[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 24/11/11 21:24, Martin Gautier wrote: > > On 24/11/11 16:19, Martijn Grooten wrote: >> On Thu, Nov 24, 2011 at 4:09 PM, bad apple wrote: >>> Ah, someone with direct experience - technical details please! What >>> goodies did they leave behind? Professional rootkit or amateur-night >>> off-the-shelf flavour? >> I would be very interested to know too. >> >> Anything else you know about what happens -- how much do they charge, >> how are payments made etc. -- would be very valuable information. >> >> Martijn. >> > They don't seem to care about money and usually make a point of saying > it's free - especially if they are of the type who claim to be from > Microsoft. > > Infections usually start with a simple backdoor virus and depending on > how long it takes for me to get called out, will gradually attract > more nasty infections. I've seen simple key loggers and rootkits. The > worst was something that would get cleaned by the AV but then reinfect > almost immediately causing poor old Windows all sorts of disk related > trauma. > > The level of infection seems to depend on what AV software is > installed and how quickly someone notices the problem and links the > two events. > > I tend not to take notes on exactly what viruses get identified. If I > get the chance, I'll do so on the next few and report back... > > The callers seem to get people to run the Windows Event Viewer and > then claim all those messages are actually errors (even the > informational ones and the odd actual error where a service has > shutdown slightly too early in the reboot process). They then ask the > user to start a web browser and navigate to a site to download the > remote access software. They tend to be legit sites - Ammyy is quite > common in my experience. > > I'll get probably one of these a month. There must be more who go to > my competitors and then even more who don't realise there's a problem. > > Martin > Perhaps running a work shop on this could be really helpful to people in fact you may get people saying hey that has happened to me or those symtoms sound familiar, and ask you for help as in you get some custom. as long as you make it clear that you can help but not for Free then i am sure people won't mind, weather at such an event we choose to promote Linux is upto us, i guess we could promote the open disc or anti virus software, as i think the open disc comes with that anyway. Depends who we would aim this at, I know park field (the youth centre in Paignton) has meeting rooms etc that we could possibly use, and I am sure there are LOTS of people that would really benefit from this, even young people who may have got caught out. Given the economic climate at the moment anything that can bring in a bit of business may help Paul -- -- http://www.zleap.net Join the revolution, switch to Ubuntu http://www.ubuntu.com -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq