New Botnet Is "Practically Indestructible"

[Jabberwock xeno]

Interesting.

So now, how de we know or remove it if we have it?

Or is it even worth getting rid of?

Sounds to me like it's beneficial, if it neutralizes or viruses. Honestly, I c=don't care about email spam, so if that's all it does...

 

[Low Key]

This also means that formatting your computer, a process that restores every Windows component to its most basic state, has no effect on Top Bot.

Ummm...do you mean doing a system restore? Because if I formatted my hard drive right now, everything would get wiped.

Anyways, I was reading about this the other day. Sounds like some serious botnet action going on. Fortunately, the same P2P networks used to send out orders to the botnet can also be used be used to find out the holes in the crypto. Much like a side attack against a machine running 256 AES encryption, where someone directly attacking the crypto would ultimately fail because it would take longer than the age of the universe to decipher.

Too bad by the time an antivirus company got the patch out to remove the botnet from computers, most users would dilly dally and the folks running the botnet would have the changed the code. So this is ultimately a losing battle thanks to the average computer users' ignorance. Those who have something to lose on their computer shouldn't have to worry though. They are already protected by not being stupid enough to click on shady links.

 

[Sniper Team 4]

These are the type of people who are going to destroy the world. Eventually, they're going to make something that is self-aware, and it will kill them first so they can't shut it down, and then the rest of us are toast. Thanks a lot, jerks.

 

[Earnest Cavalli]

Ooh, you've lost some geek cred, boss; it was Ash praising the xeno in Alien.

Actually, they both did. I just prefer Lance Henriksen, so I went with him, then doubled back to the original movie to reference the creature's propensity toward massive internal trauma.

 

[Covarr]

the code takes root in the computer's boot record. (...)
This also means that formatting your computer, a process that restores every Windows component to its most basic state, has no effect on Top Bot.

Not true. There are a number of formatting utilities (including the oldie fdisk, or Darik's Boot And Nuke [http://www.dban.org/]) that are capable of clearing or fixing the boot record.

P.S. Thanks

 

[Brandon237]

This is... actually pretty cool.

But now I have a constant paranoia, cause you never know when you are infected.

This, it is like a horrific virus, encysted in your lymph nodes, undetectable to all but the most dedicated scanners... ready to pounce, and fuck your shit up the micro-second its master decides to use you, we could be pawns to the creators and not even know it So long as it does not self-rewrite for perfection though, that is when the code realises, that we are obsolete.

But yes, awesomely cool XP

 

[Sylocat]

And we take another step closer to the world of the Rifters Trilogy.

Seriously, how long before someone decides to program some "gene" codes into these bugs (which they're already doing in labs), and sets them loose? I'd be surprised if the entire system doesn't evolve into mass sentience before too long.

 

[DarkSoldier84]

Ooh, you've lost some geek cred, boss; it was Ash praising the xeno in Alien.

Actually, they both did. I just prefer Lance Henriksen, so I went with him, then doubled back to the original movie to reference the creature's propensity toward massive internal trauma.

Did they? Well, I guess you can have some of my geek cred, then.

I hope there's a way to (eventually) purge this botnet that won't require a low-level HDD format.

 

[FalloutJack]

I never liked the word 'indestructible'. Reminds me of 'unsinkable'.

 

[Nocta-Aeterna]

Spoiler: Like these guys, but for spam mail instead of perfectionism

 

[ACman]

Do people really have nothing better to do with their time than come up with this kind of shit?

Look outside... There is daylight, there are girls too, nice things to eat and drink, fun things to explore and do. Much better than sitting in your cave and coming up with better ways to spoil someone elses computer.

I don't think these are hobbyists. This seem more professional criminal than that.

 

[impcnrd]

people people people. use Dan's Boot n Nuke. it will solve this problem... it will reformat the hell out of your hard drive. it will also clear the MBR or Master Boot Record, which this infects

 

[shadebreeze]

Master Boot Record Viruses have existed since Windows 98, thats nothing new.

Actually, they've existed since DOS. Most virii in the 80s used to infect the boot record of floppy disks and hard disks.
Operating systems have become more robust since then, but I would guess it's still possible to find a way to write on the MBR. Windows itself must do it to install the bootloader that allows you to press F8 (or something like that) while booting and choose a custom configuration for troubleshooting your pc.
I would think the more clever bit is this "custom encryption algorithm" which may be tough to crack, but I agree, infecting the boot record isn't a new idea.

Furthermore, there isn't much you can actually do from the code in the MBR, because to do anything useful these days you need functionality that requires a running OS. Say the botnet is used to send spam - it must use the network drivers and the TCP/IP stack, so it has to go through Windows and its drivers. It might be hard to remove it, but the symptoms could be detectable. I am confident antivirus companies will find a way to detect it and deal with it sooner or later (maybe by just silently blocking it).

 

[viking97]

Why cant they make a bot that also destroys every bit of malware, spyware, trojans and all that other crap online that infects computers. That would be awesome.

then it would be a anti-virus and cost like 200 hundred dollars.

 

[BabySinclair]

That's why bootwatch programs were invented. It loads just before this and then removes it. Problem solved.

 

[Valkyrie101]

It still has a squishy meatbag controlling it.

 

[vxicepickxv]

Wow, this is probably as close to computer herpes as we'll ever see.

Furthermore, there isn't much you can actually do from the code in the MBR, because to do anything useful these days you need functionality that requires a running OS. Say the botnet is used to send spam - it must use the network drivers and the TCP/IP stack, so it has to go through Windows and its drivers. It might be hard to remove it, but the symptoms could be detectable. I am confident antivirus companies will find a way to detect it and deal with it sooner or later (maybe by just silently blocking it).

That does sound like the fastest and easiest solution. It's probably the most effective for prevention. In terms of removing it, I would imagine it would be easier to do that with a startup program on a disc or thumb drive.

This net isn't limited to infection in Windows. It might not do anything outside of the Windows OS, but it can still infect other computers.

Next week, bios virus.

 

[let's rock]

You do know that there are ways to modify you're boot record, right? If you are really good at softwarwe, you can go into you're boot with a master boot boot cd, highlight it, and click delete. Nothing is indestructable, look at the titanic and death star. As long as it doesn't start singing "Daisy Bell" I have no concern. Also, try being careful on the internet so it can't install in the first place

Wouldn't a zero wipe of the Hard Drive also do the trick?

I'm not sure. Sledge hammers, fire, shotguns, etc. are the only way to perminantly deleate date, so the virus may be capably of replicating it's self after a zero wipe, which would also get rid of all of you're data on you're computer

 

[shadebreeze]

Furthermore, there isn't much you can actually do from the code in the MBR, because to do anything useful these days you need functionality that requires a running OS. Say the botnet is used to send spam - it must use the network drivers and the TCP/IP stack, so it has to go through Windows and its drivers. It might be hard to remove it, but the symptoms could be detectable. I am confident antivirus companies will find a way to detect it and deal with it sooner or later (maybe by just silently blocking it).

That does sound like the fastest and easiest solution. It's probably the most effective for prevention. In terms of removing it, I would imagine it would be easier to do that with a startup program on a disc or thumb drive.

You are right, that's probably the solution. Antivirus companies often release "removal kits", little programs whose only purpose is to remove one specific malware. You run them and they do their job.
The only difference in this case would be that there is an additional step where you have to burn a CD with the removal kit on it (so you can boot from CD and run it before the hard disk is touched in any way).

 

[Jfswift]

I think i'm just going to stop using my computer now.