You seem to misconstrue what exactly
a rootkit is. It’s not an exploit as
a result of some programming error,
it’s a means of maintaining access
to a system, preferably unintrusively and undetected. The rootkit itself doesn’t provide a
means to compromise a system, an
vulnerability does.

For that matter, operating systems
like OpenBSD have their source so heavily scrutinised that remote exploits are very few and far between. Not only that, but the way
the kernel is designed, it actively
prevents processes that are not executed as root to run without some sort of privilege escalation. So, with programmes such as chkrootkit and rkhunter taking care of the current generations of rootkit signatures, most Linux/BSD users with a clue about their operating system shouldn’t have any trouble with rootkits.

Try reading a book before posting
about topics you clearly know nothing
about.

With an exploit. Ever heard of root
privilege escalation? Try a secure OS
like OpenBSD. 2 remote exploits in over 13 years.

So, how much are you paid per comment?

Just 50 cents :(

and everyone pointing to ubuntu as a way to avoid them really needs a frickin clue, using precompiled source that does shit to your system you have no clue about is just asking for trouble. And before you say ‘oh but it’s all checked before sent to repositories’ just check the bug traq’s to see the number of exploits that get approved and sent into the repositories only to be discovered later on.

Thank you, a longer post let me almost “get to know you” betterish and I apologize for any harsh tone. Sometimes I’m just bitchy, and the Interblags bring that out in me. Sorry if I had a lack of respect.

But yeah, no matter what you’re running it’s pretty much mandatory to… well, know what you’re doing. Yeah. (Working on it!) Like, don’t let yourself ever use IE, don’t even think about connecting to the Interwebs on Windows without an AV prog already installed… av crap on flash drive… goodstuffs.

[QUOTE/]regxzrexg[QUOTE]
bla.blaa

1

2

3

So, how much are you paid per comment?

- Make a backup of your pristine OS right after installation before you connect anywhere including the internet. Norton Ghost is great for this task.

- Have a LiveCD to boot from and to do recovery tasks like SystemRescueCD or backtrack, I do use SystemRescueCD though.

- Using your LiveCD backup all your data to a safe place and restore the HDD with your pristine backup and put back all your data in it and that is it, doesn’t get more easy than that.

Security doesn’t depend on just your hardware and software, it depends on good pratices too.

If you want a linux distro that’s actually good for something other than coding, Backtrack is the shizzle

Hmmm…I say the following:

“If you want a /win/mac/linux distro that’s actually good for something other than coding learn to debbug that’s the shizzle and will not matter what OS you choose.” LoL

70 Jul 03, 2009 at 21:37 by F.G.

There’s anyway that I can verify if I was infected?!

YES! there is but I do not know of any automated system or easy way of doing it and to keep it simple I will just point you in the direction so you can research on your own.

- Hash the entire file system before any infection can occur this means before you connect to the internets LoL

- Have a live CD. Can be windows, linux or other thing you like. And yes you can make liveCDs from windows it’s just hard to do it.

ps: to make the database you can use an integrity checker or GIT. GIT can check differences in under a minute in the entire OS

- Run the LiveCD and confirm if anything have changed in the system on your HDD with the hashs you did before and look for suspicious files added or modified without any updates being made.

You see rootkits or what people understand to be rootkits cannot run without accessing the main hard drive if you boot from something else and preferably a different OS than the one you have installed, you can scan that disk and not have the rootkit have a chance to disguise itself. Use a virtual machine(VM), hash it and get it infected so you can see exactly what changed and what to look for in your main system.

ps: The first couple of times this will be hard very hard to do it but as you learn what to look for and what to ignore it becomes easy and easy or pay someone to do it for ya.

And people interested in those kind of stuff can research “digital forensics”

katrizzle is bang on saying that most people code to attack windows machines, they pwn the market share it only makes sense, BUT, there are plenty of nasties for linux, and if you don’t believe it, google for the security patch statistics, might be a little skewed now as MS has like 3 main os’s all going, but linux always wins, which is good, they fix shit quick, but the totally dominate in numbers of fixes.

Whens the last time you downloaded any linux distro and didn’t have to install package updates?

keep telling yourself just cause you use linux you are safe, enjoy the pain, my windows box is just as secure as any linux box, and *most* linux users know how to protect themselves, until you start spreading false info about how secure it is and people with no clue how to secure it start installing it. And downloading it from torrents when all linux distros are available via SECURE torrents, no TPB infected crap.

“How the crap does this attack WORK anyway? If your browser is properly set up, you DON’T get affected by drivebys.”

Lets say you allow scripts on your favourite site, blocking most ads, but allowing scripts. Then, unbeknown st to the site owner an ad is replaced with malicious code, or even the site itself.

Lets say you need capcha or some other bs to login, that’s where they get you. I can’t speak for this case, but as most people know, torrentreactor is a bs site with nothing but fakes and crap anyways.

That’s how this stuff usually works.

Use FireFox in whatever OS you use, if you use windows, make sure you secure it, if you migrate to linux, LEARN how to properly use it.

For windows to linux noobs, i suggest ubuntu or Fedora Core, as they are very very easy to use and most windows users will feel at home.

If you want a linux distro that’s actually good for something other than coding, Backtrack is the shizzle

62 Jul 03, 2009 at 17:14 by ques

so i accidentally visited the site then closed my browser in firefox..does that mean im infected now?

That depends on:

- your browser settings.
- your security measures(using sandboxes or virtual machines or virtual appliances).
- that you have some sort of security suite not just and anti virus scanner. I do like the suites because they come with everything this days(integrity checker, MAC-Mandatory Access Control, firewalls, filters and is starting to include sandboxes).

If you never bothered with anything then your chances of being infect are very good.

I stopped using them more than a year ago when it seemed to me that there were too many fakes on there.

I still had them bookmarked, but now that’s been deleted.

Rootkits originated on unix (IN 1990 or earlierish — when it was a LOT more widely used) to give root access, yes — for a productive purpose. Unresponsive system… needing just to get in when you have no way of doing so. And now they’re being written maliciously and therefore they target Windows. IT TOOK SOME TIME to get malicious, and when it did, it targeted the most profitable system. And what would that be, billyboy? Anyway, most people running *nix are smart enough not to get a rootkit installed in the first place. How the crap does this attack WORK anyway? If your browser is properly set up, you DON’T get affected by drivebys.

Sigh.

Torrentreactor shows up in Scrapetorrent searches,
so I (by accident) occasionally end up on the site. But I have never ever (ever, EVER) used (sh)it beyond that. Its obviously sharing fakes! I felt its bad karma the very first time I encountered its “radioactive” waste of (cyber)-space.

good luck Alex..

heres the windows rootkit revealer.

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

you can also google it, it comes up in google. there are several but i think ms would know their own system better than some other commercial ones. there’s also another good one called blacklight i believe.

backtrack is the best linux anyway ;p but i still use windows. i dont like ie. iframe injections are like little script kiddies. they probably dont know what to do with rootkits except sit and stare and call their mom and say wow mom look what i did, “thats great honey, im doing the laundry right now”

and besides, we can all speculate: was it the mpaa/riaa? was it torrentreactor to catch the mpaa/riaa? or was it some little script kiddie who is trying to look cool and talks like l3370 H4x02

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

WHAT DO WE DO NOW ?

Been using Sandboxie for a while now – I even BOUGHT it :D

One of the best ever utilities for 32-bit Winblows systems – well WORTH the £25 for a lifetime license! And for those who want FREE, the unregistered version still offers great functionality with just a 5 second nag screen after it has been installed a month!

Noscript for FF or even using a VM should be a tepid bath that all torrent d/loaders should dip their toes in at least once.

Or, for the nix point of view…a Live CD should also be tried.

Ha, stuff ya rootkits!

Tell your master enjoy your B troll!