Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

What serious threat do you remember?


  • Please log in to reply
10 replies to this topic

#1 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 02 April 2009 - 10:54 PM

I have been reading over my logs and fun stuff to find information about older, more serious threats. I want to know, who here can think of a very serious threat?

Tell your story about your experiences with very serious threats. I would love to hear them!

BC AdBot (Login to Remove)

 


#2 battyhippie

battyhippie

  • Members
  • 430 posts
  • OFFLINE
  •  

Posted 04 April 2009 - 09:45 AM

Good one, Jay-P, but for me, I am going to have to go back to the mid-1980's and my 386. The bug? Windows 2.0. That was the only bug that I loaded on my system that totally crashed my system. I had to use my boot disk to get the system up so that I could re-format my hard drive. What a mess! I did not load another Windows until 3.0 and then? Windows did not like my DOS based programs...ie Lotus and WP. So off if went, again. I have never understood how such a program, that does not play well with others, became so big? And it is a threat...you can't upgrade unless you change All of your programs. Hey, I am sure there are others who will disagree with me...but in my mind, Windows is the meanest, nastiest, bug there is!

#3 MishY

MishY

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 04 April 2009 - 10:36 AM

Magistr Virus was the worst I got. :flowers:
Convinced me to actually get an AV program. :thumbsup:

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:34 PM

Posted 04 April 2009 - 11:29 AM

Well, I remember my first virusencounter, think it was in 1994, The first time I actually used my antivirus (f-prot?). It started bleeping and it found Yankee doodle. Really dont know what it was doing, dont think it was something very serious, but it had infected all my Windows 3.11 install-floppy's. I had tried to install back windows 3 times before thinking of a virus, but hey... I learned something over the years. Anyway, was having quite some nightmares about that one!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:05:34 AM

Posted 05 April 2009 - 10:27 PM

For me personally it was "Shorts Oak Tree". A deltree program designed to
delete win.ini and sys.ini and it worked very well.
But for the internet I have to say the Morris worm was the most serious of it's time.
http://en.wikipedia.org/wiki/Morris_worm

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#6 burn1337

burn1337

  • Banned
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 05 April 2009 - 10:35 PM

Honestly I can't really think of any threats I have ever had except those I made myself... Ended up having to reformat windows at least 40 times before I stopped writing random viri...

Battyhippie - I would agree, Windows is one of the worst threats out there to begin with...

#7 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:07:34 PM

Posted 05 April 2009 - 10:41 PM

Most serious threat that I've gotten on here is the amvo worm, which our college dubbed it the "amvo virus" since we had no clue what it was and that I found that amvo was somehow connected to it (after going through the registry and crap....which was stupid, of course). This was way before I knew anything about malware and whatnot and before I started to participate in BC.

We were just going about our business when some of us had or AV's flagging something as soon as we plugged a USB drive in, which Norton detected it as "Hacktool.rootkit". Some decided to reformat while others left it there. The only thing we've noticed is that people who played WoW have had their accounts "hacked" and that stuff wasn't there and whatnot. I'm one of the idiots who left it on my computer, but I was trying to see what methods would work best. I tried many different programs for 2-3 weeks, but none worked until I finally got it off with Trend Micro Houscall scanner with several other things that I can't remember anymore.....which about a couple days after I got it off, they got a script built for getting rid of the virus.

....shutting up.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#8 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 05 April 2009 - 11:04 PM

*Jay learns and reads excitedly*

The biggest I had was on my mother's computer which was the Sasser worm (MS04-011: LSASS). It ended up blocking TCP port 445. The worm was variant E, which I think the one creating it got arrested sometime after the E was released. I think that was in 2004, where they Microsoft released a $250,000 bounty for the German Computer Scientist.

Edited by Jay-P VIP, 05 April 2009 - 11:05 PM.


#9 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:10:34 PM

Posted 06 April 2009 - 03:09 AM

Sasser was a decent one. I remember setting up a box as a test to see how long it would take to get infected without AV/Firewall installed. Got Windows installed (no SPs) and as soon as it was connected to the internet, I went to Windows Update. Was in the process of downloading the updates, when I got hit. It took all of 2 mins (could have been even less actually, I didn't time it) to get infected. And all I did was go to Windows Update upon getting online, never visited any other site. I admit, it was fun. That was late 03, and I was hit with Blaster, Sasser's predecessor.

In terms of malware (not worms or viruses), my personal favorites the ones I remember most as being dangerous and hard to remove at the time (02-04) were variants of LOP (which is what got me involved in the online security community in the first place) and Look2Me AKA L2M, both of which are still around and with many variants now. Did you know that Look2Me was first classified as part of the VX2 Virtumonde family (now called Vundo) of malware? Iit was also one of the first malware to use the User Agent string to advertise itself by adding a L2M ClassIdentifier (CLSID) to the browser's useragent string. You can view your User Agent string by typing the following in the address bar (case sensitive):
java script:navigator.userAgent
And, of course, who can forget the Memory Watcher (pepper) malware. It was a pita to remove until we discovered that the distributors uninstaller was actually the best way to remove it. It caused all kinds of pop ups to appear, and protected itself by having several processes "watch over" one another. If one was stopped, two more randomly named files would be created and executed. One with little knowledge could end up with 100s of the infected files running very easily. It also had several registry keys "watching over" the processes and ensuring that they were up and running.
Then again, there's the nasty that first used ADS to "hide" - it embedded itself on (not in) the System32 folder!!! (that's the one that prompted Merijn's ADSSpy); the first variants of CWS (which used a custom stylesheet to carry its payload)... there are so many. Oh, can't forget the first popular rootkit (f0r0r).
In terms of viruses/trojans/worms, I had a special spot in my crosshairs for any variant of the SDBot/RDBot worms. They were/are nasty worms that transform the machine into a zombie (connects to an IRC server coded in it to get instructions or be at the bot herder's disposal - commonly used in DDoS attacks). They would typically disable msconfig, task manager, the registry editor and several other administrative tools.

But my very first experience with a virus was in the early 90s in our school computer lab. All our floppies were infected with a virus that caused a ping pong ball to appear on the screen and delete everything it touched as it bounced around. I had the wonderful job of cleaning up the floppies and workstations. Even then, I guess I was a good candidate for malware removal! :flowers:

Of course, I also can't forget the Boot Viruses of the Amiga.... Destroyed many a disc with that one. Guru Meditation!!! :thumbsup:
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#10 iisjman07

iisjman07

  • Members
  • 94 posts
  • OFFLINE
  •  

Posted 06 April 2009 - 03:17 AM

Mine are two, virut infections that are uncurable, and the TDSS Rootkit when it first came out.

#11 Guest_tylerisdabest_*

Guest_tylerisdabest_*

  • Guests
  • OFFLINE
  •  

Posted 10 April 2009 - 04:24 PM

I think there was a variant named itch.exe that my friend got. He ended up getting all his exe files deleted so he could not boot. I remember seeing the viriant on CNN, I think warning not to reboot if your desktop changes to the korn logo.

Edited by Pandy, 10 April 2009 - 09:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users