Author Topic: Badly Infected? - You May Need an ENTIRELY New Computer  (Read 4375 times)

0 Members and 1 Guest are viewing this topic.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Badly Infected? - You May Need an ENTIRELY New Computer
« on: October 08, 2006, 07:12:07 AM »
full article is at:
http://www.informationweek.com/management/showArticle.jhtml?articleID=193105227&subSection=Global

Chinese Hackers Hit Commerce Department
By Gregg Keizer
Oct 6, 2006

The federal government's Commerce Department admitted Friday that heavy attacks on its computers by hackers working through Chinese servers have forced the bureau responsible for granting export licenses to lock down Internet access for more than a month.

Hundreds of computers must be replaced to cleanse the agency of malicious code, including rootkits and spyware.

It's the second major attack originating from China that's been acknowledged by the federal government since July.

"They're obviously questioning what's where in those systems," said Stiennon, who added that in some cases, even reformatting the disk drive and reinstalling software can't guarantee that all malicious code has been removed. "We don't know if the attackers have greater technology than we do," he argued. "Replacing systems is pretty draconian, but it really indicates that Commerce is very concerned."

One possible infection technique that could survive a reformat would be to store malicious code in the PC's BIOS flash memory.  In January, a security researcher at the Black Hat conference demonstrated how the BIOS could be used by attackers.



Offline Temmu

  • The Assimilator
  • Hero Member
  • *****
  • Posts: 5404
    • View Profile
    • gooooooooogle
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #1 on: October 09, 2006, 04:20:47 PM »
wow.  if so, that's nasty!
is that chinese government sponsored? or is that a group of chinese who say they're not chinese government sponsored??

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #2 on: October 10, 2006, 03:28:16 AM »
i don't know, but there's SPECULATION that it's government-sponsored by the chinese.
(quoting from the article):

Although Stiennon said he doesn't have any inside information on the most recent attack, the evidence points to state-sponsored hacking. "The continuous nature of these attacks means there is a link to a state source," Stiennon said. "The Chinese are waging very effectual intellectual warfare."

In May, Congress criticized State Department plans to use Chinese-made PCs in high-security settings because it feared the machines' BIOS could be pre-infected with spyware.

And last year, Britain's National Infrastructure Security Co-ordination Center (NISCC) claimed that Chinese hackers had attacked more than 300 government agencies and private companies in the U.K.

"This [Commerce attack] is the third or fourth battle that we've lost to China," said Richard Stiennon, principal analyst with security consultancy IT-Harvest. "It's not a digital Pearl Harbor, not yet, but it's getting closer."



Offline Temmu

  • The Assimilator
  • Hero Member
  • *****
  • Posts: 5404
    • View Profile
    • gooooooooogle
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #3 on: October 10, 2006, 04:13:11 AM »
me thinks we have a group of military geeks who try to defend us from such. 

the enemy always has the advantage because you can only guess what will be tried.  microsoft & anti-virus companies are in that kind of bind.  they are reactive.

Offline Assarbad

  • AV research & development
  • Malware Experts
  • Sr. Member
  • *****
  • Posts: 368
    • View Profile
    • WinDirStat
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #4 on: November 26, 2006, 10:09:05 PM »
Hehe, Temmu, any suggestions then?

Ms. Rutkowska also complains about this fact, yet has no better recipe. IMO education of users bundled with a safer system design and security software will definitely secure most average users (including those working in governmental agencies). While targeted attacks will never be possible to rule out, IMO.
Oliver (working at FRISK but posting here as a private person!)

Clogged disks on Windows? Check out: WinDirStat

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20873
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #5 on: November 26, 2006, 11:32:53 PM »
Reactive?  A system could be designed more so restrictive than Windows Vista reportedly is.  But would that solve the problem?  I expect that the malware writers are already working on ways into Vista.  After all, greed resulting from the advertising revenue is the driving force. 

I agree with Oliver's comments and add that in addition to the anti-virus and anti-malware vendors the collective "we" are fortunate that there are people like Merijn, Attribune, S!Ri, sUbs, etc. who spend their time developing free tools to help us fight these infections.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Assarbad

  • AV research & development
  • Malware Experts
  • Sr. Member
  • *****
  • Posts: 368
    • View Profile
    • WinDirStat
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #6 on: November 26, 2006, 11:46:03 PM »
I expect that the malware writers are already working on ways into Vista.
:lol: ... reportedly Authentium and Symantec already did it, so the malware authors can also simply choose to wait until their products come out and look like they do it  :hysterical:

I agree with Oliver's comments and add that in addition to the anti-virus and anti-malware vendors the collective "we" are fortunate that there are people like Merijn, Attribune, S!Ri, sUbs, etc. who spend their time developing free tools to help us fight these infections.
True. If I wasn't restricted in it, I'd offer my help. But well, as long as it is not for coding I can probably help (e.g. Atribune). My time is very limited (currently), but if it comes to drivers or fighting rootkits I can surely help ...

The worst thing with the RCs of Vista were the message boxes popping up with warnings. I've seen professionals get bored of firewall or such warnings and click yes regardless of what the message says. So what can we expect from a normal user? Overall I'd say Vista is a step in the right direction though - with regard to security. The system requirements are a different story  :confused:
Oliver (working at FRISK but posting here as a private person!)

Clogged disks on Windows? Check out: WinDirStat

Offline Assarbad

  • AV research & development
  • Malware Experts
  • Sr. Member
  • *****
  • Posts: 368
    • View Profile
    • WinDirStat
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #7 on: November 26, 2006, 11:53:47 PM »
Darn, "look how they do it", of course. This comment was with respect to PatchGuard in Vista ...
Oliver (working at FRISK but posting here as a private person!)

Clogged disks on Windows? Check out: WinDirStat

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1602
    • View Profile
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #8 on: November 27, 2006, 08:17:24 AM »
Microsoft engaging with hackers


http://news.bbc.co.uk/1/hi/programmes/click_online/5413792.stm

Quote
A team from Microsoft headquarters went to Malaysia for Asia's biggest gathering of hackers - not to confront the enemy - but to throw the hackers a party.
 


Nothing like gettin in to bed with the

numbnuts.. :hysterical:
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Badly Infected? - You May Need an ENTIRELY New Computer
« Reply #9 on: November 29, 2006, 11:55:15 PM »
 :2cents:
i've often wondered if malware infections would be less, if MICROSOFT didn't dominate the OS market...
- it's really not clearcut:
yes, we're more vulnerable, but the negative publicity of infections also forces MS to act to resolve problems.
(i've had some apps over the years go Pflooey, but the smaller co's didn't seem to mind very much, or be ABLE to do anything to help. all the big headlines about a windows vulnerability, prods the co to act - if the market were split between 5 or 6 Os's, there wouldn't be that pressure to FIX THE PROBLEM.
 :gwave:
it's IRONIC.
originally, arpanet (the nascent internet) was proposed as a way to DE-CENTRALIZE data.
the COMPUTER INDUSTRY wasn't thinking along these lines at ALL.
but ARPA wanted a network, partly so one failure (or bomb) wouldn't knock out all data at other points in the chain.
THEN, after private industry got involved, MICROSOFT sprung up -- and we're vulnerable once more, since most people use their OS. (which is a good thing- until there's a bug or vulnerablity that gets exploited)

from  http://www2.dei.isep.ipp.pt/docs/arpa--1.html
The Completion Report goes on to differentiate ARPA from the computer industry:

"The computer industry, in the main, still thinks of the computer as an arithmetic engine. Their heritage is reflected even in current designs of their communication systems.' They have an economic and psychological commitment to the arithmetic engine model, and it can die only slowly..." (ARPA draft, III-24)

The Completion Report further analyzes this problem by tracing it back to the nation's institutions:
"...furthermore, it is a view that is still reinforced by most of the nation's computer science programs. Even universities, or at least parts of them, are held in the grasp of the arithmetic engine concept...." (ARPA draft, III-24)

Thus history has witnessed the research and development which had led to the concrete existence of first the ARPANET, and later the Internet.