In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
wrote
on Fri, 06 Jul 2007 17:20:18 +0100
<4870945.S6sA1hpsul@xxxxxxxxxxxxxxx>:
> ____/ nessuno@xxxxxxxxxxxxxxxxxxx on Friday 06 July 2007 16:42 : \____
>
>> ]
>>>
>>> New Trojan Makes Microsoft Windows Talk While Wiping out the Hard Drive
>>>
>>> ,----[ Quote ]
>>> | This new malicious code detected by PandaLabs last week uses the Windows
>>> | text reader to play the following sentences:
>>> |
>>> | "You have been infected I repeat you have been infected and your system
>>> | files have been deleted. Sorry. Have a nice day and bye bye."
>>> |
>>> | These comments are repeated over and over again while the Trojan
>>> | tries to delete the entire content of the computer's hard disk.
>>> `----
>>
>> Of course usually it's not in the interest of the criminals to wipe
>> your computer, instead they'd rather keep it alive for other nefarious
>> purposes. If more malware did this, you'd see people pay more
>> attention to the quality of their OS. I'd prefer a different message,
>> though, something like "Your system files have been deleted. Too
>> bad. Next time you might consider a more secure OS." Just noticed
>> that it says "system files", I guess that means the nice virus doesn't
>> delete your personal data.
>
> When I was about 13 I wrote a little 'virus' which was
> essentially a batch file that wipes off system files
> (Windows 3.1). It's amazing that even back then there
> was no mechanism to distinguish ordinary users from one that
> administers.
>
DOS didn't *have* users. :-) Nor did it have any security,
really. Oh, it had the hidden and readnly bits, but
anyone with half a brain could go in there and issue
BIOS commands to fiddle with the direntries directly on
the drive. Even on Linux one might wander around looking
for the ext2 inode descriptor and wiggle the permission
bits, on an unencrypted drive sitting in a compromised or
different machine.
Nowadays on Linux, one might contemplate an encrypted
loop device, which would make it a lot tougher to do such
hacks, even were the machine compromised and/or the drive
removed and placed in a blackhat's analysis device (usually
another desktop capable of reading the drive). Of course
the sysadmin would have to type in the pass-code on every
reboot, and the system would have to take some pains
to keep that pass-code in non-pageable virtual memory, or
discard it entirely after it's served its purpose.
(I would have to look regarding Linux's implementation.)
Not sure what the XP or Vista variant of such would be --
if any.
--
#191, ewill3@xxxxxxxxxxxxx
New Technology? Not There. No Thanks.
--
Posted via a free Usenet account from http://www.teranews.com
|
|
