Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Mary's Moral Dilemma


  • This topic is locked This topic is locked
8 replies to this topic

#1 Vistuck

Vistuck

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 16 April 2010 - 07:37 AM

Many of us have noticed that, within the past two or three years, the most dangerous malicious software applications appear to have acquired almost supernatural abilities. I know I'm not the only one who has scanned my system, located a trojan horse or spyware program and followed safe-removal procedures to the letter, only to find that upon reboot the malware is not only still there but more destructive and aggressive than before. Removal and detection efforts can be so frustrating and time-consuming that it almost seems like a more productive approach simply to minimize the potential damage from malware, such as by not transacting any credit-card purchases over the Web, or phoning in sensitive information to be stored safely on the e-commerce provider's end. I've got friends who have given up completely on efforts to remove malware, as the malware seems more inclined to leave them alone if they leave it alone. For the most part they can just forget it's there. I even know a guy who frequently uses his PC to scan and "fix" other people's malware-infested PC's, even though his own system is clearly infected with a highly sophisticated backdoor trojan that he has given up on removing. Is that where we're all headed? Toward a future in which we help each other remove the easy stuff while we carry and spread the more complex malware like a bunch of digital Typhoid Marys?

I think it would be totally irresponsible to ignore malware on my system, knowing that I was consciously helping a criminal enterprise attack people and institutions, invading privacy, stealing money and in some cases ruining lives. Have we as free citizens, or those fighting to be free, put our lives on the line over and over again to fend off government intrusion, only to meekly accept intrusion by low-life crooks into our homes and offices? I hope not.

But what of the people whose genuine, repeated attempts to do the responsible thing have led them to the brink of bankruptcy or insanity, or both? Is there a point where those people can surrender to malware infection with a clear conscience? Most of us are wholly dependent upon computers and the Internet to put food on our tables. Should we feel bad knowing our activities are helping to spread this misery, even if the only alternative for us would be to abandon our careers and risk long-term unemployment, bankruptcy and poverty?

Experts now say that millions of PCs and workstations are likely compromised and participating in botnet attacks, while the users of those machines are wholly unaware or indifferent. Is resistance futile at the end of the day? I've been infected multiple times by malware that has torn through my firewall like it was tissue paper. There's a backdoor trojan on my PC right now that can and does spread wirelessly. There's no public authority or free service outside forums such as BleepingComputer that I can turn to for help. I've already tried paying someone to fix my PC, but most PC repair/restoration companies are still pretending it's 2005, when a low-level disk wipe and OS reinstall was considered the extreme, and usually unnecessary, last resort. I paid $150 for an outdated solution that didn't resolve my problem. But the repairman insisted that it MUST have fixed the problem, and therefore it was my fault for contracting the malware a second time. The fact that this supposed reinfection happened immediately, and that I had been following all of the commonly recommended security precautions, did nothing to prevent the burden I had just spent $150 to move from my shoulders to his from landing right back on mine.

Furthermore, I was subjected yet again to scolding and lecturing, this time from a person who had just failed miserably at the task for which I had paid him good money, a task he had assured me he would achieve but did not, and for which he did not offer to refund my money. I am so used to the "it's your fault" lecture that I cringe at the thought of asking anyone else for help. I feel that the vast majority of virus-removal experts, be they for-profit or volunteer, are afflicted with an unfortunate condition I have dubbed "skeptinial" (skep-te-NYE-uhl), because it is basically denial masquerading as skepticism. As well-intentioned as they may be, most threat-removal experts still tell people that it is absolutely not possible for malware to survive a clean Windows reinstall. That opinion provides no comfort to the many of use who have performed clean Windows reinstalls that did not remove the malware. The infection on my PC has outsmarted XP, and then Vista and Windows 7. However, after attempting removals with all three, I'm a firm believer that XP is by far the best OS to have if you're infected. I still have some hope for a better-patched 32-bit Windows 7, but I absolutely will not keep a 64-bit version of Windows on my PC until it is ENTIRELY 64-bit. When backward compatibility is allowed, especially through virtualization and emulation, it merely adds another layer of wool for clever malware to pull over the user's eyes. As of this moment, the enhanced security of a 64-bit OS is still theoretical, because the ones available to consumers defeat their own purpose for the sake of letting all 64-bit users run old 32-bit apps.
So in light of all the above, what are my responsibilities to the community as an infected PC owner? What are the proper ethics of owning and using a computer that you have tried your best to clean, but didn't, and probably won't?

BC AdBot (Login to Remove)

 


#2 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 16 April 2010 - 08:16 AM

Can you link to any proof that there is any malware - In the wild - that can survive a partition reset and format? I have not run into one yet. The architecture of modern hard drives do indeed make it possible in theory, but afaik, the firmware and CE cylinders are pretty good at straining out any extraneous assembler code that attempts to write in the reserved areas. Bios attacks will probably become a future vector but I don't see any that can be easily transferred without physical access at the moment.

Lojack laptops will need to quit fooling them selves soon and the MPAA and RIAA will probably own enough politicians in the next decade to require exploitable code be included on all PC's BIOS, but I am not seeing it yet.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:15 PM

Posted 16 April 2010 - 01:43 PM

I explained my point of view in detail here

I am not going to repeat that. My only conclusion is: this is malware sci-fi; no malware developper goes through such trouble, because they have nothing to gain.

I haven't the necessary expertise to explain the hardware part, but malware is excluded here.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 Vistuck

Vistuck
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 16 April 2010 - 03:39 PM

Ken and Elise -

I think I have figured out a way to demonstrate to you that I am experiencing, at the very least, persistent abnormalities in the Windows install process. However, to do so in this thread would be way off topic. I will continue the discussion about my particular problem over at the "Am I infected?" forum. The purpose of this topic was to seek people's opinions about how to live with a malware infection and whether there is a "right way" to do that.

EDIT TO ADD:

I was thinking about what Elise said about the unlikelihood of a, for lack of a better term, "super trojan" and the notion that it would not be worth the malware developer's time and effort to develop it. I would be inclined to agree with your take on this issue if today's trojan-makers were still baking from scratch. But I think we can all agree that the latest trend in malware development is looking at creative ways in which existing, legitimate Windows components and applications can be subverted for malicious purposes. It seems like malware makers have realized that Windows itself can be regarded as a powerful development toolkit for malware. This is especially true now that Microsoft has, to some extent, caved under pressure from the open-source advocates and has been giving away a lot more of the Windows recipe than it used to. There are ungodly powerful development tools for Windows that anyone, for any reason, can download from Microsoft at no charge. So I disagree with you for the sole reason that a successful trojan-maker need only come up with a clever way to put other people's hard work to unintended, malicious use.

Say, hypothetically, that I were to develop a trojan that could communicate with the Windows PC owner's cell phone and make it do bad things, like spread my Windows trojan to other Bluetooth-enabled devices, which would in turn pass the trojan to their respective owners' Windows PCs. Elise would say that such a thing is unlikely to the point of being science fiction.

My position is that she is being irrational, because all of the hard work required to make my trojan has been done in advance by Microsoft and the cell-phone makers. All my hypothetical trojan really needs to be able to do is gain control of Windows applications that already exist today. Elise also might say that the existence of so many different brands and models of cell phones would make my work as a trojan maker far too difficult to be worth it. I'd have to learn the specifics of every type of phone I hoped to use in my wireless malware-proliferation armada. But again, Microsoft and the cell phone makers have taken care of all that for me. If I can successfully use Windows to infect a single cell phone, I can infect them all.

Anyone not familiar with Device Stage in Windows 7 might think I am a complete loon. But what Device Stage does is query Windows update for the exact specifications of just about any known Bluetooth-enabled mobile device. The makers of those devices have provided this information in advance to Microsoft so that Windows users can have their PCs and mobile devices comunicate with each other and share or transfer data.

So the "sci-fi" part of my trojan is actually the easy part, having been achieved already by the brightest minds in consumer technology. All I have to do is exploit their hard work for my own purposes by gaining control of Device Stage. It's not science fiction at all.

Edited by Vistuck, 16 April 2010 - 05:12 PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,548 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:15 PM

Posted 16 April 2010 - 03:53 PM

<<The purpose of this topic was to seek people's opinions about how to live with a malware infection and whether there is a "right way" to do that.>>

No one has to "live with" a malware infection.

A clean install usually (if not always) eliminates the risk that might be posed by such, if the computer user did not employ sufficient safeguards to prevent such or overcome such possibilities.

Louis

#6 DeathStalker

DeathStalker

  • Banned
  • 868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 16 April 2010 - 04:31 PM

I explained my point of view in detail here

I am not going to repeat that. My only conclusion is: this is malware sci-fi; no malware developper goes through such trouble, because they have nothing to gain.

I haven't the necessary expertise to explain the hardware part, but malware is excluded here.


That was one wicked cool thread. I've read books that didn't explain things as clearly or concisely as you did in a few posts. Thank you. I learned a ton, and it was explained so simply that even a dummy like me understood it.

EDIT: Since I now represent BC I had to remove something I wrote as a light joke that could easily be misconstrued. Whoops.

Edited by DeathStalker, 16 April 2010 - 05:16 PM.


#7 Vistuck

Vistuck
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 16 April 2010 - 05:23 PM

I explained my point of view in detail here

I am not going to repeat that. My only conclusion is: this is malware sci-fi; no malware developper goes through such trouble, because they have nothing to gain.

I haven't the necessary expertise to explain the hardware part, but malware is excluded here.


That was one wicked cool thread. I've read books that didn't explain things as clearly or concisely as you did in a few posts. Thank you. I learned a ton, and it was explained so simply that even a dummy like me understood it.

On a side note, apropos of nothing at all: Would it be bad form to mention tinfoil hats on THIS thread or provide a link to the proper manufacture and utilization of said hats? :thumbsup:


Please see the edit to my previous post, which I just added. Nothing I have suggested in this or my other thread requires any malware ability beyond that which we know already exists. It's not science fiction that malware could evade a low-level HDD format and OS reinstall. The ability to develop such applications has been demonstrated regularly at computer-security conferences for at least the past two years. I say the tin hatters are the people who insist that, despite the prospect of massive financial gain from doing so, malware developers have refrained from developing their own version of this known software or stealing the original software for their own purposes.

Please explain exactly why you think my position here is irrational, and how yours is not.

#8 Vistuck

Vistuck
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 16 April 2010 - 05:42 PM

<<The purpose of this topic was to seek people's opinions about how to live with a malware infection and whether there is a "right way" to do that.>>

No one has to "live with" a malware infection.

A clean install usually (if not always) eliminates the risk that might be posed by such, if the computer user did not employ sufficient safeguards to prevent such or overcome such possibilities.

Louis


Here's the problem, Louis: The only way to ensure that what the applications on your PC are showing you is a true reflection of what's there is to verify the information remotely, from a computer or other device not subject to the environmental parameters existing inside the PC in question.

Question: Of the millions of consumers out there with a Windows PC, what percentage do you suppose actually take this important step of verifying the PC's content from a remote source? Do you think it's maybe 5 percent? 2 percent? I think even an estimate of 2 percent would be optimistic to the point of naivete. But assuming it's 2 percent, that would mean that 98 percent of Windows users on home PCs have not taken the necessary steps to know with certainty what is really happening on their machine when they put that Windows DVD into the disc drive and press "Install."

All I am arguing is that, as a trojan maker, I would be very intrigued by this fact and looking for ways to exploit it. Not by levitation, or invoking the evil spirits, or any other crackpot, tinfoil-hat paranoid fantasy, but through the development of a rootkit-type application that targets specifically this hugely important moment in the deployment of Windows, the "zero instant," if you will. Why is my view of this so different from the others here? Am I not just thinking logically here? What am I missing?

#9 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:01:15 PM

Posted 16 April 2010 - 06:14 PM

I believe this subject in multiple threads has gone on long enough. Representatives of Bleeping Computer have given you their opinions. Choosing to keep resurrecting your opinion in new topics seeking someone any one to agree with you to further your agenda will have to stop. On this matter you will need to seek another forum/platform to find visitors and or members to agree with you/help you.

Bleeping Computer is unable to accommodate your needs for validity of your issue. Nor have the ability to resolve it, in the manner you see fit to accept.

This topic is closed.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users