Rootkit author offer fix for MS patch problem

  • Thread starter Thread starter HeyBub
  • Start date Start date
HeyBub wrote:

> "According to security vendor Prevx, the authors of the rootkit which

> was the cause of a large number of unbootable systems which applied

> the MS10-015 patch issued last week have issued a patch to fix the

> incompatibility."

> http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php

>

> All your roots belong to us...



OK, so here's the plan.



I will shut off my firewall and disable my AV program. I will then

intentionally get infected with that particular rootkit. Then I will

download and install the patch that the authors of this rootkit issued

last week so that when I apply the MS10-015 patch, I won't get the BSOD.

Cool! No more incompatibility!
 
On Feb 18, 11:59 am, "Daave" wrote:

> HeyBub wrote:

> > "According to security vendor Prevx, the authors of the rootkit which

> > was the cause of a large number of unbootable systems which applied

> > the MS10-015 patch issued last week have issued a patch to fix the

> > incompatibility."

> >http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_pa...

>

> > All your roots belong to us...

>

> OK, so here's the plan.

>

> I will shut off my firewall and disable my AV program. I will then

> intentionally get infected with that particular rootkit. Then I will

> download and install the patch that the authors of this rootkit issued

> last week so that when I apply the MS10-015 patch, I won't get the BSOD.

> Cool! No more incompatibility!



I want to do that too.



I think the the best way to understand these things is to experience

them for yourself and learn how to fix them.



Where do you go to get infected with that particular rootkit? I have

been trying for a week.
 
MSRC: Update - Restart Issues After Installing MS10-015 and the Alureon

Rootkit

http://blogs.technet.com/msrc/archi...talling-ms10-015-and-the-alureon-rootkit.aspx



MMPC: Restart issues on an Alureon infected machine after MS10-015 is

applied

http://blogs.technet.com/mmpc/archi...fected-machine-after-ms10-015-is-applied.aspx

--

~PA Bear





HeyBub wrote:

> "According to security vendor Prevx, the authors of the rootkit which was

> the cause of a large number of unbootable systems which applied the

> MS10-015

> patch issued last week have issued a patch to fix the incompatibility."

>

> http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php

>

> All your roots belong to us...
 
Jose wrote:



> On Feb 18, 11:59 am, "Daave" wrote:

>

>>HeyBub wrote:

>>

>>>"According to security vendor Prevx, the authors of the rootkit which

>>>was the cause of a large number of unbootable systems which applied

>>>the MS10-015 patch issued last week have issued a patch to fix the

>>>incompatibility."

>>>http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_pa...

>>

>>>All your roots belong to us...

>>

>>OK, so here's the plan.

>>

>>I will shut off my firewall and disable my AV program. I will then

>>intentionally get infected with that particular rootkit. Then I will

>>download and install the patch that the authors of this rootkit issued

>>last week so that when I apply the MS10-015 patch, I won't get the BSOD.

>>Cool! No more incompatibility!

>

>

> I want to do that too.

>

> I think the the best way to understand these things is to experience

> them for yourself and learn how to fix them.

>

> Where do you go to get infected with that particular rootkit? I have

> been trying for a week.



Why not ask ol' ANGELKISSES420 ?
 
Daave wrote:

> HeyBub wrote:

>> "According to security vendor Prevx, the authors of the rootkit which

>> was the cause of a large number of unbootable systems which applied

>> the MS10-015 patch issued last week have issued a patch to fix the

>> incompatibility."

>> http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php

>>

>> All your roots belong to us...

>

> OK, so here's the plan.

>

> I will shut off my firewall and disable my AV program. I will then

> intentionally get infected with that particular rootkit. Then I will

> download and install the patch that the authors of this rootkit issued

> last week so that when I apply the MS10-015 patch, I won't get the

> BSOD. Cool! No more incompatibility!



Right. As I understand the problem, the rootkit authors coded an absolute

address for a critical Windows function; this address was changed by the

Microsoft update. The rootkit authors then went back and made the address a

variable to be deduced at run time, thereby making their product more

robust.



This is not the first time Microsoft has changed an un-documented item to

the cost of developers.
 
I think it disingenuous at best to consider malware writers & botnet owners

"developers."



HeyBub wrote:



> This is not the first time Microsoft has changed an un-documented item to

> the cost of developers.
 
On Feb 18, 3:14 pm, "PA Bear [MS MVP]" wrote:

> I think it disingenuous at best to consider malware writers & botnet owners

> "developers."

>

> HeyBub wrote:

>

>

>

>

>

> > This is not the first time Microsoft has changed an un-documented item to

> > the cost of developers.



Their efforts are sometimes clever, usually merely annoying and fairly

easy to outsmart.



I think there is some sick, twisted and perverted reward (there -

that's all the good words) and competition between the authors to see

who can be the most likely to induce a complete reinstall of Windows

when some person on the receiving end is unable or unwilling to try to

figure out their products and fix the problem and just gives up.

Victory is theirs!



They could certainly be malicious and destructive if they wanted to

be, but so far... they seem to be mostly just annoying.
 
HeyBub wrote:



> "According to security vendor Prevx, the authors of the rootkit which was

> the cause of a large number of unbootable systems which applied the MS10-015

> patch issued last week have issued a patch to fix the incompatibility."

>

> http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php

>

> All your roots belong to us...



So rather than get RID of the rootkit malware, users are expected to get an

update to the malware. Uh huh.



In similar manner, put the malware authors up against a wall and I'll SHOOT

them in their heads with hollow-point bullets. Then I'll offer to remove to

the flattened bullets, bend them into a slightly different form, and then

hammer them back into their dead brains. Works for me.
 
Jose wrote:



> On Feb 18, 3:14 pm, "PA Bear [MS MVP]" wrote:

>

>>I think it disingenuous at best to consider malware writers & botnet owners

>>"developers."

>>

>>HeyBub wrote:

>>

>>

>>

>>

>>

>>>This is not the first time Microsoft has changed an un-documented item to

>>>the cost of developers.

>

>

> Their efforts are sometimes clever, usually merely annoying and fairly

> easy to outsmart.

>

> I think there is some sick, twisted and perverted reward (there -

> that's all the good words) and competition between the authors to see

> who can be the most likely to induce a complete reinstall of Windows

> when some person on the receiving end is unable or unwilling to try to

> figure out their products and fix the problem and just gives up.

> Victory is theirs!

>

> They could certainly be malicious and destructive if they wanted to

> be, but so far... they seem to be mostly just annoying.



No the 'bot herders want to remain UNdetected. They DON'T want to lose

control of a PC as it is in their best interest to keep the PC working

for them.
 
VanguardLH wrote:

> HeyBub wrote:

>

>> "According to security vendor Prevx, the authors of the rootkit which was

>> the cause of a large number of unbootable systems which applied the MS10-015

>> patch issued last week have issued a patch to fix the incompatibility."

>>

>> http://blogs.pcmag.com/securitywatch/2010/02/rootkit_authors_issue_patch_fo.php

>>

>> All your roots belong to us...

>

> So rather than get RID of the rootkit malware, users are expected to get an

> update to the malware. Uh huh.

>

> In similar manner, put the malware authors up against a wall and I'll SHOOT

> them in their heads with hollow-point bullets. Then I'll offer to remove to

> the flattened bullets, bend them into a slightly different form, and then

> hammer them back into their dead brains. Works for me.





I'll bring the popcorn and refreshments, Vanguard.



MowGreen

================

*-343-* FDNY

Never Forgotten

================



banthecheck.com

"Security updates should *never* have *non-security content* prechecked
 
You must log in or register to reply here.
Back
Top