Report: Zeus Flips Kill Switch On More Than 100,000 PCs | |
Anonymous Coward User ID: 677187 Germany 05/11/2009 11:49 PM Report Abusive Post Report Copyright Violation | only affected PCs were of course driven by Windows NT/2000/XP where users were on the internet while using administrative accounts. the infection took place using exploits in Internet Explorer versions 5,6 and 7. The bot installs itself as a rootkit which is invisible opening ports and loads code down to the pc. Once the code is operative the pc is a zombie, remote controlled for whatever reasons. It can install keyloggers and software that makes snapshots of your screen, it sends every single typed word to its author, the botnet-admin. Once the pc is useless or in danger of being revealed it triggers its self-kill command : the bot deletes the registry entries plus its subkeys : HKEY_LOCAL_MACHINE/SOFTWARE and HKEY_LOCAL_MACHINE_SYSTEM/ which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing- that's when it can only display it's SOS signal : the Blue Screen of Death. The only cure is a fresh new install - and hoepfully a user that has learned his lesson well.. |
falldown (OP) User ID: 520470 United States 05/12/2009 01:19 AM Report Abusive Post Report Copyright Violation | only affected PCs were of course driven by Windows NT/2000/XP where users were on the internet while using administrative accounts. Quoting: Anonymous Coward 677187the infection took place using exploits in Internet Explorer versions 5,6 and 7. The bot installs itself as a rootkit which is invisible opening ports and loads code down to the pc. Once the code is operative the pc is a zombie, remote controlled for whatever reasons. It can install keyloggers and software that makes snapshots of your screen, it sends every single typed word to its author, the botnet-admin. Once the pc is useless or in danger of being revealed it triggers its self-kill command : the bot deletes the registry entries plus its subkeys : HKEY_LOCAL_MACHINE/SOFTWARE and HKEY_LOCAL_MACHINE_SYSTEM/ which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing- that's when it can only display it's SOS signal : the Blue Screen of Death. The only cure is a fresh new install - and hoepfully a user that has learned his lesson well.. Well, technically you could make a backup of your registry, boot a Linux LiveCD and copy the backup to the drive and be up and running again a few minutes later... ...but these are Windows users we're talking about, they need a Playskool-looking user interface, or they get all discombobulated. ~ ~ "He who does not understand your silence will probably not understand your words." ~Elbert Hubbard |
Anonymous Coward User ID: 666122 United States 05/12/2009 01:50 AM Report Abusive Post Report Copyright Violation | |
Whee! 8D (Quebec) User ID: 675250 Canada 05/12/2009 02:02 AM Report Abusive Post Report Copyright Violation | which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing- Quoting: Anonymous Coward 677187*Imagined a human having its brain sucked with a vaccuum* Last Edited by Whee! 8D on 05/12/2009 02:02 AM The world woud be a thousand times better place if more cults existed. Quoting: Anonymous Coward 673558 |
falldown (OP) User ID: 520470 United States 05/12/2009 02:08 AM Report Abusive Post Report Copyright Violation | which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing- Quoting: Whee! 8D (Quebec)******** *Imagined a human having its brain sucked with a vaccuum* Oh, you mean television! ~ ~ "He who does not understand your silence will probably not understand your words." ~Elbert Hubbard |