- Status
As its a trojan and not a virus its an easy fix available, replace the user. For you who dont know the difference between trojan and virus and it appears to be far more than expected from a site lite this...
Virus=Infects the machines it get in contact with - without the need to "install it".
Trojan=Appears to be something else or "bundeled" with real software and fools the user into installing it wich is the case here judging the headline, and when the user allows the install they simply tells the OS that this pice of software is alright so what is the weaker link? The person behind the wheel or the machine just complying to the users wishes?
If you want to bash MS for allowing people to install software on their computers - go ahead and make a fool of yourself! Its like saying well i disabled my Airbag in the car and got hurt when i crashed later, gee its the manfacturers fault!
Virus=Infects the machines it get in contact with - without the need to "install it".
Trojan=Appears to be something else or "bundeled" with real software and fools the user into installing it wich is the case here judging the headline, and when the user allows the install they simply tells the OS that this pice of software is alright so what is the weaker link? The person behind the wheel or the machine just complying to the users wishes?
If you want to bash MS for allowing people to install software on their computers - go ahead and make a fool of yourself! Its like saying well i disabled my Airbag in the car and got hurt when i crashed later, gee its the manfacturers fault!
mothandras
Distinguished
- May 18, 2010
- 24
- 0
- 18,510
[citation][nom]Godfail[/nom]Formatting your MBR does not sacrifice your OS settings in any way.[/citation]
Try and boot after you format MBR.. Not going to happen.. not to mention you would need a boot disk.. and the majority of us dont know what a boot disk is, how to make one, or have a floppy disk/drive to do it.
Try and boot after you format MBR.. Not going to happen.. not to mention you would need a boot disk.. and the majority of us dont know what a boot disk is, how to make one, or have a floppy disk/drive to do it.
Christopher1
Distinguished
- Aug 29, 2006
- 667
- 3
- 19,015
Nothing should be allowed to access the MBR unless it is WHITELISTED application. That is the bottom line here.
Microsoft needs to realize that there are some parts of the OS and computer that regular applications just SHOULD NOT TOUCH and go to a whitelisting model for access to those areas.
They did it a little in Windows 7, but they didn't go anywhere near far enough.
Microsoft needs to realize that there are some parts of the OS and computer that regular applications just SHOULD NOT TOUCH and go to a whitelisting model for access to those areas.
They did it a little in Windows 7, but they didn't go anywhere near far enough.
Christopher1
Distinguished
- Aug 29, 2006
- 667
- 3
- 19,015
[citation][nom]Tomtompiper[/nom]I thought Win 7 was meant to be uber secure, with permissions to install stuff and such? This sounds like the bad old days again, when will they learn and implement tighter security?[/citation]
Hey, Windows 7 IS uber-secure compared to previous versions of Windows. The PROBLEM is that if Microsoft goes too far down the 'security' route like Linux has, people are going to stop using it, because it then becomes a pain in the rump to use for most users.
Hey, Windows 7 IS uber-secure compared to previous versions of Windows. The PROBLEM is that if Microsoft goes too far down the 'security' route like Linux has, people are going to stop using it, because it then becomes a pain in the rump to use for most users.
nekatreven
Distinguished
- Feb 20, 2007
- 415
- 0
- 18,780
[citation][nom]mothandras[/nom]Try and boot after you format MBR.. Not going to happen.. not to mention you would need a boot disk.. and the majority of us dont know what a boot disk is, how to make one, or have a floppy disk/drive to do it.[/citation]
-Boot discs are available on CD these days.
-I'd assume that anyone who formats their mbr from a boot disc knows what a boot disc is and how to acquire one...since they already did.
-If you had this virus your computer would already not boot, so it doesn't make sense to worry about borking the mbr and not being able to boot.
-Boot discs are available on CD these days.
-I'd assume that anyone who formats their mbr from a boot disc knows what a boot disc is and how to acquire one...since they already did.
-If you had this virus your computer would already not boot, so it doesn't make sense to worry about borking the mbr and not being able to boot.
Userremoved
Distinguished
- Feb 27, 2010
- 1,276
- 0
- 19,310
zaznet
Distinguished
- May 10, 2010
- 387
- 0
- 18,780
This thing is a backdoor Trojan designed to allow someone to take remote control of your computer (prior to that fatal reboot). This article doesn't go into any detail on that part of the virus but it's there.
For others like me who wanted to know what the mysterious ASCII string looked like, this article has a screen shot. It's just a line of = signs...
http://www.ditii.com/2010/06/18/backdoorwin32yonsole-a-trojan-modify-mbr-on-affected-pc/
For others like me who wanted to know what the mysterious ASCII string looked like, this article has a screen shot. It's just a line of = signs...
http://www.ditii.com/2010/06/18/backdoorwin32yonsole-a-trojan-modify-mbr-on-affected-pc/
gogogadgetliver
Distinguished
- Apr 7, 2010
- 300
- 0
- 18,780
[citation][nom]Tomtompiper[/nom]I thought Win 7 was meant to be uber secure, with permissions to install stuff and such? This sounds like the bad old days again, when will they learn and implement tighter security?[/citation]
It is. This article fails to point out that the trojan won't work without the user giving permission. UAC is going to catch any attempts to write a DLL to system32.
The tighter security has been in place for years now (since Vista). Yet some people like the author are still thinking in Windows XP terms.
It is. This article fails to point out that the trojan won't work without the user giving permission. UAC is going to catch any attempts to write a DLL to system32.
The tighter security has been in place for years now (since Vista). Yet some people like the author are still thinking in Windows XP terms.
gogogadgetliver
Distinguished
- Apr 7, 2010
- 300
- 0
- 18,780
[citation][nom]Userremoved[/nom]So then those dual BIOS things would become even more usefull?[/citation]
Unrelated to this issue. MBR is not same as BIOS.
Unrelated to this issue. MBR is not same as BIOS.
gogogadgetliver
Distinguished
- Apr 7, 2010
- 300
- 0
- 18,780
[citation][nom]ohiou_grad_06[/nom]No need for that, boot from a rescue disc such as ubcd 4 win. Also, fdisk command may not be necessary. I think if you boot from a Vista or Win7 disc, that it can detect and fix things like that correct?[/citation]
Yep. This would even fall into the automated tasks. Boot Win7 Disk, tell it to fix itself. Done.
Yep. This would even fall into the automated tasks. Boot Win7 Disk, tell it to fix itself. Done.
coldmast
Distinguished
- May 8, 2007
- 664
- 0
- 18,980
[citation][nom]mothandras[/nom] the majority of us dont know what a boot disk is, how to make one, or have a floppy disk/drive to do it.[/citation]
You do know what site your on right.
I DO know what a boot disk is, how to make one, and I have a floppy drive but I prefer boot CDs ;P
I believe that every windows disc (at least the OEM versions) includes a recovery console.
You do know what site your on right.
I DO know what a boot disk is, how to make one, and I have a floppy drive but I prefer boot CDs ;P
I believe that every windows disc (at least the OEM versions) includes a recovery console.
eddieroolz
Splendid
- Sep 6, 2008
- 7,057
- 0
- 25,860
Interesting trojan. Only matter of time until someone modifies this to present random ASCII art like pedobear.
[citation][nom]Christopher1[/nom]Nothing should be allowed to access the MBR unless it is WHITELISTED application. That is the bottom line here.[/citation]
No, this is a completely erroneous approach; a virus could easily infect/pretend to be a whitelisted application.
Linux has got the right idea though; only allow user "root" to affect system-wide parts of the OS, including low-level access to hardware, at all times.
However, Ubuntu allows sudo with current user password by default and thus regular users could abuse sudo to run code as root which can affect the system-wide stuff.
Debian (the Linux distro Ubuntu was originally based on) has got it right. You need to manually specify which users are allowed to use sudo and using which password. By default only root may use sudo.
No, this is a completely erroneous approach; a virus could easily infect/pretend to be a whitelisted application.
Linux has got the right idea though; only allow user "root" to affect system-wide parts of the OS, including low-level access to hardware, at all times.
However, Ubuntu allows sudo with current user password by default and thus regular users could abuse sudo to run code as root which can affect the system-wide stuff.
Debian (the Linux distro Ubuntu was originally based on) has got it right. You need to manually specify which users are allowed to use sudo and using which password. By default only root may use sudo.
- Status
TRENDING THREADS
-
Question No POST on new AM5 build - - - CPU & DRAM lights are on ?
- Started by Uknownflowet
- Replies: 13
-
-
-
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 4K
Facebook
Twitter
Instagram