not-quite-over-after-all dept.

Botnet 62

New submitter tylke (621801) writes: "Brian Krebs is reporting that the Gameover ZeuS botnet recently taken down by the U.S. Justice Department in June has re-emerged. The new variant of the Trojan is "stripped of the P2P code, and relies instead on an approach known as fast-flux hosting," a kind of round-robin technique that lets botnets hide phishing and malware delivery sites behind a network of compromised systems. Krebs says, "[T]his variant also includes a 'domain name generation algorithm' or DGA, which is a failsafe mechanism that can be invoked if the botnet’s normal communications system fails. The DGA creates a constantly-changing list of domain names each week (gibberish domains that are essentially long jumbles of letters). In the event that systems infected with the malware can’t reach the fast-flux servers for new updates, the code instructs the botted systems to seek out active domains from the list specified in the DGA. All the botmasters need to do in this case to regain control over his crime machine is register just one of those domains and place the update instructions there." (Disclosure: I work for Malcovery Security, the company credited with identifying the new variant.)

cancel ×

62 comments

Sorry! There are no comments related to the filter you selected.

Just to be clear... (1)

djupedal (584558) | about 3 months ago | (#47432775)

'fast fluxing' is the result of zombiefied router storms gone rouge.

Re:Just to be clear... (4, Funny)

Deadstick (535032) | about 3 months ago | (#47432825)

Well, as long as they don't go eyeliner...

Re:Just to be clear... (2)

gstoddart (321705) | about 3 months ago | (#47432897)

Or, worse, guyliner.

THis is caused by the counterrevolution in USSR (1)

For a Free Internet (1594621) | about 3 months ago | (#47432787)

1992 - return to the road of Lenin and Trotsky! FOr nwew October revolutions!!!

Can they use this to reclaim the zombies? (1)

Joe Gillian (3683399) | about 3 months ago | (#47432853)

The article from Brian Krebs seems to indicate that this new variant of Gameover can interface with the old one somehow, and be used to recover all of the infected computers that were part of the original Gameover botnet. Is this true, or is this an attempt to re-build the Gameover Zeus botnet from scratch?

Re:Can they use this to reclaim the zombies? (2)

GarWarner (1676334) | about 3 months ago | (#47434915)

When a botnet uses a DGA (Domain Generation Algorithm) it is usually for the purpose of reconnecting "lost bots" or to avoid the need to have a hard-coded Command & Control server address. But in this case, the original GameOver Zeus can't be recaptured because all of the domains that can be generated by the GOZ DGA have been "locked up" by the FBI's case. The Temporary Restraining Orders (TRO) that were issued prevented any ICANN Registrar from registering any domain that would be used in the "near future" by the DGA. (By understanding the DGA you can feed it future dates so it can spit out the domains it will use later - at least many weeks worth of domains were included in the court order.) The problem was that some of the original GOZ DGA domains were ".ru" and you can imagine that the Department of Justice really can't give orders about what happens with ".ru" domains. The TRO handled that aspect by ordering the largest ISPs in the US to forbid any of their customer computers from being able to talk to those domains. Some of this was handled by routing DNS requests for these domains to .gov controlled computers while others were handled by ISPs and security companies monitoring for traffic trying to reach those domains and issuing information back to the customers to help them get their machines cleaned up. (If you really want the geeky legal stuff, I wrote much more about that here: http://garwarner.blogspot.com/... [blogspot.com] ) Anyway, all of that to say, the *NEW* GOZ has a DIFFERENT DGA, but the *ORIGINAL* GOZ bots don't use that DGA, so there is very little chance of a reconnection. While Malcovery did prove that at least 5 of the 1,000 domains generated by the NEW DGA were ALSO on the old DGA, those domains are "locked up" as above and can't be used. We've already had good response from the security community with people beginning to "sink hole" some of the newGOZ DGA domains to identify what level of infection there may be already and to work hard on terminating the handful of domains the criminals have registered from that list so far. I hope that answered your question ... I suppose the better answer might have been "No." Gary Warner (full-disclosure - a Malcovery employee)

Very nice... apk (0)

Anonymous Coward | about 3 months ago | (#47436141)

Very correct as well - glad to see someone here KNOWS THEIR SHIT on this issue too: Keep spreading "the Good Word"... I have been, see my 'p.s.' & the link in it below!

APK

P.S.=> Just by "doing MY part", in conjunction with the security community -> http://it.slashdot.org/comment... [slashdot.org] (I.E. - folks just like you - We're the REAL "good guys", no questions asked...)

... apk

This stops ALL zombies (old/new) + Zeus (0)

Anonymous Coward | about 3 months ago | (#47437601)

It has been for years now since the year 2004 or so regarding Zeus & other botnets:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of benefits in link)

Summary:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity/room 4 breakdown,

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth... [mozilla.org] )

Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

And how does it get these domains? (0)

Anonymous Coward | about 3 months ago | (#47432863)

How the hell can you just register a billion different randomized domain names without attracting attention or incurring any cost?

Re:And how does it get these domains? (1)

chfriley (160627) | about 3 months ago | (#47432883)

They just need to register ONE of them to reestablish contact. They might even be able to use "domain tasting" to register a bunch and then cancel within 5 days.

Re:And how does it get these domains? (1)

tlhIngan (30335) | about 3 months ago | (#47433715)

They just need to register ONE of them to reestablish contact. They might even be able to use "domain tasting" to register a bunch and then cancel within 5 days.

Domain tasting is no longer possible - ICANN started charging 25 cents per domain registration years ago to counteract domain squatting where they'd register a bunch of domains, see if they make money, and return them if they don't.

By charging 25 cents always, it seems to have cut down the practice immensely because you need to register thousands of domains at a time, and that costs real scratch.

Re:And how does it get these domains? (1)

Opportunist (166417) | about 3 months ago | (#47434363)

Peanuts compared to the revenue. We're talking millions here.

That's no big deal? Why?? Here is why (-1)

Anonymous Coward | about 3 months ago | (#47436173)

I stop them COLD, every single day + for YEARS now & yes - it really works -> http://it.slashdot.org/comment... [slashdot.org] on a VERY simple principle (the best things, NOT the complex ones, do):

"What you can't touch, can't touch you" (or communicate back to "mama", even IF you have one already: Bonus!)

(Especially vs. "FastFlux" &/or "Dynamic DNS" utilizing botnets - the worst + most advanced types - just so YOU don't end up an enslaved FOOL + TOOL used by this bogus machination...)

APK

P.S.=> You can too, but as I've said in another reply here today on this issue? I can lead a horse to water but, I can't make him drink... apk

Re:That's no big deal? Why?? Here is why (0)

Anonymous Coward | about 3 months ago | (#47440031)

You are a spamming little piece of shit.

You're more than welcome to validly disprove (0)

Anonymous Coward | about 3 months ago | (#47440737)

My points on hosts below. You're either a botnet herder/malware maker, advertiser, inferior competitor, or possibly webmaster who's out of effete downmod points too (here goes):

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of benefits in link)

Summary:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity/room 4 breakdown,

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth... [mozilla.org] )

Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

Re:You're more than welcome to validly disprove (0)

Anonymous Coward | about 3 months ago | (#47449435)

I am none of them, you just really piss me off with your spamming and should be banned from /. for it.

I have said it before, you act as if you are a hero of the IT community with this poor piece of coding, negating anyone who understands what you are going on about and dismissing known security software and experts. Adding or deleting entries from the host file does not make you a good programmer, nor an innovator.
Nobody is interested in your shit software because instead of creating natural interest, you constantly spam it everywhere you can. I'm not interested in the source or the application as your software can be be built in about 5 minutes. Just get over yourself, you remind me of the spaghetti code guy who just didn't get it that his software was absolute shite, but thought everyone else was wrong. Difference here is that he was probably trolling, yet it seems you genuinely think you have a ground-breaking piece of software.

I can almost guarantee you're a young little skid with no true programming skills, just watching security posts from here like a hawk just so you can promote your POS software.

Ahem: *cough* BULLSHIT *cough* #1 of 2... apk (0)

Anonymous Coward | about 3 months ago | (#47453865)

"I can almost guarantee you're a young little skid with no true programming skills" - by Anonymous Coward on Monday July 14, 2014 @12:37PM (#47449435)

LMAO - "big talk", but it's clear to EVERYONE you have no balls (trolling me by ac posts), & you certainly can't disprove my points on hosts, running like a scared rabbit from that challenge, here -> http://it.slashdot.org/comment... [slashdot.org]

---

"I am none of them, you just really piss me off with your spamming and should be banned from /. for it." - by Anonymous Coward on Monday July 14, 2014 @12:37PM (#47449435)

1st: See subject-line above, vs. that quote. 2nd: Who cares what YOU think "Forrest" (as you run from -> http://it.slashdot.org/comment... [slashdot.org] )

---

"I have said it before, you act as if you are a hero of the IT community with this poor piece of coding, " - by Anonymous Coward on Monday July 14, 2014 @12:37PM (#47449435)

You've done a better program - especially for THIS topic? Show us... lol, you can't even disprove the points I challenged you to, for pete's sake, lmao!

APK

P.S.=> Chump, listen: Your idea of "experts"? I outright SCHOOL, regularly... especially on this very topic - nobody can TOUCH me, & they know it (including you, no balls off topic troll)... apk

Ahem: *cough* BULLSHIT *cough* #2 of 2... apk (0)

Anonymous Coward | about 3 months ago | (#47453931)

"negating anyone who understands what you are going on about and dismissing known security software and experts" - by Anonymous Coward on Monday July 14, 2014 @12:37PM (#47449435)

What "experts"? Like Wladimir Palant of "Almost ALL Ads Blocked"?? He wrote me, 1st mind you, stating "hosts are a shitty solution" - I wrote back:

"Show us AdBlock can do MORE than hosts files do in terms of security, speed, reliability, & anonymity, & that they can do all that, MORE EFFICIENTLY than hosts"

LMAO - he RAN like a scared rabbit!

I did so, from 2 diff. email accounts in reply to his weak bullshit... he ran, & THAT, is that.

A big name PhD & former "co-worker" of mine a decade ago when I took him down a peg in Microsoft's Dr. Mark Russinovich on Memory Optimization tech unfreezing & speeding up Exchange Servers no less with MS' OWN DOCUMENTATION no less!

More recently an MS VP ADMITTING I'm right on hosts & MS made a mistake too -> http://slashdot.org/comments.p... [slashdot.org]

Even MORE recently (but this guy I admire even though his tech in reactive antivirus' is dying vs. webbound threats, when hosts do NOT) in Aryeh Goretsky of ESET/Nod32 won't take the challenge I put his way here -> http://it.slashdot.org/comment... [slashdot.org]

Symantec/Norton, McAfee/Intel, ClamAV, Comodo, & ArcaVir made mistakes calling APK Hosts File Engine a "virus" & I told them where they f'd up!

Guess what - THEY HAD TO RESCIND THAT false positive on the exact grounds I noted also, & declare me clean (MalwareBytes' hpHosts folks backed me up too + recommend my ware as "best of breed' vs. your b.s. -> http://hosts-file.net/?s=Downl... [hosts-file.net] ).

APK

P.S.=> Your idea of "experts"? I outright SCHOOL regularly on this topic: Nobody can TOUCH me, & they know it (including you no balls off topic troll) - the "proofs thereof" are directly above (which the off-topic no balls ac trolling "likes of you" (the cowardly LOWEST of the LOW online) will NEVER, ever do (& you know it))... apk

Guess I have to say it again (0)

Anonymous Coward | about 3 months ago | (#47454045)

His program works perfectly against the threat in Zeusbot. It's on topic, you're not, troll http://it.slashdot.org/comment... [slashdot.org] and you're just jealous and wish you were apk, or you are a botnet master, inferior competitor, advertiser, or webmaster who loses views since his app gets you speed and security back against banner ads (good and malicious code infected ones) and reliability against downed or dns poisoning redirected dns servers, and even anonymity against dnsbl or dns request logs. Have you done better? Have you proven apk's points wrong? No to both. You're just a trolling whimp.

Lastly in regards to this line of bs from you (0)

Anonymous Coward | about 3 months ago | (#47457321)

"you act as if you are a hero of the IT community" - by Anonymous Coward on Monday July 14, 2014 @12:37PM (#47449435)

Did I ever SAY I am "a hero"? Not once: Thanks for projecting you think of me thus though - & me, from ME??

Heck - I am just a regular guy, albeit vs. online treacherous ac trolling weasel LAZY SCUM like you???

Unlike your lazy big talk do zero ass, I actually got off my ASS & did something about it!

(Something which works vs. Zeus + other FastFlux threats, as well as Dynamic DNS using botnets too - it's so good, you can't face up to the challenge of mine to disprove my points on it (impossible, disproving TRUTH & FACT, always is)).

So, bigshot... How about you???? You've done better?????

Hell no. Prove otherwise - show us the proof of it.

APK

P.S.=> Slamming your ac coward TROLL off-topic illogical mouth shut on THIS & your other "so-called 'points'" has been truly, MY pleasure (always is, lol) - & your FAVORITE COLOR just has to be "transparent"... why? I easily see RIGHT thru you, Mr. botnetmaster/advertiser/malware maker/webmaster... easily, like an X-Ray on your soul (which you don't have a drop of) & a hubble telescope RIGHT UP YOUR TROLL ass... lol!

... apk

Useful ontopic posts of a free tool (0)

Anonymous Coward | about 3 months ago | (#47440801)

That does the job against fastflux botnets != spam. You're an off topic troll that's most likely a botnet master.

Re:That's no big deal? Why?? Here is why (0)

Anonymous Coward | about 3 months ago | (#47445499)

You are a jealous trolling big piece of shit that wishes he was apk.

Re:That's no big deal? Why?? Here is why (0)

Anonymous Coward | about 3 months ago | (#47447765)

Open SORES idiots spam Adblock here nonstop for years. Adblock is inferior hosts on many levels. Your point is what here? Go away trolling scum.

Re:And how does it get these domains? (0)

Anonymous Coward | about 3 months ago | (#47437155)

I stop them COLD, every single day + for YEARS now & yes - it really works -> http://it.slashdot.org/comment... [slashdot.org] on a VERY simple principle (the best things, NOT the complex ones, do):

"What you can't touch, can't touch you" (or communicate back to "mama", even IF you have one already: Bonus!)

(Especially vs. "FastFlux" &/or "Dynamic DNS" utilizing botnets - the worst + most advanced types - just so YOU don't end up an enslaved FOOL + TOOL used by this bogus machination...)

APK

P.S.=> You can too, but as I've said in another reply here today on this issue? I can lead a horse to water but, I can't make him drink... apk

Re:And how does it get these domains? (2)

dunkindave (1801608) | about 3 months ago | (#47432919)

You can't, but in order to regain control, all they need to do is successfully register ONE of them so when the botnet swarm tries to phone home it finds that one and they are back in business. Based on the summary, each week it tries a different list of random domain names so they can keep trying, week after week, until they succeed. I am also presuming these domains are spread across multiple TLD so it isn't just a matter of having the registrar for .com or .org block them. They would also need to get all the country TLD registrars to block the list as well.

Fast Flux (3, Informative)

Himmy32 (650060) | about 3 months ago | (#47432907)

The article linked to Wikipedia on what Fast Flux was:

The basic idea behind Fast flux is to have numerous IP addresses associated with a single fully qualified domain name, where the IP addresses are swapped in and out with extremely high frequency, through changing DNS records.

In case anyone else didn't know that was Fast flux was.

Re:Fast Flux (1)

dunkindave (1801608) | about 3 months ago | (#47432943)

The idea behind fast-flux is to make blocking or recognizing an activity based on IP addresses essentially impossible, since by the time the bad IP address is known, communicated, and entered into whatever system is doing the blocking or detection, the addresses have changed to a new set and the race starts over. 5 to 15 minutes is a common rolling period for these people.

Re:Fast Flux (0)

Anonymous Coward | about 3 months ago | (#47433073)

But once the algorithm becomes known, it's no better than a fixed IP address.

Re:Fast Flux (0)

Anonymous Coward | about 3 months ago | (#47436445)

You must work for Microsoft.

Vs. FastFlux or Dynamic DNS botnets? (0)

Anonymous Coward | about 3 months ago | (#47440755)

I don't even NEED that! Take a read, be enlightened -> http://it.slashdot.org/comment... [slashdot.org]

* :)

(To quote IronMan/Tony Stark regarding his "Arc Reactor"? This is the SAME: "It works...")

APK

P.S.=> "Onwards & UPWARDS", & enjoy should you elect to use it yourself (a good move vs. the most advanced threats out there per my subject-line above)... apk

Vs. FastFlux &/or Dynamic DNS using botnets? (0)

Anonymous Coward | about 3 months ago | (#47440765)

I don't even NEED that! Take a read & be enlightened -> http://it.slashdot.org/comment... [slashdot.org]

* :)

(To quote IronMan/Tony Stark regarding his "Arc Reactor"? This is the SAME: "It works...")

APK

P.S.=> "Onwards & UPWARDS", & enjoy should you elect to use it yourself (a good move vs. the most advanced threats out there per my subject-line above) - sorry for the double post - pasted wrong link last time... apk

Re:Fast Flux (0)

Anonymous Coward | about 3 months ago | (#47433055)

Amazon does this with S3. If you don't believe me, run host in a loop on one of the us-west servers, waiting about 10 seconds between invocations. Really makes it a pain in the ass to deny egress traffic but whitelist S3.

Re:Fast Flux (2)

GarWarner (1676334) | about 3 months ago | (#47434783)

Actually I tried to give an example of how the Fast Flux works, both generally and in this specific case, on this blog post this morning: http://garwarner.blogspot.com/... [blogspot.com] Let me know if you still have any questions about it . . .

This is the cure for it... apk (0)

Anonymous Coward | about 3 months ago | (#47435051)

ZeusTracker along with my "APK Hosts File Engine 9.0++ 32/64-bit" -> http://it.slashdot.org/comment... [slashdot.org] - which guess what? Works on those hostnames/domainnames (subdomains too of course), with absolutely current data from 12 reputable & reliable sources in the security community itself.

APK

P.S.=> Enjoy - it's 100% free, no tracking etc. or strings attached, & works on "FastFlux" AND "Dynamic DNS" using threats (the worst kind & most advanced designs of botnets basically) & yes, REALLY works (recommended as "best of breed" by the security community itself in MalwareBytes' hpHosts site @ the top of their page here http://hosts-file.net/?s=Downl... [hosts-file.net] )... apk

Windows or everyone? (1)

CauseBy (3029989) | about 3 months ago | (#47432991)

I stopped paying attention to botnet stories a few years ago. Are botnets still always on Windows or do Unix users (Mac, Linux) have to worry too? If it's still all Windows then I'm going to stop paying attention again.

Re:Windows or everyone? (2)

Albanach (527650) | about 3 months ago | (#47433051)

Of course linux is targeted. There are large numbers of linux servers, with fast processors and very fast high capacity network connections. Making matters worse, because they often to run important services, people may be slower to upgrade packages/kernels.

I don't know about this particular botnet, but it's been a long time since saying "I don't run windows" counted as a security strategy.

Re:Windows or everyone? (1)

NotInHere (3654617) | about 3 months ago | (#47433135)

There was even an almost pure UNIX botnet, that has pinged every ipv4 address in the world.

Re:Windows or everyone? (1)

lister king of smeg (2481612) | about 3 months ago | (#47433293)

Assuming we are talking about the same botnet, if i remember reading about it correctly it used a list of defualt passwords. If you are using a defualt password on any system you are going to get pwned hard.

Re:Windows or everyone? (1)

NotInHere (3654617) | about 3 months ago | (#47433613)

Yes it used a default password list.

Re:Windows or everyone? (0)

Anonymous Coward | about 3 months ago | (#47434127)

that is a pretty lame botnet.

Re:Windows or everyone? (0)

Anonymous Coward | about 3 months ago | (#47433085)

It was never JUST Windows, and the main reason for that is people like you that think that Linux doesn't get malware.

Re:Windows or everyone? (1)

Dishevel (1105119) | about 3 months ago | (#47434015)

People who say that shit are not using Linux. They are using Windows and trying to sound like they know something about tech.

Linux users are fairly smart, and value security.

I do not have to worry too much about viruses and bot nets but that is because I harden my systems so that people looking to get in can not. We all do it. Install only the components we need. Whitelist where possible. External firewalls and compartmentalizing.

Any decent Linux guy has a system that is fairly secure.

Re:Windows or everyone? (0)

Anonymous Coward | about 3 months ago | (#47434075)

And that is exactly the point, if you take security seriously, you problably be just fine with most OSes, but we all know that over 90% of the times the blame is between the chair and the keyboard

Re:Windows or everyone? (1)

Dishevel (1105119) | about 3 months ago | (#47434113)

To be fair though. A huge part of Linuxes good security is the ability to remove or never put in things you have no use for,

Not always so easy with windows.

ANDROID proves you wrong (0)

Anonymous Coward | about 3 months ago | (#47440027)

"Linux users are fairly smart, and value security." - by Dishevel (1105119) on Friday July 11, 2014 @04:21PM (#47434015)

See subject: Yes, Android IS a Linux variant stupidly running a Java/Dalvik based user interface - so, tell us another one... ok? It's being TORN UP, daily, by exploits, big talker...

APK

P.S.=>

"People who say that shit are not using Linux. They are using Windows and trying to sound like they know something about tech." - by Dishevel (1105119) on Friday July 11, 2014 @04:21PM (#47434015)

LMAO - ok: ANYTIME you want to "backup your b..s" with ME buddy? I am MORE than able & ready... anytime! Fools like you who generalize, don't realize there are folks out there who can run with ANYONE (& I've regularly knocked the chocolate out of "experts" in the art & science of computing, inclusive of some VERY "famous" PhD types also)... apk

Re:ANDROID proves you wrong (1)

Dishevel (1105119) | about 3 months ago | (#47449663)

All I hear is ...

"I'm a big man. Don't fuck with me. I can take out anyone. I am smarter than all."

from an AC.

Ok. You are awesome.

Feel better?

Yup, just like I thought... apk (0)

Anonymous Coward | about 2 months ago | (#47464849)

Lots of talk, no action & certainly NO disproving my points here http://it.slashdot.org/comment... [slashdot.org]

APK

P.S.=> After all: You're the "big man" who said this line of utter overly general BULLSHIT & can't back it up vs. my proofs against it:

"People who say that shit are not using Linux. They are using Windows and trying to sound like they know something about tech." - by Dishevel (1105119) on Friday July 11, 2014 @04:21PM (#47434015)

Funny how I pointed out that ANDROID (a Linux) is being dismanted & destroyed, abused daily (stupidly using a Java/Dalvik front-end user interface too) - which dismantles & DESTROYS you, + your b.s. quoted above, easily... apk

Re:Yup, just like I thought... apk (1)

Dishevel (1105119) | about 2 months ago | (#47470661)

Android is not Linux. It is forked off of Linux then has all kinds of phone only no security crap loaded. Still you could get really pedantic and state it is Linux anyways.

But what you can not do is state that everyone with an Android phone is a Linux user. Just as people with a smart TV are not Linux users. Trying to equate people with phones to Linux users in order to "Destroy" my point only proves you have no leg to stand on.

So go back into your parents basement and cry.

Ahem: Bullshit (Android IS a Linux variant) (0)

Anonymous Coward | about 2 months ago | (#47479191)

Read here - PERTINENT QUOTE right off the bat = "Android is a mobile operating system (OS) based on the Linux kernel that is currently developed by Google" -> http://en.wikipedia.org/wiki/A... [wikipedia.org]

* That ALONE, says it all...

When an OS uses a Linux kernel, it IS a Linux... & yes, "noobz" use it on phones, big time (& it's being TORN UP DAILY with exploits, in part largely to what I noted too - using Java/Dalvik as a front end, AND additionally have C code (to *try* make up for performance, when C++ would've been a BETTER choice, no questions asked)... however, even C++ & OOP can't protect you vs driver based exploits (ala rootkits).

(You fail!)

APK

P.S.=> Quit projecting little noob chump - you will NEVER, ever, in your entire LIFE be even CLOSE to the class of pc knowledgeable I am - accept it (the above proves it vs. your bullshit, easily)... apk

Re:Ahem: Bullshit (Android IS a Linux variant) (1)

Dishevel (1105119) | about 2 months ago | (#47485171)

And this movies is Based on that story.

Again. People with Android phones are not Linux users. This is proven by the quote you pulled.

Thanks for playing. You lose.

So Android is Windows or MacOSX then? (0)

Anonymous Coward | about 2 months ago | (#47486381)

Face facts: You fail! Android uses a Linux core thus, as wikipedia notes - It IS a Linux - period.

APK

P.S.=> Despite your other added b.s. also? Yes, SOME Linux users ARE NOOBZ, & Android being a Linux, proves it (on smartphones, where it is being "torn up" by exploits, daily)

&

That also proves another point of mine I've long said here that would BITE THE LINUX & Open "Sores" b.s artists here, in that the MORE any OS is used, & especially if it ends up as KING of the particular hardware platform it rides on (Which Android/Linux is on smartphones, like Windows is on PC's & Servers combined) THE MORE IT WILL BE ATTACKED...

History's proven me correct on that statement too, yet again (I saw it before that on DOS) as well as CRIMINAL "human nature" in that they want the most "bang for the buck" from a SINGLE codebase, that can attack the most potential possible victims (which you *may* have to "channel your 'inner criminal'" to understand)

Here? Yes - I see it everyday since I work with the security community nearly daily, & via this program I wrote for them + anyone that chooses to use it to get the benefits of added speed, security, reliability, & even anonymity it yields, more efficiently than ANY browser addon level slower inferior competitor, as well as shoring up DNS redirect security issues as well (bonus) -> http://start64.com/index.php?o... [start64.com] )

... apk

botnets are still Windows. Set a router password (1)

raymorris (2726007) | about 3 months ago | (#47433245)

This botnet, like the one the malware based on, is Windows only. The botnet that was used to seed this one is also Windows only.

There have been two botnets that kinda-sorta might be interesting to Linux and Mac users. In one, if you used a Windows desktop to ssh to a Linux server, the infected Windows machine could reveal the user name and password that you used from Windows. In the other, some idiots left the default admin user name and passwords on their routers, some of which run Linux. Surprisingly, if the bad guy knows your username and password, that's a bad thing no matter what operating system you use.

They're NEVER on MY Windows 7 rig... apk (0)

Anonymous Coward | about 3 months ago | (#47435149)

Why? Simple: THIS (courtesy of "yours truly", gratis) -> http://it.slashdot.org/comment... [slashdot.org]

* :)

(Enjoy, should you elect to try it. It's free, works - especially vs. "FastFlux" & "Dynamic DNS" using botnets, & NO strings of ANY kind attached...)

APK

P.S.=> I can lead horses to water, I can't make them drink though - although, MANY here & on other forums online enjoy the benefits I do, courtesy of my program shown in the link above though... apkb

You have to destroy (1)

Anonymous Coward | about 3 months ago | (#47433045)

all 42 horcruxes

Malcovery "discovered" (0)

Anonymous Coward | about 3 months ago | (#47433047)

Discovered it?, or wrote it? It's easier to write this trash than to disassemble it.

Malcovery says that if the .scr is run within a VM, it fails to operate - that suggests that using a VM obtains a measure of safety.
Presumably, not operating within a VM makes it harder to figure out how it operates, but it makes it easy to make a system immune.

Fast-flux or not, registering one of those domain names would put a target on your back. Reinforce your doors before you try it.

Make VM OS read-only unless updating (1)

raymorris (2726007) | about 3 months ago | (#47433303)

> suggests that using a VM obtains a measure of safety.

You can make it almost perfectly secure by mounting Documents from another disk or image and marking the operating system VM read-only, or snapshotted so it reverts state on reboot.

Toggle it read-write while you update the OS or install new software.

Re:Make VM OS read-only unless updating (1)

Gothmolly (148874) | about 3 months ago | (#47433539)

Not a bad idea to keep things like /bin and /sbin and their brethren RO as well.

Re:Make VM OS read-only unless updating (1)

Opportunist (166417) | about 3 months ago | (#47434427)

While a good idea, it's not that easy for Windows users. Especially since the "basic" (aka "premium") versions of Win7 come even without the ability to limit execution of files in certain directories (which would surprisingly actually defeat this pus, at least the variants that I'm aware of, my knowledge in this area is a bit dated, though).

Guess you have to pay extra with Microsoft if you want some semblance of security...

read-only OS doesn't execute random files (1)

raymorris (2726007) | about 3 months ago | (#47434547)

Suppose you have nastyshit.exe in your documents folder. How is it going to get executed? At boot, by a registry entry? Nope, because all the boot stuff, including the registry, is read-only. How did it get there in the first place? Not from malware resident on the system, because the system is read-only.

Re:read-only OS doesn't execute random files (1)

Opportunist (166417) | about 3 months ago | (#47434867)

It got there using a buffer overflow in one of your outdated (read: 2 days since patch) software and also got executed that way. The downloader wrote it into your %appdata%\roaming folder (where it has write access without you needing elevated privileges) and got started likewise.

Why files in %appdata%\roaming can be run at all? Ask MS. I don't see a good reason why files located there should be executable. Actually, there are very few areas in user-writeable areas where execution of files makes sense, and not allowing it would increase security of Windows by leaps and bounds.

Sadly, you need at least Win7 Professional to make it so. Well, it is technically possible to get Win7 Home Premium to perform it, but the hassle is maybe not far away from having to reinstall the system and restore a backup if the malware strikes...

Re:Make VM OS read-only unless updating (1)

Opportunist (166417) | about 3 months ago | (#47434403)

Nope. The current version of this piece of internet-pus walks down mounted network devices, too.

So far they don't go for your network environment to hunt down unmounted shares. Not yet, at least.

This stops it cold... apk (0)

Anonymous Coward | about 3 months ago | (#47435001)

ZeusTracker -> https://zeustracker.abuse.ch/m... [abuse.ch]

Especially when combined with what's in my p.s. to STOP even more threats online, & gives you better speed, reliability, & anonymity.

APK

P.S.=> APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of benefits in link)

Summary:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity/room 4 breakdown,

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth... [mozilla.org] )

Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)...apk

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?