Re: A suggestion for next month's Malicious Software Removal download

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

So How Did I Get Infected Anyway?
http://www.wilderssecurity.com/showthread.php?t=27971
--
~PA Bear

Don Taylor wrote:
"PA Bear" <PABearMVP@xxxxxxxxx> writes:
> The MSRT's doing a helluva job IMHO.

> Download and read:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=47DDCFA9-645D-4495-9EDA-92CDE33E99A9&displaylang=en

Really. Here are just two examples of folks saying that THE
problem is MILLIONS of security hole Windows boxes flushing
the spam and fraud toilet at the net as fast as their little
DSL connection will go.

Read
http://www.zdnet.com.au/news/security/soa/ISPs_accused_of_ignoring_botnet_invasion/0,2000061744,39257307,00.htm
ISPs accused of ignoring botnet invasion

By Munir Kotadia, ZDNet Australia
24 May 2006 03:11 PM

Internet Service Providers are in the perfect position to kill vast
armies of compromised computers -- or bots -- that are being used
by cyber-criminals to launch the majority of spam and phishing
attacks, according security specialists at the AusCERT 2006 conference.

Botnets are vast groups of Windows-based PCs that have been infected
with a Trojan or virus that allows the computer to be illicitly
controlled from a remote location. Bot armies comprising of between
10,000 and 100,000 bots are openly advertised for hire on newsgroups
located in the darker corners of the Internet.

The majority of these bots are home computers that are connected
to the Internet over a broadband link such as ADSL or Cable, which
means all the malicious traffic initially passes through the network
of each individual bots' ISP.

Or

http://www.cotse.com/20050717.html
It's time ISP's were held accountable!

The biggest threat on the Internet, by far, are the millions of
end user machines infected by a virus/trojan. It's the end result
of someone clicking an attachment/running an infected file/not
applying the most recent security patch and effectively giving their
computer over to someone who is going to use it for nefarious
purposes.

That person first copies all useable personal information off that
computer (credit cards, accounts and passwords, etc.), then turns
it into a Zombie (a machine waiting to be controlled). These Zombie
machines are the individual units of much larger bot nets and they
are attacking in greater numbers than ever before.

Some of these bot nets are numbering hundreds of thousands of
machines and quite possibly might be nearing a million. A bot net
is controlled as a single computer. It's easily the worlds largest
multiprocessor server and time is sold on it at a premium."



Now how is it again that this thing that supposedly removes
malicious software from Windows computers doing a fine job?

How many hundred of the pump-n-dump stock swindle spam
are you reporting to abuse addresses every month since this
broke out a few months ago? There appears to be no sign
that this is even slowing down, even after I report a few
hundred of these each to Comcast and Verizon and SWBell and...
Every one of those is flushing out of a compromised DSL XP toilet.

> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

> Don Taylor wrote:
> > Why doesn't Microsoft make next month's Malicious Software Removal
> > download exterminate some or most of the 'bots' that have taken
> > over the world's DSL connected machines that are owned by people
> > who haven't a clue what security is?
> >
> > It doesn't seem like rocket science for them to go capture a few
> > of these machines, determine which bots they have, drop the code
> > into the monthly update to sterilize these, and then advertise the
> > hell out of this AND have it announce when it was done if it had
> > actually found and fixed this for the customer.
> >
> > And every time a new infection grabbed the headlines they could
> > announce that they were on top of this.
> >
> > Talk about finally a Windows Genuine Advantage?!?! That would be
> > it.

.

Relevant Pages

  • Re: keep getting DCOM intrusions
    ... the XP machines, you should have the ICF firewall enabled on the ICS ... connection which would block this infection from the Internet side. ... It won't, however, prevent your bringing the infection into the network ...
    (microsoft.public.security.virus)
  • Re: ? WINS*.EXE installed as part of Windows
    ... If these files are under the path you quote, they are products of infection. ... If you connect an unpatched XP machine to the Internet without enabling the ... infected machines on the local network--even one will accomplish this. ... > each and every reboot during the install and after the second one, ...
    (microsoft.public.security.virus)
  • Re: New CIFS (port 445) worm?
    ... > My assumption, at this point, is that those two machines ... > (and a bunch more out on the Internet) have been infected ... > file shares as the infection vector. ...
    (Incidents)
  • Re: Vast Spy System Loots Computers in 103 Countries
    ... A Plan to Catch the Conficker Worm ... infected millions of machines worldwide, ... signs of infection. ... it presents itself to the wider network. ...
    (sci.military.naval)
  • Re: compromised machines
    ... It wouldn't surprise me if they were running bots, ... Agobot, Polybot or Spybot, which compromise computers. ... If they crack a multi user computer (Windows 2000 Server comes to mind), ... Subject: compromised machines ...
    (Incidents)