flat assembler
Message board for the users of flat assembler.

Index > Heap > how a fully updated patched win 7 pc pawned in 1 hour?

Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 8943
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i clean formatted a pc with win 7 os,
update everything that are available from ms update,

after that,
i 3g connectedfk# the pc to a local isp proxy,

within 1 or less than 1 hour, this pc got pawn.

restart with live cd also caused error, unreadable hd,
as if like got hit with rootkit.

power off completely, then on again, the live cd then run properly as usual.
Post 09 Sep 2014, 22:57
View user's profile Send private message Reply with quote
neville



Joined: 13 Jul 2008
Posts: 507
Location: New Zealand
neville
Which perhaps confirms my long-held suspicion that keeping my windoze software "up to date" is not necessarily a good thing to do Mad

_________________
FAMOS - the first memory operating system
Post 10 Sep 2014, 01:14
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Lol. updates don't do shit. All they do is seal the holes the OS vendors left. But they don't stop malware from spreading.

You can have a fully patched OS + 32 antiviruses installed on your computer and still be stupid to download virus.exe or stack_overflow.docx

Because let's be honest, viruses depend on human intervention.
Post 10 Sep 2014, 01:54
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8943
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
neville wrote:
Which perhaps confirms my long-held suspicion that keeping my windoze software "up to date" is not necessarily a good thing to do Mad

it might be a good thing to do, but that certainly doesn't prevent any viruses to exploit into windows.

typedef wrote:
Lol. updates don't do shit. All they do is seal the holes the OS vendors left. But they don't stop malware from spreading.

You can have a fully patched OS + 32 antiviruses installed on your computer and still be stupid to download virus.exe or stack_overflow.docx

Because let's be honest, viruses depend on human intervention.

no human intervention in my case,
unless you view surfing into bing, blogspot, google, wikipedia as human intervention to bring viruses into windows.

here the proxy if you want to try =)
10.128.1.242
Port 8080
there seems to be targeted attack inside that proxy for any connection that connect through it.
Post 10 Sep 2014, 12:10
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17331
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
here the proxy if you want to try =)
10.128.1.242
10.x.x.x is not externally routable.
Post 10 Sep 2014, 12:21
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8943
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
sorry my fault,
that is a local isp internal proxy =(

i gonna deploy a fully patch win7 tonite maybe, and try again to detect any incoming attacks.

there seems to be some sort of exploit near sprintfW, don't know if native win dll or dot net dll, but i saw this pop up MessageBox by canon processes, (maybe an exploit through CAP2LAK.exe)

for information, that PC was installed with canon laser printer
Post 10 Sep 2014, 12:32
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
sleepsleep wrote:
no human intervention in my case


Well you powered your computer on and let the malware do its work. Wink
Post 10 Sep 2014, 14:34
View user's profile Send private message Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1171
Location: Overflow
Matrix
I have a good project idea for you guys:
You need an FPGA that is capable of recording every logic change on your network cable, implement a transparent MITM link by yourself so you can do raw,
Connect your echelon board between the internetz and your pc, and power iit on.
You might, or might not collect interesting packets even before booting Wink

http://www.theregister.co.uk/2001/05/31/what_are_those_words/

Skype and Microsoft man-in-the-middle chats to give targeted ads Wink
Post 11 Sep 2014, 08:31
View user's profile Send private message Visit poster's website Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 695
Location: Adelaide
sinsi
neville wrote:
Which perhaps confirms my long-held suspicion that keeping my windoze software "up to date" is not necessarily a good thing to do Mad

Keep it up, people like you keep me in business Very Happy
Removing infections is a crappy and boring job but it keeps the moola rolling in.
Post 11 Sep 2014, 09:18
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8943
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
sinsi wrote:

Removing infections is a crappy and boring job but it keeps the moola rolling in.

maybe viruses are the only power to against TPTB,
Post 11 Sep 2014, 10:13
View user's profile Send private message Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1171
Location: Overflow
Matrix
sleepsleep wrote:
sinsi wrote:

Removing infections is a crappy and boring job but it keeps the moola rolling in.

maybe viruses are the only power to against TPTB,


If you write viruses you can sell your antivirus to protect against it Wink
Post 11 Sep 2014, 12:25
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.