From: RayLopez99 on
On Feb 19, 1:20 am, ASCII <m...(a)privacy.net> wrote:
> RayLopez99 wrote:
>
> >Either that or the viruses are too slick.  For example, I've often
> >thought (being a programmer myself) how easy it would be to create a
> >button that looks like a "close X" at the upper right hand corner of
> >the window, and when you click on it, it activates something.
>
> That would also intercept an [alt+F4] entry?
> --


Well that's a slick workaround that escaped me. You're right in that
software cannot (at the Windows level) easily effect the keyboard--
I've tried and it's not possible. Probably on purpose by MSFT as a
security precaution. You can read keys depressed of course, but
manipulating the keyboard so that ALT+F4 will do something other than
close the window is nigh impossible, at least using the tools provided
to you by Visual Studio IDE, and therefore for most programs written
for Windows (Forms, WPF, Silverlight, ASP, etc).

RL
From: FromTheRafters on
"RayLopez99" <raylopez88(a)gmail.com> wrote in message
news:f8f580d8-7bef-4411-ac0e-e30019cc0124(a)o30g2000yqb.googlegroups.com...
On Feb 18, 10:57 pm, "FromTheRafters" <erra...(a)nomail.afraid.org>
wrote:
> ***
> It is hard for an outstanding virus detection engine to stand out when
> it is additionally expected to not only detect non-replicating malware
> samples, but clean-up after the fact of infestation. Your choices of
> protection should address you choices of behavior. Personally, I
> wouldn't base my choice of AV on its clean-up capabilities - it's like
> choosing a bodyguard based on his EMT skills.
>
> Instead, adhere to strict policies and you can restrict the window of
> opportunity for most kinds of malware (trusted downloads only (most
> trojans), frequent software updates (exploit based worms)) and your
> on-access antivirus will probably never see anything viral to alert
> on.
> ***

Either that or the viruses are too slick. For example, I've often
thought (being a programmer myself) how easy it would be to create a
button that looks like a "close X" at the upper right hand corner of
the window, and when you click on it, it activates something.

***
It's being done. Some scripted messagebox with a "Yes", "No", "Cancel"
and an "X" in the corner - all of which act like "Yes". I've even heard
of some that get a "Yes" from right clicking the task bar icon and
choosing the "X" though I can't confirm this. Most times it is
recommended to use TaskMan to end the process or application generating
the messagebox.
***


From: RayLopez99 on
On Feb 19, 12:38 pm, sfdavidka...(a)yahoo.com (David Kaye) wrote:
> RayLopez99 <raylope...(a)gmail.com> wrote:
> >So the question arises, if 'up to a quarter of all PCs are infected by
> >botnets' (see Wiki above), [....]
>
> I think that's a wrong assumption.  The only computers I see (besides the
> occasional HD or video card replacement) are those with malware problems, and
> I see very few bots.  Mostly I see adware.  
>
> Now I did have a situation a year ago where a mail server from a frozen food
> company in the Midwest kept hitting my home router.  It was a new router, so
> best I could determine was that the DHCP address I got with the new router had
> belonged to someone the bot was trying to hit.  
>
> As to how to detect, you need a port scanner to look at your connections.  
> Also, Zone Alarm is an interesting firewall in that it will warn you about
> each incoming or outgoing connection attempt that you haven't authorized.

Very interesting. My definition of botnet: I assumed it was a server
that inserted a virus into your computer (the client). So if you
don't have the virus on your machine, you are not part of a botnet.

The Wiki article of 25% is an exaggeration then, noted.

RL
From: FromTheRafters on
"RayLopez99" <raylopez88(a)gmail.com> wrote in message
news:7688778b-0245-49d4-ab17-aebb92c2ddb9(a)15g2000yqi.googlegroups.com...
On Feb 19, 12:38 pm, sfdavidka...(a)yahoo.com (David Kaye) wrote:
> RayLopez99 <raylope...(a)gmail.com> wrote:
> >So the question arises, if 'up to a quarter of all PCs are infected
> >by
> >botnets' (see Wiki above), [....]
>
> I think that's a wrong assumption. The only computers I see (besides
> the
> occasional HD or video card replacement) are those with malware
> problems, and
> I see very few bots. Mostly I see adware.

***
That's probably because 88% of all PCs harbor adware. :oD

(that 88% is just a wild guess BTW)
***

Very interesting. My definition of botnet: I assumed it was a server
that inserted a virus into your computer (the client). So if you
don't have the virus on your machine, you are not part of a botnet.

***
It is best not to use the term "virus" as the all encompassing term for
malware, use the term malware instead.

Usually, it is a "trojan" getting executed on the machine that gives you
the "bot" that makes you a participant in the "botnet". A "trojan" is a
non-replicating malware program in this sense. Often, in the lifecycle
of a botnet, an exploit based "worm" will be used to help distribute the
malware to new territories (Conficker) - in this sense, it is a virus
(or worm) ... until it goes back to being just a bot (which is bad
enough in itself).
***


From: David H. Lipman on
From: "RayLopez99" <raylopez88(a)gmail.com>


| Very interesting. My definition of botnet: I assumed it was a server
| that inserted a virus into your computer (the client). So if you
| don't have the virus on your machine, you are not part of a botnet.

| The Wiki article of 25% is an exaggeration then, noted.

| RL

NO !

A botnet is a group of infected computers (via virus or trojan) that are controlled by a
central operator(s) where the Command and Control (Aka; C&C or C2) tells the 'bots what to
do and and how to act.

There are botnets that perform spam.

There are botnets that perform a DDoS on specified sites.

Botnets in whole or in part can be bought, sold or leased.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp