New Botnet Is "Practically Indestructible"

[DarkTenka]

Am I missing something here?

Master Boot Record Viruses have existed since Windows 98, thats nothing new. While a standard reformat wouldnt "kill it" .. you can reformat the Master Boot Record seperately (and independently) from the rest of the data .. its pretty easy to do with your Windows Install CD.

So what part of this so called "BotNet" makes it so "practically indestructible"?.

 

[DarkSoldier84]

I guess that's like Bishop praising the xenomorphs in Aliens [http://www.amazon.com/Aliens-Two-Disc-Collectors-Sigourney-Weaver/dp/B00012FXAE]. Analytically, I can see that they're a fascinating example of adaptive evolution, but that doesn't do much for John Hurt's burst ribcage.

Ooh, you've lost some geek cred, boss; it was Ash praising the xeno in Alien.

 

[SenseOfTumour]

(Note I'm talking from a position of sheer ignorance, feel free to correct me, tho if you can avoid words like numbnuts or dummy, it'd be nice.)

Surely if they know what it's like, what it does and where it hides, they must be able to scan for it, either something after a reboot or, send out an update that allows us to write a boot CD to check for it. Part of the problem being hardly any PCs have a floppy drive any more and many laptops don't even have a basic dvd drive.

However, I sense if to check for boot sector viruses, you'd need to create a new CD each week and reboot for a special pre-boot scan, I can see the viruses spreading and surviving thru sheer laziness on the regular user. Most users want to install a piece of AV software and leave it to run, not actually have to do anything.

 

[Jabberwock xeno]

Interesting.

So now, how de we know or remove it if we have it?

Or is it even worth getting rid of?

Sounds to me like it's beneficial, if it neutralizes or viruses. Honestly, I c=don't care about email spam, so if that's all it does...

 

[Low Key]

This also means that formatting your computer, a process that restores every Windows component to its most basic state, has no effect on Top Bot.

Ummm...do you mean doing a system restore? Because if I formatted my hard drive right now, everything would get wiped.

Anyways, I was reading about this the other day. Sounds like some serious botnet action going on. Fortunately, the same P2P networks used to send out orders to the botnet can also be used be used to find out the holes in the crypto. Much like a side attack against a machine running 256 AES encryption, where someone directly attacking the crypto would ultimately fail because it would take longer than the age of the universe to decipher.

Too bad by the time an antivirus company got the patch out to remove the botnet from computers, most users would dilly dally and the folks running the botnet would have the changed the code. So this is ultimately a losing battle thanks to the average computer users' ignorance. Those who have something to lose on their computer shouldn't have to worry though. They are already protected by not being stupid enough to click on shady links.

 

[Sniper Team 4]

These are the type of people who are going to destroy the world. Eventually, they're going to make something that is self-aware, and it will kill them first so they can't shut it down, and then the rest of us are toast. Thanks a lot, jerks.

 

[Earnest Cavalli]

Ooh, you've lost some geek cred, boss; it was Ash praising the xeno in Alien.

Actually, they both did. I just prefer Lance Henriksen, so I went with him, then doubled back to the original movie to reference the creature's propensity toward massive internal trauma.

 

[Covarr]

the code takes root in the computer's boot record. (...)
This also means that formatting your computer, a process that restores every Windows component to its most basic state, has no effect on Top Bot.

Not true. There are a number of formatting utilities (including the oldie fdisk, or Darik's Boot And Nuke [http://www.dban.org/]) that are capable of clearing or fixing the boot record.

P.S. Thanks

 

[Brandon237]

This is... actually pretty cool.

But now I have a constant paranoia, cause you never know when you are infected.

This, it is like a horrific virus, encysted in your lymph nodes, undetectable to all but the most dedicated scanners... ready to pounce, and fuck your shit up the micro-second its master decides to use you, we could be pawns to the creators and not even know it So long as it does not self-rewrite for perfection though, that is when the code realises, that we are obsolete.

But yes, awesomely cool XP

 

[Sylocat]

And we take another step closer to the world of the Rifters Trilogy.

Seriously, how long before someone decides to program some "gene" codes into these bugs (which they're already doing in labs), and sets them loose? I'd be surprised if the entire system doesn't evolve into mass sentience before too long.

 

[DarkSoldier84]

Ooh, you've lost some geek cred, boss; it was Ash praising the xeno in Alien.

Actually, they both did. I just prefer Lance Henriksen, so I went with him, then doubled back to the original movie to reference the creature's propensity toward massive internal trauma.

Did they? Well, I guess you can have some of my geek cred, then.

I hope there's a way to (eventually) purge this botnet that won't require a low-level HDD format.

 

[FalloutJack]

I never liked the word 'indestructible'. Reminds me of 'unsinkable'.

 

[Nocta-Aeterna]

Spoiler: Like these guys, but for spam mail instead of perfectionism

 

[ACman]

Do people really have nothing better to do with their time than come up with this kind of shit?

Look outside... There is daylight, there are girls too, nice things to eat and drink, fun things to explore and do. Much better than sitting in your cave and coming up with better ways to spoil someone elses computer.

I don't think these are hobbyists. This seem more professional criminal than that.

 

[impcnrd]

people people people. use Dan's Boot n Nuke. it will solve this problem... it will reformat the hell out of your hard drive. it will also clear the MBR or Master Boot Record, which this infects

 

[shadebreeze]

Master Boot Record Viruses have existed since Windows 98, thats nothing new.

Actually, they've existed since DOS. Most virii in the 80s used to infect the boot record of floppy disks and hard disks.
Operating systems have become more robust since then, but I would guess it's still possible to find a way to write on the MBR. Windows itself must do it to install the bootloader that allows you to press F8 (or something like that) while booting and choose a custom configuration for troubleshooting your pc.
I would think the more clever bit is this "custom encryption algorithm" which may be tough to crack, but I agree, infecting the boot record isn't a new idea.

Furthermore, there isn't much you can actually do from the code in the MBR, because to do anything useful these days you need functionality that requires a running OS. Say the botnet is used to send spam - it must use the network drivers and the TCP/IP stack, so it has to go through Windows and its drivers. It might be hard to remove it, but the symptoms could be detectable. I am confident antivirus companies will find a way to detect it and deal with it sooner or later (maybe by just silently blocking it).

 

[viking97]

Why cant they make a bot that also destroys every bit of malware, spyware, trojans and all that other crap online that infects computers. That would be awesome.

then it would be a anti-virus and cost like 200 hundred dollars.

 

[BabySinclair]

That's why bootwatch programs were invented. It loads just before this and then removes it. Problem solved.