• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Microsoft: Nuke It From Orbit

I

Ice Czar

New Member
Joined
Mar 29, 2006
Messages
116 (0.02/day)
System Specs
Processor 2 x 244 Opteron
Motherboard Tyan K8W
Memory 4GB PC 2700
Video Card(s) PNY Nvidia FX3000
Storage varies
Case 4U
Power Supply PCP&C 510AG
Software Labview, 3DS Max
When it comes to the latest breed of offensive rootkits and uber spyware this quote from Mike Danseglio, Microsoft's program manager in the Security Solutions Group pretty much sums it up: "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," he goes on to recommend widespread and automated re-imaging for the rebuild as a more cost effective solution than trying to clean and repair.

View at TechPowerUp Main Site
 
Last edited:
S

Steevo

Joined
Nov 4, 2005
Messages
11,682 (1.73/day)
System Specs
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
If everyone would contribute a dollar that was infected by a virus or trojan, or whatever.
















We could hire some hitmen, and motherfuckers would die. Then on to the bitches who cheat at online games.
 
Polaris573

Polaris573

Senior Moderator
Joined
Feb 26, 2005
Messages
4,268 (0.61/day)
Location
Little Rock, USA
System Specs
Processor LGA 775 Intel Q9550 2.8 Ghz
Motherboard MSI P7N Diamond - 780i Chipset
Cooling Arctic Freezer
Memory 6GB G.Skill DDRII 800 4-4-3-5
Video Card(s) Sapphire HD 7850 2 GB PCI-E
Storage 1 TB Seagate 32MB Cache, 250 GB Seagate 16MB Cache
Display(s) Acer X203w
Case Coolermaster Centurion 5
Audio Device(s) Creative Sound Blaster X-Fi Xtreme Music
Power Supply OCZ StealthXStream 600 Watt
Software Windows 7 Ultimate x64
You have $2 from me.
 
F

FLY3R

New Member
Joined
Feb 24, 2006
Messages
395 (0.06/day)
System Specs
Processor AMD 3700+ SD Core @ 2.8gHz
Motherboard DFI LanParty nf4 Expert
Cooling Zalman
Memory G.Skill Extreme Series (2x 1GB) PC4000
Video Card(s) Evga 7800GT
Storage 80GB Seagate
Display(s) ViewSonic 20.1" Widescreen 16:9
Case CoolerMaster Centron
Audio Device(s) Audigy 2 ZS Gamer
Power Supply SeaSonic 600w SLI
Software XP pro (sp2)
Yeah you have my $1.00
 
I

Ice Czar

New Member
Joined
Mar 29, 2006
Messages
116 (0.02/day)
System Specs
Processor 2 x 244 Opteron
Motherboard Tyan K8W
Memory 4GB PC 2700
Video Card(s) PNY Nvidia FX3000
Storage varies
Case 4U
Power Supply PCP&C 510AG
Software Labview, 3DS Max
Steevo said:
We could hire some hitmen
Click to expand...

we could restart the cold war
in this corner we have our hired thugs (ex SAS, Delta) and in that corner they'd have their ex Spetsnaz, URNA, ect. :p

Danseglio said malicious hackers are conducting targeted attacks that are "stealthy and effective" and warned that the for-profit motive is much more serious than even the destructive network worms of the past. "In 2006, the attackers want to pay the rent. They don't want to write a worm that destroys your hardware. They want to assimilate your computers and use them to make money.

"At Microsoft, we are fielding 2,000 attacks per hour".
Click to expand...

its not kiddie hour any more when your talking the effective stuff
its organized crime, and generally from the former Soviet Block where there is alot of unemployed talent
(though China, Pakistan, India ect have a share as well)
the WMF "zero day" exploit was actually being shopped around from Moscow for at least a month
before any security firms got wind of it, use something like that to insert a kernal mode rootkit and mask the traffic with port knocking and you can have a wicked lurker in a sensitive "secured" database

what is suprising about this story is the fact Microsoft is on record as saying it is easier and better to Nuke an infection and that re-imaging back to a known good install is also by implication a preventative security option in the event your subverted and didn't know.

Specifically they are talking about enterprise but its just as applicable to enthusiasts, not that they are going to make alot of money off your p0rn collection and MP3's. :p
But they are happy to borg & bot you so you can help them do the same to others and extort money out of some poor slob as a protection racket or they close them down with a distributed denial of service (DDoS)

Danseglio said the success of social engineering attacks is a sign that the weakest link in malware defense is "human stupidity."

In February alone, the company's free Malicious Software Removal Tool detected a social engineering worm called Win32/Alcan on more than 250,000 unique machines.
Click to expand...
 
Last edited:
You must log in or register to reply here.
Top