Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Joining the fight against malware


  • Please log in to reply
6 replies to this topic

#1 troublesh00ter

troublesh00ter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:10:58 AM

Posted 16 June 2010 - 08:50 AM

Greetings,

I am a new member of this forum but I'm not new to the site. I've been using bleepingcomputer as a reference in my malware research lately and I've decided to join the community in order to get more specific results to my unique questions which hopefully in turn will broaden the spectrum of topics here, possibly providing someone with the one thread they need to answer the same question everyone is asking: Why is my $#!7 not working right?

My research right now is focused on BHO's, Toolbars, IE plugins and any other DLL's/processes that operate through browsers or jack into legitimate programs via a malicious code taking advantage of browser backdoors and holes.

I will be submitting, from time to time, log files with suspicious elements in them from various testing computers I use. My goal is to recreate the lists of BHO's and Toolbars to more accurately, and more importantly: definitively, describe and rate all malicious code and susceptible legitimate code. I don't want to see any more BHO strings listed as an 'open-for-debate' status. If the purpose of a list is to educate individuals on malicious code, then leaving it 'open-for-debate' is totally unacceptable.

I want safety through answers!!!

for3ver,
goose90proof
for3ver,
goose90proof

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 16 June 2010 - 04:03 PM

Hello and :thumbsup: to Bleeping Computer.

Be sure to check out the New User Orientation and the excellent Tutorials.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 16 June 2010 - 09:10 PM

Hi goose90proof,

Welcome to BC!!

You have caught my attention.

I have some questions.
  • What is your background?
  • Do you have experience in relation to malware?
  • Who are you providing this research for?
  • How have you gone about infecting your test boxes?
  • What do you hope to achieve by submitting infected testboxes for cleanup here?
Here are some important notes...

I suspect that one of the helpers might be willing to assist in the cleanup of your testboxes but I can assure you that we will not divulge any information in regards to the inner workings of the tools we utilize or any detailed description of how these tools are used in regards to the particular infections in a public forum.

If you are already part of the malware removal community then you will clearly understand the motivation in regards to that comment.

I look forward to your replies.

Again welcome to BC,

Very kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:58 AM

Posted 16 June 2010 - 09:57 PM

My goal is to recreate the lists of BHO's and Toolbars to more accurately, and more importantly: definitively, describe and rate all malicious code and susceptible legitimate code. I don't want to see any more BHO strings listed as an 'open-for-debate' status.

What lists are you referring to and what makes you think any of them are not as accurate as possible given all the variables possible?

I don't want to see any more BHO strings listed as an 'open-for-debate' status.

Who does? But, again, how do you think you can make that obsolete given all the possible variables?

If the purpose of a list is to educate individuals on malicious code, then leaving it 'open-for-debate' is totally unacceptable.

There are MANY MANY of those, and I disagree with you. What might not be out and out malware can still be questionable for any given individual, depending on their knowledge and ability to control the situation. For example : Ask

It's junk, and most of the time it gets downloaded without the user's knowledge. What does it do? Why should you keep it if you never knew it was there to begin with? It's downright sneaky to install garbage like that, but is it malicious? Even if you give a definite answer there, I bet you someone else will come right in behind you and give a different opinion all together.

I don't know who you are or what your experience is, but I have a couple of years on me (snickers) and I know how this works and how much effort is always put into maintaining an accurate list, no matter which one(s) you're referring to.

Personally I find it a bit insulting that you come here to use us and get yourself cleaned up for free when you've purposely created this. Especially when there are hundreds of people that come here every day that really need help and have to wait because we are so far behind. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:10:58 AM

Posted 17 June 2010 - 08:53 AM

I have some questions.

  • What is your background?
  • Do you have experience in relation to malware?
  • Who are you providing this research for?
  • How have you gone about infecting your test boxes?
  • What do you hope to achieve by submitting infected testboxes for cleanup here?
Here are some important notes...

I suspect that one of the helpers might be willing to assist in the cleanup of your testboxes but I can assure you that we will not divulge any information in regards to the inner workings of the tools we utilize or any detailed description of how these tools are used in regards to the particular infections in a public forum.

If you are already part of the malware removal community then you will clearly understand the motivation in regards to that comment.


In regards to questions and concerns....

My background is my own but my experience I am willing to share. It is after all what has brought me here. I, like everyone else, have been victimized by malware on numerous occasions (more than can be counted on two hands). It has often been my privelege to assist friends and neighbors with the trouble shooting of their machines and suggesting possible solutions to their malware problems. Alas, my early attempts were unsuccessful (I inherited alot of old broken computers :D).

Simply put, I have a lot of free time and I want to do something helpful with it. My research is my own. The only 2 reasons that allow me to even start are my hunking pile of test computers and the pros here at bleepingcomputer. Because even with all my passion and desire to fight malware, I'm still definitely not a pro at this. I'm not an expert opinion. But I am able to understand computer behaviour, malware behaviour, strange processes, unusual file locations; and, I am intimately familiar with Windows.

Right now my research is very simple. I parse through lists of known/suspected/hardly-even-remotely-possible processes, BHO's and toolbars and then check, and double check resources on the web to see if the data is current (easy part). The second half of my research requires assistance. The only codes I know are markup languages. I need bleepingcomputer to deliver the ultimatum on suspected malware.

As for infection procedures:
For every computer I use for testing I have two ghost images. One is stripped down to bare bones windows and the other includes all the OEM bullbleep that they came stocked with. I like data to be consistent so I use a clean slate every time. I have windows 2000/me edition, windows xp computers, windows vista computers, and windows 7 computers. (As a note: I am looking for a windows 98 computer to purchase$$$$).

I have access to a cloud containing just about every bit of malware that's ever been reported (don't ask how). Unfortunately this cloud hasn't been collecting malware for almost 2 years now so it's quite outdated. Like I said I'm not a programmer but from what I understand, alot of known malware is redistributed with different coding but there are some relative patterns in the code that can be used to identify them. So for now I'm taking old malware (just the ones that seem to still be in circulation) and putting them on my test computers. I also do some dirty surfing just for good measure :D

That's it for my role! That's as much as I can do. I see myself as a valuable researcher not for my knowledge (really really want to learn more) but for the resources I have at my disposal.

I HOPE TO ACHIEVE A GREATER MEANS OF DEFINITIVELY IDENTIFYING MALWARE AND TO UPDATE CLSID LISTS WITH GREATER ACCURACY!!!!

for3ver,
goose90proof

Edited by goose90proof, 17 June 2010 - 08:58 AM.

for3ver,
goose90proof

#6 troublesh00ter

troublesh00ter
  • Topic Starter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:10:58 AM

Posted 17 June 2010 - 08:57 AM

Personally I find it a bit insulting that you come here to use us and get yourself cleaned up for free when you've purposely created this. Especially when there are hundreds of people that come here every day that really need help and have to wait because we are so far behind. :thumbsup:


If you take a few seconds to look at the only post I've submitted to the malware removal section you'll notice it says NON-CRITICAL!!!! in the subject. This was done to ensure I wasn't wasting anyones time. I'm patient and I can wait for someone to help me. I know how to take the proactive steps to protection that you're suggesting. I'm not concerned for my personal computer so much as I share your very own concern for the people you're all trying to help for FREE. I consider this my part as little as it may be. I just want to help.

And what about the people that come here to get cleaned up for FREE that don't even provide the valuable feedback once their computer is fixed. I've seen countless posts where people submit a log file, a helper tells them what to fix, (I'm assuming they take the recomendations) but they don't post back to even say "thanks its fixed" or "it's still not working".

Correct me if I'm wrong but that feedback is what makes this forum so valuable is it not?

Edited by goose90proof, 17 June 2010 - 09:07 AM.

for3ver,
goose90proof

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 18 June 2010 - 12:27 PM

Hello,

Thanks for the reply.

After viewing your comments I will share with you my thoughts. I see that your intent is good but I would strongly advise you to consider otherwise.

Even in experienced hands purposely infecting a machine is very risky business. Many disasters have occurred in this regard. You put yourself and others at risk!

I assure you that we have a very structured research and development team worldwide constantly creating means by which we can thwart the criminals.

This of-course is private and not open to the general public for obvious reasons.

Contrary to your belief we do not use these public forums to research malware. We study the malware outside the public forums. The tools are developed and tested prior to our instituting them publicly.

If you really want to be helpful then you could consider joining the Malware Removal Community and apply to receive training.

http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/

Very kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users