Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: Password stealing malware scan updated

Stilly River Sage 30 Sep 11 - 02:20 PM
GUEST,999 30 Sep 11 - 02:50 PM
Stilly River Sage 30 Sep 11 - 02:53 PM
JohnInKansas 30 Sep 11 - 03:13 PM
GUEST,.gargoyle 30 Sep 11 - 04:58 PM
Stilly River Sage 30 Sep 11 - 05:46 PM
Geoff the Duck 01 Oct 11 - 04:20 AM
Newport Boy 01 Oct 11 - 07:35 AM
Stilly River Sage 01 Oct 11 - 11:26 AM
Stilly River Sage 01 Oct 11 - 05:30 PM
JohnInKansas 01 Oct 11 - 06:53 PM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:





Subject: Tech: Password stealing malware scan updated
From: Stilly River Sage
Date: 30 Sep 11 - 02:20 PM

Some of my browsers stopped working at noon after a scan by my Microsoft Forefront security program. The gist of the message was that it detected a piece of malware called PWS:Win32/Zbot.

Apparently Microsoft had identified this and scanned for it in the past but was scanning for it wrong, the detection formula was incorrect. I think. Here's a page about this bot that doesn't include a mea culpa but it apparently is implied.

It scanned the computer, blocked the file, and part of the "fix" was to uninstall my Chrome browser application. I scanned for a couple of the file names and don't find them in my system, so they evidently didn't make it into the registry. I don't know if it was active or simply lodged somewhere, or if this deleted a harmless file with a similar name.

Anyone else get this kind of search result? I find it particularly annoying because I have been updating my passwords to be more secure, and it looks like I'll have to go update them all.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: GUEST,999
Date: 30 Sep 11 - 02:50 PM

I wrote a letter to the geniuses who wrote the code for Chrome. I have many screens that open half size. They know about it and despiote that millions of users are POed about it, they do NOTHING. Of course, they haven't written back.

This sounds like something the same set of geniuses would do. I'm getting real fed up with Google Chrome, real fast.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: Stilly River Sage
Date: 30 Sep 11 - 02:53 PM

Part two. Microsoft seems to be detecting a regular part of the Chrome program and blocking the reinstallation of the program. I'm going to have to block that part of my antivirus software and hope that there isn't a real virus with the same filename/footprint.

I suspect I'm not the only multi-browser user who will encounter this problem.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: JohnInKansas
Date: 30 Sep 11 - 03:13 PM

The incorrect detection signature merely means that the bot may have been on your machine for a while without being detected.

When the corrected signature was downloaded, the bot was detected and removed.

The removal (or disabling) of your Chrome browser most likely means that the bot was invasively embedded into Chrome.

That you did not find registry entries is not particularly good evidence of anything, as the page you linked indicates that the bot "hides its registry entries," although that page does not give any information about how they're hidden. Also, the removal of the bot may have already cleared them, before the scan identified the bot and gave you the clue that you should look for them.

Although Forefront has individual computer versions available, it's intended for use as a complete system on business networks, where IT support people require the ability to remotely manage multiple kinds of antimalware programs on many machines. Unless your computer is on a business network where that kind of remote administration is necessary, it may not be a "better program" for an individual computer, since the remote management capability is just one more way for someone to hack into your machine(?) in the absence of "higher level network protections" that are part of Forefront server packages.(?)

If your machine was, in fact, infected with this bot, you need to change all of your passwords anyway, since one of it's identified purposes is to steal passwords from "password lockers." You have no way of knowing whether it was successful before it was removed, so they all should be changed.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: GUEST,.gargoyle
Date: 30 Sep 11 - 04:58 PM

Looks like a return of the great "Internet Browser Wars" of 1995.

The BEST "password locker" - is your own personal brain (mnemonic mind catagories) - or if that is failing (or seldom used) - notes scribbled in a physical (NON-hex/dec) log book with graphite or ink.

For over a decade - I have advocated:
Do NOT trust Max
Do NOT trust Mudcat
Do NOT trust "News-Groups"
EVERYTHING - posted ANYWHERE - is recorded for posterity. And freqently the simpilest missed key-stroke ... reveals a whole-lot about the "real misery" in the SW corner of Colorado.

Sincerely,
Gargoyle

It is a fluffy fold of sheep, ripe for shearing. I'll take two of the black 47. (it should NOT be the place of govt to protect "id jets" against themselves.) If you enrolled in Calculus but never had Algebra ...


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: Stilly River Sage
Date: 30 Sep 11 - 05:46 PM

John, I think in this instance Forefront (an enterprise software application used by all of the computers on campus and recommended for use at home so we don't take viruses back to work with us) mis-identified a bit in Chrome. It wouldn't let a clean copy of Chrome install, kept blocking it, because of a part of it.

I don't just run Forefront, I update and regularly run several programs to keep that kind of stuff out. I use WinPatrol to keep an eye on ANYTHING that tries to write to the registry. That's the only reason it's there (though it is useful for several other tidying applications, like cleaning crap out of the start menu that installs itself there.)

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: Geoff the Duck
Date: 01 Oct 11 - 04:20 AM

The situation is not helped is not helped by microsoft's track record of deliberately modifying Windows to cripple other companies' programmes, leaving users with no option than to buy a very expensive Microsoft one that doesn't do the job anywhere near as well.

Google currently seem to be the people poised to topple Microsoft's commercial domination of computing. If I were a conspiracy theorist, I might wonder if Gates's Babies were launching a campaign to destabilise the enemy.

Quack!
GtD.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: Newport Boy
Date: 01 Oct 11 - 07:35 AM

I'm just an observer (rarely using Windows these days) but it looks from

this report that the problem was entirely Microsoft's.

Phil


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: Stilly River Sage
Date: 01 Oct 11 - 11:26 AM

I think you nailed it, Phil. If I'd had the time yesterday I'd have searched for an answer (Bleeping Computers usually has these answers pretty quickly also).

A co-worker responded that the Chrome-beta program works okay with Microsoft, it's the last fully-rendered version of Chrome that got killed off.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: Stilly River Sage
Date: 01 Oct 11 - 05:30 PM

Today I updated the MS Forefront in a little used Dell with WinXP and the program didn't like one of the device drivers for the View Sonic monitor used with it. It ranked that a "medium" threat and I told it to quarantine the thing, I'm not going to fight over that driver, though I may have to reinstall it later if it seems necessary.

MS seems to have gotten a bad batch of "threats" in the mix this time.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Password stealing malware scan updated
From: JohnInKansas
Date: 01 Oct 11 - 06:53 PM

The rate at which new threats appear makes it rather difficult for all of the AV producers to keep up with everything. Someone has to identify that a new threat has appeared. Frequently the one who finds the new threat may offer a "signature" that identifies the presence of the threat, but quite often the first signature produces "false positives," identifying other (non-threatening) things as being infections. The signatures require lots of work to reconstruct a signature that's highly accurate in identifying a specific threat while giving a minimal number of false hits.

There are NO PROGRAMS that can detect all known infections, and there are NO PROGRAMS that don't occasionally "find" false identifications.

Most of the better AV programs now use "behavioral" detections, abandoning the "if it contains these bits it's viral" methods of earlier (and simpler) times for much of their detection, and using newer methods based on "if it does this" it's probably viral. This slightly increases the likelihood of "false positives" in all cases, and can greatly increase those odds when "nonstandard" programing techniques are included in a program or in page code.

There has been a rush, among developers, to incorporate "new features" in web sites and browsers, many of which are not subject to any formally adopted standard. Most browsers now claim to be using HTML5, which has been "issued for review" but is NOT A STANDARD and is still subject to changes and "addition of new properties." Some browsers are using "new properties" that exist only in the mind of the one person who wrote the code. A few people claim to be using HTML6 that, so far as the Committee is concerned does not (officially) exist except as a "theoretical possibility." "Experimental" features of CSS frequently appear. XHTML is a "proposed" language that's only vaguely defined in preliminary form and IS NOT STANDARDIZED other than as "recommended practices" that are mostly ignored.

Chrome has been one of the "leaders(?)" in attempting to use advanced (and non-standard) codings in order to offer features not available in other browsers, making it very likely that "false positive" viral indentifications will result if the "feature" uses code that "does something" that AV programs don't expect. Microsoft has used more XML/XHTML features (some undocumented? and none really "standardized") that are "poorly recognized" by other browsers.

There truly is a "browser war" in process, but most of the recent activity has been directed at providing a "new experience" to the devotees of the "palm devices" and such, which unfortunately has corrupted much of the web for users of conventional (old fashioned) real computers. There are conflicts between the various browsers, but they appear to be mostly "accidental." It's very difficult to make your browser do something others don't do without using methods the others don't use, and conflicts are inevitable even if you have the best of intentions.

John


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 18 November 10:22 PM EST

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.