Important: Malware script on RatSkep

Please read...

Check here for news about the site.

Moderators: LIFE, kiore

Re: Important: Malware script on RatSkep

#161  Postby Aern Rakesh » Sep 29, 2012 5:30 pm

Thanks, byofrcs. In any case I don't appear to be infected. Not like poor IC.
Image
User avatar
Aern Rakesh
RS Donator
 
Posts: 13582
Age: 68
Female

Country: UK (London)
United States (us)
Print view this post

Ads by Google


Re: Important: Malware script on RatSkep

#162  Postby byofrcs » Sep 29, 2012 5:34 pm

Ironclad wrote:OK, i've finally gotten the .zip but I need a pointer, I always have trouble with these files even though I have 7zip.
When I extract the file I am getting a literal wall of folders, extensions, DAT files & text documents. What do I do now? Which of these blasted items do I click on? Even though the .zip was barely 100mb it is jam-packed.



With zip file versions of the .exe then you always run a SETUP.EXE (usually).
In America the battle is between common cents distorted by profits and common sense distorted by prophets.
User avatar
byofrcs
RS Donator
 
Name: Lincoln Phipps
Posts: 7906
Age: 53
Male

Country: Tax, sleep, identity ?
European Union (eur)
Print view this post

Re: Important: Malware script on RatSkep

#163  Postby Scot Dutchy » Sep 29, 2012 5:39 pm

Never had any problems. Never do. I wonder why?
Myths in islam Women and islam Musilm opinion polls


"Religion is excellent stuff for keeping common people quiet.” — Napoleon Bonaparte
User avatar
Scot Dutchy
 
Posts: 37882
Age: 68
Male

Country: Nederland
European Union (eur)
Print view this post

Re: Important: Malware script on RatSkep

#164  Postby Ironclad » Sep 29, 2012 5:54 pm

byofrcs wrote:
Ironclad wrote:OK, i've finally gotten the .zip but I need a pointer, I always have trouble with these files even though I have 7zip.
When I extract the file I am getting a literal wall of folders, extensions, DAT files & text documents. What do I do now? Which of these blasted items do I click on? Even though the .zip was barely 100mb it is jam-packed.



With zip file versions of the .exe then you always run a SETUP.EXE (usually).


"This programme cannot run because MSVCR100.dll is missing from your computer. Reinstall & try again" :facepalm:

This is killing me now.
"If there was no such thing as science, you'd be right " - Sean Lock

"God ....an inventive destroyer" - Broks

Image
User avatar
Ironclad
RS Donator
 
Name: Nudge-Nudge
Posts: 21065
Age: 14
Male

Country: Wink-Wink
Bahrain (bh)
Print view this post

Re: Important: Malware script on RatSkep

#165  Postby Ironclad » Sep 29, 2012 6:10 pm

OK, I may have Avira up n running now, i've diabled all my firewalls, AV & AMw. Avira seems to like this.

Byo, i'm sending you the rather empty looking report.
"If there was no such thing as science, you'd be right " - Sean Lock

"God ....an inventive destroyer" - Broks

Image
User avatar
Ironclad
RS Donator
 
Name: Nudge-Nudge
Posts: 21065
Age: 14
Male

Country: Wink-Wink
Bahrain (bh)
Print view this post

Re: Important: Malware script on RatSkep

#166  Postby Aern Rakesh » Sep 29, 2012 8:58 pm

Ironclad wrote:OK, I may have Avira up n running now, i've diabled all my firewalls, AV & AMw. Avira seems to like this.

Byo, i'm sending you the rather empty looking report.


Any luck, IC?
Image
User avatar
Aern Rakesh
RS Donator
 
Posts: 13582
Age: 68
Female

Country: UK (London)
United States (us)
Print view this post

Re: Important: Malware script on RatSkep

#167  Postby Ironclad » Sep 29, 2012 9:04 pm

So far so good, Nora. Computer seems to be back to normal, for now. Honestly, I have rebooted this thing zillions of times & had to turn it off by hold the power button down far too many times also.
I was surfing by phone and attempting to Mod by tablet, not easy when I need to cut/paste so heavily.

Byofrcs has a report to chew over, to my untrained eye it looks like a pile of adware (from movies i've DLed) but nothing to evil, but also four viruses & one exploit (whatever that means).
"If there was no such thing as science, you'd be right " - Sean Lock

"God ....an inventive destroyer" - Broks

Image
User avatar
Ironclad
RS Donator
 
Name: Nudge-Nudge
Posts: 21065
Age: 14
Male

Country: Wink-Wink
Bahrain (bh)
Print view this post

Ads by Google


Re: Important: Malware script on RatSkep

#168  Postby Aern Rakesh » Sep 29, 2012 9:15 pm

Oh, excellent!

Well done Byofrcs for showing IC the way out of the valley of the shadow! :cheers:
Image
User avatar
Aern Rakesh
RS Donator
 
Posts: 13582
Age: 68
Female

Country: UK (London)
United States (us)
Print view this post

Re: Important: Malware script on RatSkep

#169  Postby THWOTH » Sep 29, 2012 10:16 pm

Seems that the storm has passed and its just a matter of mopping up the debris.

I've changed my password after deleting all board cookies. I use this online service to generate a knotty random 12-digit mixed case and symbols password. A search will return a raft of similar sites - note: there should be no need to download and install an application to do this ever! It's advised by those in the know that everybody change their passwords every three months or so just as a matter of personal security, so if you haven't done this yet perhaps now is the time to start. I keep all my passwords in plain text file dumped into an encrypted folder on a usb-stick. This kind of belt and braces approach is also good practice, and there are many free encryption programs out there, and most mid-high end usb-sticks have them already installed on their products. If you have one of these products and haven't taken advantage of it yet, again, perhaps this is the time to think about doings so.

Also, although the evil adz man, or woman, seems only to have inserted a redirecting javascript into the forum template it might be worth just checking over your board preferences in the user control panel to make sure everything is as it should be. Everything is fine for me, but you never know so go and have a look.

Other than that I think its safe to say that we live to fight another day. :cheers:
"No-one is exempt from speaking nonsense – the only misfortune is to do it solemnly."
Michel de Montaigne, Essais, 1580
User avatar
THWOTH
RS Donator
 
Name: Penrose
Posts: 36924
Age: 52

Country: Untied Kingdom
United Kingdom (uk)
Print view this post

Re: Important: Malware script on RatSkep

#170  Postby DaveD » Sep 30, 2012 1:50 am

...and opera browser, via AVG, has stopped telling me how dangerous this site is.
Image
User avatar
DaveD
 
Name: Dave Davis
Posts: 3002
Age: 59
Male

Country: UK
United Kingdom (uk)
Print view this post

Re: Important: Malware script on RatSkep

#171  Postby paret0 » Sep 30, 2012 6:44 am

Ironclad wrote:So far so good, Nora. Computer seems to be back to normal, for now. Honestly, I have rebooted this thing zillions of times & had to turn it off by hold the power button down far too many times also.
I was surfing by phone and attempting to Mod by tablet, not easy when I need to cut/paste so heavily.

Byofrcs has a report to chew over, to my untrained eye it looks like a pile of adware (from movies i've DLed) but nothing to evil, but also four viruses & one exploit (whatever that means).


Byofrcs may overrule me, and do stick with your successful practice of listening to him and him alone here - but you do want a firewall in addition to a scanner/realtime av like Avira. I like Comodo firewall with Avira on XP, V, 7, although the built-in Windows firewall is a very good and quite capable of doing just about whatever you want to do with a packet filter.

A firewall would likely not have helped anyone in this case. It's just bad when a site gets pwnd and sends malware right down Port 80 or rebinds DNS to resolve a good site to a bad IP.

I remember Gumblar. A Trojan worm that laid a rootkit of about 30 lines of heavily-obfuscated javascript that would run as a service, listening for instructions from Russian Business Network-hosted servers to slowly and steathily assemble itself.
Over time, it could become a full RAT, echoing keyboards and displays over multiplexed encrypted tunnels. Control for the botnet of infested computers was through IRC. The botnet master had his net segmented vertically and horizontally. Probably so he could sell it in pieces or close off hatches when it got hot.
It was a nasty little fucker. I doubt the diabolical VXsonofabitch who coded it is still breathing though. Dangerous business that. At that scale especially. The stuff of novels.
paret0
 
Posts: 495
Age: 48
Male

United States (us)
Print view this post

Re: Important: Malware script on RatSkep

#172  Postby Ironclad » Sep 30, 2012 7:50 am

Most of that went right over my head, I'm afraid.

I'm thinking I may start using Hijack This! as an extra surprise for anyone trying to insert keyloggers. But I'm not sure this programme would have helped, in this recent case.
"If there was no such thing as science, you'd be right " - Sean Lock

"God ....an inventive destroyer" - Broks

Image
User avatar
Ironclad
RS Donator
 
Name: Nudge-Nudge
Posts: 21065
Age: 14
Male

Country: Wink-Wink
Bahrain (bh)
Print view this post

Re: Important: Malware script on RatSkep

#173  Postby THWOTH » Sep 30, 2012 10:02 am

Change to Ubuntu. It's painless, really. You'll never notice after a week.
"No-one is exempt from speaking nonsense – the only misfortune is to do it solemnly."
Michel de Montaigne, Essais, 1580
User avatar
THWOTH
RS Donator
 
Name: Penrose
Posts: 36924
Age: 52

Country: Untied Kingdom
United Kingdom (uk)
Print view this post

Re: Important: Malware script on RatSkep

#174  Postby Ironclad » Sep 30, 2012 10:17 am

THWOTH wrote:Change to Ubuntu. It's painless, really. You'll never notice after a week.

Don't you have to be clever n stuff to use that thing? :scratch:
"If there was no such thing as science, you'd be right " - Sean Lock

"God ....an inventive destroyer" - Broks

Image
User avatar
Ironclad
RS Donator
 
Name: Nudge-Nudge
Posts: 21065
Age: 14
Male

Country: Wink-Wink
Bahrain (bh)
Print view this post

Re: Important: Malware script on RatSkep

#175  Postby paret0 » Sep 30, 2012 10:28 am

Ironclad wrote:

I'm thinking I may start using Hijack This! as an extra surprise for anyone trying to insert keyloggers. But I'm not sure this programme would have helped, in this recent case.


Bounce the HJT thing off byo. He's giving out the good stuff here.


Most of that went right over my head, I'm afraid.


"Trojan" - a virus you download as a legit script or program. From the Trojan Horse of The Odyssey. "Beware of Greeks bearing gifts."
"Worm" - malware that can migrate to other places and other computers. Like the Sandworms from Dune, you just never know where they'll pop up.
"Rootkit" or "Persistent Rootkit" - malware that hides itself and seeks elevated privledges to run commands (like to delete things, or to open up a backdoor and upload your bank account info from your browser cache to whoever).
"RAT" - Remote Access Terminal - just like it sounds. Like LogMeIn for the bad guys. Over a special badguy VPN hosted by your computer. Bad.

"Russian Business Network" - Web hosting by the Russian Mob. "Bulletproof", as long as you pay up and don't mind the puns. - Where to host your Nike Viagra spam site or malware loader without the inconvenient hassle of dealing with noncriminals and their pesky little rules about legitimate web hosting.
You exploit a website. "Arbitrary Code Execution" means that website's computer will run any software you load on it. You put a java or php script (series of commands) on that site's home page that makes a visitor's browser go to your illegal RBN server and download a buttload more scripts and run more commands.
Happens every day.



"Segmented network" - A scalable, redundant, distributed high-availability and failover cluster solution for the bad guys, vertically integrated with badguy tech through the edges,cores, and backbones. Engineered for max life cycle and rapid redeployment. Distributed database and middleware scattered over the planet.
For you and your infected computer, it's like Folding@Home, except you didn't volunteer for any of this shit.


Gumblar was special because it could morph itself completely with its next communication with its control net. This greatly prolonged it's attack window in the wild because its attack signature, its M.O., varied whenever it sensed the jig was up. Gumblar was not one signature, but hundreds. An inspired piece of criminal code that's still running in labs and "Out there".



The VX Lifestyle:
Nerdy little aspies named Eugen with enough stick time to build a software structure as big and tight as Gumblar are specialists who generally don't have the street smarts to capitalize on it before Interpol kicks in the door. They also generally need partners to protect them and their intellectual products from opportunists who can beat anything they want to know out of just about anyone, with a hammer.
They either live double and triple lives of cloak and dagger, or retire early. Gangsta-style or shot up by lawful authorities. Retired.
paret0
 
Posts: 495
Age: 48
Male

United States (us)
Print view this post

Ads by Google


Re: Important: Malware script on RatSkep

#176  Postby paret0 » Sep 30, 2012 10:54 am

Ironclad wrote:
THWOTH wrote:Change to Ubuntu. It's painless, really. You'll never notice after a week.

Don't you have to be clever n stuff to use that thing? :scratch:


Mint Cinnamon Edition is what I've recommended lately to Aussies. YMMV. :coffee:
paret0
 
Posts: 495
Age: 48
Male

United States (us)
Print view this post

Re: Important: Malware script on RatSkep

#177  Postby byofrcs » Sep 30, 2012 1:02 pm

Ironclad wrote:
THWOTH wrote:Change to Ubuntu. It's painless, really. You'll never notice after a week.

Don't you have to be clever n stuff to use that thing? :scratch:


You’re aged 9 - my kids from 4 up have used Linux (Mandrake and now Ubuntu) (I'm serious on my kid's ages. Linux boxes are called generically "penguin" computers verses Windows computers. Kids know certain games work in Windows, others in Linux so they dual boot.
In America the battle is between common cents distorted by profits and common sense distorted by prophets.
User avatar
byofrcs
RS Donator
 
Name: Lincoln Phipps
Posts: 7906
Age: 53
Male

Country: Tax, sleep, identity ?
European Union (eur)
Print view this post

Re: Important: Malware script on RatSkep

#178  Postby Scot Dutchy » Sep 30, 2012 4:50 pm

:scratch: Never noticed a thing.
Myths in islam Women and islam Musilm opinion polls


"Religion is excellent stuff for keeping common people quiet.” — Napoleon Bonaparte
User avatar
Scot Dutchy
 
Posts: 37882
Age: 68
Male

Country: Nederland
European Union (eur)
Print view this post

Re: Important: Malware script on RatSkep

#179  Postby Scot Dutchy » Oct 03, 2012 1:28 pm

I just got a warning from Zone Alarm that this is a phishing site?
Myths in islam Women and islam Musilm opinion polls


"Religion is excellent stuff for keeping common people quiet.” — Napoleon Bonaparte
User avatar
Scot Dutchy
 
Posts: 37882
Age: 68
Male

Country: Nederland
European Union (eur)
Print view this post

Re: Important: Malware script on RatSkep

#180  Postby THWOTH » Oct 03, 2012 1:41 pm

Did it give you any more indication as to why Scotty?
"No-one is exempt from speaking nonsense – the only misfortune is to do it solemnly."
Michel de Montaigne, Essais, 1580
User avatar
THWOTH
RS Donator
 
Name: Penrose
Posts: 36924
Age: 52

Country: Untied Kingdom
United Kingdom (uk)
Print view this post

PreviousNext

Return to Announcements

Who is online

Users viewing this topic: No registered users and 1 guest