Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flux Spreads Wider


  • Please log in to reply
12 replies to this topic

#1 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:01:58 PM

Posted 07 November 2004 - 03:08 PM

I just received this notice today. I thought I would post it to inform everyone.




Important information about a and all related news.

Flux spreads wider

Flux is the name of a new pest spreading covertly through the internet. Flux is
a trojan that is making the life of most anti malware vendors much harder.

Flux is a reverse backdoor type of trojan. Reverse means that rather than the
infected machine waiting for a connection to be made from outside, the infected
machine trys to make the connection itself. Standard trojans are made up of two
parts - the server and the client.

The client is downloaded to infect the machine. The server is another pc
somewhere in the world that then tries to communicate with the client. The
problem with standard trojans is that if the infected machine has a good
firewall, then the server cannot connect to the client. So although the machine
is infected, no data is transferred to the server from the client.

To overcome the blocked connection, malware writers now use this reverse logic
to make the client machine responsible for the connection. Many standard
firewalls will block requests coming in from the internet to connect, but do not
block about outgoing requests to connect. Trojans like flux can therefore
operate even through most firewalls.

The really dangerous thing about Flux is not its ability to use this reverse
connection feature, but the way that feature is implemented. Flux introduces a
new technique of code injection. Code Injecting is a term that describes ways to
execute code in other processes. Until now Code Injection worked by loading a
DLL file into a foreign process - much like the cookoo lays an egg in another
birds nest. This method (called DLL Injection) is quite easy to detect as the
anti-malware program just asks the process which DLLs it uses - a trojan DLL is
one that is not on the list generated.

Flux doesn't use a DLL. Flux writes its connection code directly into a host
process and executes it there. Apart from the fact that this behaviour would
circumwent several Desktop Firewalls, it also makes Flux nearly invisible to
current anti malware software because the Flux code isn't linked to any module
or DLL of the process and will be simply overlooked by anti malware software.
That makes complete cleaning very difficult.

Here at a we have already thought about trojans using this direct injection
method and why we already developed an advanced memory scan for a v2.0 that can
detect trojans using this technique. Version 2.0 is not quite ready for release
but due to trojans like Flux we have decided to provide our customers with the
advanced memory scan now.

What does all this mean for you?
a is one of the first anti malware product that is able to detect and
deactivate Flux. On top of that we have also developed a special free detection
tool. This tool allows users of other anti-malware software to benefit from a
anti-malware technology too. The free tool detects and terminates an active Flux
to ensure a proper cleaning of the infection.

You can download the free Flux Scanner tool from the a download page:
http://www.emsisoft.com/en/software/download


a Free and a Personal version 1.5 released

Version 1.5.0 is now stable and available for all users. You can install the new
version simply by running the online update feature in a without doing a
completely new installation of a.

News/changes:

- New logo and improved user interface in all dialogs. New startcenter user
interface with more information: Display of version mode, version number, last
update request date, license expire date.

- Added auto-update feature. The guard looks once per hour for available updates
and installs them if available. Manual updating is no longer necessary if the
guard is running and auto-update is enabled.

- New updater has some internal improvements.






http://www.emsisoft.com
Posted Image

BC AdBot (Login to Remove)

 


#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:10:58 AM

Posted 09 November 2004 - 12:21 AM

Nice piece, Scarlett. Thanks. I've used A2 for a few months now (the free one, naturally) and I can state it is fast and does not conflict with others I use. The built in flux feature is distinctive in it's effort apparently, and I wasn't aware of that 'til now. Updating is easy & they provide the updates fairly often. :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#3 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:01:58 PM

Posted 09 November 2004 - 08:44 AM

Thanks phawgg Flux is a very sneaky, nasty pest. I so hope everyone checks out the Free Flux Scanner. We all need to try to be one step ahead of these evil critters.
Posted Image

#4 Philip Brampton

Philip Brampton

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 09 November 2004 - 10:33 AM

Scarlett.
Just downloaded A-squared,now i am beginning to wonder why there is not a square root key.
Sorry i digress.
Have run tool for first time,nothing found,lets hope it stays that way.
Thanks for drawing our attention to what may become a very useful tool.
Regards

#5 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:01:58 PM

Posted 09 November 2004 - 12:27 PM

Scarlett.
Just downloaded A-squared,now i am beginning to wonder why there is not a square root key.
Sorry i digress.

:thumbsup: I know, me too. I had to copy and paste it from the text to be able to enter it as Topic Description. Lol

Edited by scarlett, 09 November 2004 - 12:29 PM.

Posted Image

#6 Philip Brampton

Philip Brampton

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 09 November 2004 - 01:28 PM

I was just thinking,while in the shower,I don't mean square root.It should be to the power of(squared).I can't do that either.

#7 xtremesurfer

xtremesurfer

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 16 November 2004 - 12:38 AM

At the risk of seeming a smartass, if you're running XP, you'll find the Superscript Two, as in a, on the Character Map. To open Character Map, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Character Map.

surfer :thumbsup:

Posted Image

#8 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:01:58 PM

Posted 16 November 2004 - 02:19 PM

I can not speak for Phillip, but I do not have XP. Actually though if he does and he is not aware of this System Tool, this will be a lot of help.
Posted Image

#9 Philip Brampton

Philip Brampton

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 16 November 2004 - 05:39 PM

Thanks.I will remember that,if i ever change to xp.At the moment i am running Windows 2000 which i like a lot,so i see no reason to change.
Regards.
Philip

#10 xtremesurfer

xtremesurfer

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 16 November 2004 - 06:27 PM

Hmm. According to Google, all the Windows OSs have Character Maps. See http://www.google.com/search?hl=en&q=windo...G=Google+Search .

And I saw this at one site: "To open the character map in Microsoft Windows 95 and above click Start / Run and type "charmap" (without the quotes) and press the OK button."

You'll be posting Superscript Twos and other interesting stuff before you know it! Ж № ⅜ :thumbsup:

#11 Scarlett

Scarlett

    Bleeping Diva

  • Topic Starter

  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:01:58 PM

Posted 16 November 2004 - 09:25 PM

OMG I have it on my ME! Under. Start> Programs>Accessories > System Tools. Now to figure it out. TYVM !!!!!! For bringing this to our attention! I so can not believe that I never noticed it before.

Edited by scarlett, 16 November 2004 - 09:28 PM.

Posted Image

#12 Philip Brampton

Philip Brampton

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 17 November 2004 - 03:30 AM

Thanks.Yes you are quite right.I now know what Character map is all about.
Regards.
Philip

#13 Philip Brampton

Philip Brampton

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 17 November 2004 - 06:08 AM

I have aquestion regarding Flux.If someone could enlighten me please.
I understand how Trojans work but surely they can't get in in the first place if you have a proper Firewall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users