Free Weekly Tech Newsletter

Donald · 10-17-2003, 03:16 AM

Hi From Texas !

Well, gosh, I just got this article in my e-mail . I don't know much about viruses , though I know how some work. I just run AVG and pray. I read this article just now and sending on to you for wht it is worth.--------Don

From: supportalert@techsupportalert.com
Reply-to: response@techsupportalert.com
To: supportalert@webelists.com
Received from Internet: click here for more information

========================
Support Alert
Supporter's Edition
========================
www.techsupportalert.com

"Your pointer to the very best
Tech information on the Web"

Issue 102 - 16th October, 2003

Support Alert is a registered online serial publication
ISSN 1448-7020.

<<<<<<<<<>>>>>>>>

Quote of the Week
=================

The most likely way for the world to be destroyed, most experts agree, is
by accident. That's where we computer professionals come in.

- Nathaniel Borenstein

<<<<<<<<<>>>>>>>>

EDITORIAL

I have seen The Beast and my heart has been smitten with fear.

No, folks, I haven't gone all religious. I'm talking about this year's hot
trojan horse called "The Beast."

The Beast is one of the new generations of "process-injecting" trojans. To
avoid detection these trojans attach themselves to a process that forms a
key part of the Windows operating system itself.

In the case of The Beast, the processes chosen for infection are
winlogon.exe and explorer.exe. These have been selected because they are
always present on any XP/2000/NT-based PC.

This stealthing approach makes The Beast particularly hard to detect.
Certainly a normal process scanner won't reveal its presence and almost all
common anti-virus scanners will miss it as well.

Killing the trojan is also difficult as it resides within a process
essential for the operation of Windows. Killing the process will also kill
Windows.

And if you think that the .dll checksum feature in your firewall will help
you, think again. The particular version of The Beast I tested came with a
module that pulled down 32 of the most popular firewalls and anti-virus
scanners and many anti-trojan monitors as well.

Watching a PC being infected by this kind of trojan is a scary experience.
Terrifying, actually.

I ran The Beast on a test PC set up with the same extensive protection that
I use on all my normal working PCs.

I just sat by and watched Norton Anti-Virus 2003 disappear, closely
followed by my Sygate Personal Firewall Pro and the BoClean anti-trojan
monitor. Not only were these defenses pulled down, they were permanently
destroyed so they could not be restarted.

Once The Beast has infected your PC the attacker essentially has complete
control. He/she can view, upload or erase any of your files and log all
your keystrokes including your all your passwords. Worse still, you may not
even know your PC is infected.

So what do you do to protect yourself again these evil products?

Well, practicing "safe hex" is a start. You can get a free guide to what's
involved at http://www.claymania.com/safe-hex.html, and you'll find lots
more if you do a Google search under "safe hex."

But it's almost impossible to practice 100% safe hex. In fact, doing so
would, for many users, just about ruin the pleasure of using their PC. It
would mean, for example, not downloading any programs, movies or other
executables, as well as a total end to file sharing.

If you are not prepared to make this sacrifice, you should protect yourself
using every weapon available. A regularly updated anti-virus program is
mandatory as is a robust firewall. You should also seriously consider a
specialist anti-trojan program with powerful file scanning capabilities so
that you can detect trojans before they are executed.

Even here the news is not all good. There are a lot of anti-trojan programs
available but frankly only two of them cut the mustard. These are TDS-3 and
Trojan Hunter 3. Most of the others are useless against the latest
generation of trojans.

I know this opinion will offend a lot of people who have their own favorite
anti-trojan programs. I know too, it will offend many vendors. However I?m
prepared to stand by what I think and have documented the reasons over at
http://www.anti-trojan-software-reviews.com.

Trojans are becoming ever more sophisticated. Each new trojan generation
becomes more difficult to detect and is armed with ever more aggressive
weapons aimed at your defenses.

There will never be 100% protection. I wish I could tell you otherwise, but
this, unfortunately, is the harsh truth.

Gizmo Richards.

mailto:editor@techsupportalert.com

Corky · 10-17-2003, 08:27 AM

Sounds like a big push for a gizmo by a Gizmo.

10-17-2003, 03:16 AM	#1
Donald Member (8 bit) Join Date: Jan 2002 Location: Fort Worth Texas Posts: 242	" The Beast ! " Hi From Texas ! Well, gosh, I just got this article in my e-mail . I don't know much about viruses , though I know how some work. I just run AVG and pray. I read this article just now and sending on to you for wht it is worth.--------Don From: supportalert@techsupportalert.com Reply-to: response@techsupportalert.com To: supportalert@webelists.com Received from Internet: click here for more information ======================== Support Alert Supporter's Edition ======================== www.techsupportalert.com "Your pointer to the very best Tech information on the Web" Issue 102 - 16th October, 2003 Support Alert is a registered online serial publication ISSN 1448-7020. <<<<<<<<<>>>>>>>> Quote of the Week ================= The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we computer professionals come in. - Nathaniel Borenstein <<<<<<<<<>>>>>>>> EDITORIAL I have seen The Beast and my heart has been smitten with fear. No, folks, I haven't gone all religious. I'm talking about this year's hot trojan horse called "The Beast." The Beast is one of the new generations of "process-injecting" trojans. To avoid detection these trojans attach themselves to a process that forms a key part of the Windows operating system itself. In the case of The Beast, the processes chosen for infection are winlogon.exe and explorer.exe. These have been selected because they are always present on any XP/2000/NT-based PC. This stealthing approach makes The Beast particularly hard to detect. Certainly a normal process scanner won't reveal its presence and almost all common anti-virus scanners will miss it as well. Killing the trojan is also difficult as it resides within a process essential for the operation of Windows. Killing the process will also kill Windows. And if you think that the .dll checksum feature in your firewall will help you, think again. The particular version of The Beast I tested came with a module that pulled down 32 of the most popular firewalls and anti-virus scanners and many anti-trojan monitors as well. Watching a PC being infected by this kind of trojan is a scary experience. Terrifying, actually. I ran The Beast on a test PC set up with the same extensive protection that I use on all my normal working PCs. I just sat by and watched Norton Anti-Virus 2003 disappear, closely followed by my Sygate Personal Firewall Pro and the BoClean anti-trojan monitor. Not only were these defenses pulled down, they were permanently destroyed so they could not be restarted. Once The Beast has infected your PC the attacker essentially has complete control. He/she can view, upload or erase any of your files and log all your keystrokes including your all your passwords. Worse still, you may not even know your PC is infected. So what do you do to protect yourself again these evil products? Well, practicing "safe hex" is a start. You can get a free guide to what's involved at http://www.claymania.com/safe-hex.html, and you'll find lots more if you do a Google search under "safe hex." But it's almost impossible to practice 100% safe hex. In fact, doing so would, for many users, just about ruin the pleasure of using their PC. It would mean, for example, not downloading any programs, movies or other executables, as well as a total end to file sharing. If you are not prepared to make this sacrifice, you should protect yourself using every weapon available. A regularly updated anti-virus program is mandatory as is a robust firewall. You should also seriously consider a specialist anti-trojan program with powerful file scanning capabilities so that you can detect trojans before they are executed. Even here the news is not all good. There are a lot of anti-trojan programs available but frankly only two of them cut the mustard. These are TDS-3 and Trojan Hunter 3. Most of the others are useless against the latest generation of trojans. I know this opinion will offend a lot of people who have their own favorite anti-trojan programs. I know too, it will offend many vendors. However I?m prepared to stand by what I think and have documented the reasons over at http://www.anti-trojan-software-reviews.com. Trojans are becoming ever more sophisticated. Each new trojan generation becomes more difficult to detect and is armed with ever more aggressive weapons aimed at your defenses. There will never be 100% protection. I wish I could tell you otherwise, but this, unfortunately, is the harsh truth. Gizmo Richards. mailto:editor@techsupportalert.com Share Share this post on Digg Del.icio.us Technorati Twitter

10-17-2003, 08:27 AM	#2
Corky Member (8 bit) Join Date: Mar 2002 Location: NC Posts: 141	Sounds like a big push for a gizmo by a Gizmo. Share Share this post on Digg Del.icio.us Technorati Twitter

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter

Subscribe to THE INSIDER

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter