BleepingComputer.com: Joining the fight against malware

Greetings,

I am a new member of this forum but I'm not new to the site. I've been using bleepingcomputer as a reference in my malware research lately and I've decided to join the community in order to get more specific results to my unique questions which hopefully in turn will broaden the spectrum of topics here, possibly providing someone with the one thread they need to answer the same question everyone is asking: Why is my $#!7 not working right?

My research right now is focused on BHO's, Toolbars, IE plugins and any other DLL's/processes that operate through browsers or jack into legitimate programs via a malicious code taking advantage of browser backdoors and holes.

I will be submitting, from time to time, log files with suspicious elements in them from various testing computers I use. My goal is to recreate the lists of BHO's and Toolbars to more accurately, and more importantly: definitively, describe and rate all malicious code and susceptible legitimate code. I don't want to see any more BHO strings listed as an 'open-for-debate' status. If the purpose of a list is to educate individuals on malicious code, then leaving it 'open-for-debate' is totally unacceptable.

I want safety through answers!!!

for3ver,
goose90proof

Hello and to Bleeping Computer.

Be sure to check out the New User Orientation and the excellent Tutorials.

Hi goose90proof,

Welcome to BC!!

You have caught my attention.

I have some questions.

• What is your background?
  
• Do you have experience in relation to malware?
  
• Who are you providing this research for?
  
• How have you gone about infecting your test boxes?
  
• What do you hope to achieve by submitting infected testboxes for cleanup here?

Here are some important notes...

I suspect that one of the helpers might be willing to assist in the cleanup of your testboxes but I can assure you that we will not divulge any information in regards to the inner workings of the tools we utilize or any detailed description of how these tools are used in regards to the particular infections in a public forum.

If you are already part of the malware removal community then you will clearly understand the motivation in regards to that comment.

I look forward to your replies.

Again welcome to BC,

Very kind regards,
~ t

Quote

What lists are you referring to and what makes you think any of them are not as accurate as possible given all the variables possible?

Quote

Who does? But, again, how do you think you can make that obsolete given all the possible variables?

Quote

There are MANY MANY of those, and I disagree with you. What might not be out and out malware can still be questionable for any given individual, depending on their knowledge and ability to control the situation. For example : Ask

It's junk, and most of the time it gets downloaded without the user's knowledge. What does it do? Why should you keep it if you never knew it was there to begin with? It's downright sneaky to install garbage like that, but is it malicious? Even if you give a definite answer there, I bet you someone else will come right in behind you and give a different opinion all together.

I don't know who you are or what your experience is, but I have a couple of years on me (snickers) and I know how this works and how much effort is always put into maintaining an accurate list, no matter which one(s) you're referring to.

Personally I find it a bit insulting that you come here to use us and get yourself cleaned up for free when you've purposely created this. Especially when there are hundreds of people that come here every day that really need help and have to wait because we are so far behind.

Quote

In regards to questions and concerns....

My background is my own but my experience I am willing to share. It is after all what has brought me here. I, like everyone else, have been victimized by malware on numerous occasions (more than can be counted on two hands). It has often been my privelege to assist friends and neighbors with the trouble shooting of their machines and suggesting possible solutions to their malware problems. Alas, my early attempts were unsuccessful (I inherited alot of old broken computers :D).

Simply put, I have a lot of free time and I want to do something helpful with it. My research is my own. The only 2 reasons that allow me to even start are my hunking pile of test computers and the pros here at bleepingcomputer. Because even with all my passion and desire to fight malware, I'm still definitely not a pro at this. I'm not an expert opinion. But I am able to understand computer behaviour, malware behaviour, strange processes, unusual file locations; and, I am intimately familiar with Windows.

Right now my research is very simple. I parse through lists of known/suspected/hardly-even-remotely-possible processes, BHO's and toolbars and then check, and double check resources on the web to see if the data is current (easy part). The second half of my research requires assistance. The only codes I know are markup languages. I need bleepingcomputer to deliver the ultimatum on suspected malware.

As for infection procedures:
For every computer I use for testing I have two ghost images. One is stripped down to bare bones windows and the other includes all the OEM bullbleep that they came stocked with. I like data to be consistent so I use a clean slate every time. I have windows 2000/me edition, windows xp computers, windows vista computers, and windows 7 computers. (As a note: I am looking for a windows 98 computer to purchase$$$$).

I have access to a cloud containing just about every bit of malware that's ever been reported (don't ask how). Unfortunately this cloud hasn't been collecting malware for almost 2 years now so it's quite outdated. Like I said I'm not a programmer but from what I understand, alot of known malware is redistributed with different coding but there are some relative patterns in the code that can be used to identify them. So for now I'm taking old malware (just the ones that seem to still be in circulation) and putting them on my test computers. I also do some dirty surfing just for good measure :D

That's it for my role! That's as much as I can do. I see myself as a valuable researcher not for my knowledge (really really want to learn more) but for the resources I have at my disposal.

I HOPE TO ACHIEVE A GREATER MEANS OF DEFINITIVELY IDENTIFYING MALWARE AND TO UPDATE CLSID LISTS WITH GREATER ACCURACY!!!!

for3ver,
goose90proof

This post has been edited by goose90proof: 17 June 2010 - 08:58 AM

Quote

If you take a few seconds to look at the only post I've submitted to the malware removal section you'll notice it says NON-CRITICAL!!!! in the subject. This was done to ensure I wasn't wasting anyones time. I'm patient and I can wait for someone to help me. I know how to take the proactive steps to protection that you're suggesting. I'm not concerned for my personal computer so much as I share your very own concern for the people you're all trying to help for FREE. I consider this my part as little as it may be. I just want to help.

And what about the people that come here to get cleaned up for FREE that don't even provide the valuable feedback once their computer is fixed. I've seen countless posts where people submit a log file, a helper tells them what to fix, (I'm assuming they take the recomendations) but they don't post back to even say "thanks its fixed" or "it's still not working".

Correct me if I'm wrong but that feedback is what makes this forum so valuable is it not?

This post has been edited by goose90proof: 17 June 2010 - 09:07 AM

Hello,

Thanks for the reply.

After viewing your comments I will share with you my thoughts. I see that your intent is good but I would strongly advise you to consider otherwise.

Even in experienced hands purposely infecting a machine is very risky business. Many disasters have occurred in this regard. You put yourself and others at risk!

I assure you that we have a very structured research and development team worldwide constantly creating means by which we can thwart the criminals.

This of-course is private and not open to the general public for obvious reasons.

Contrary to your belief we do not use these public forums to research malware. We study the malware outside the public forums. The tools are developed and tested prior to our instituting them publicly.

If you really want to be helpful then you could consider joining the Malware Removal Community and apply to receive training.

http://www.bleepingcomputer.com/forums/topic86678.html

Very kind regards,
~ t