Never Hacked or Infected--Yet (Was: Re: End of life for FC12?)
Patrick Bartek
bartek047 at yahoo.com
Fri Nov 12 17:53:34 UTC 2010
--- On Thu, 11/11/10, James Mckenzie <jjmckenzie51 at earthlink.net> wrote:
> Patrick Bartek <bartek047 at yahoo.com>
> wrote:
> >
> >--- On Wed, 11/10/10, Andras Simon <szajmi at gmail.com>
> wrote:
> >
> [massive snip]
> >> I've spent enough time fixing friends' infected
> >> Windows machines that I've
> >> gotten a "feel" for when something is amiss.
> >> It's not a definitive feeling,
> >> just an indicator to start checking for something
> >> wrong.
> >>
> >>
> >> I hope that you're not deluding yourself...
> >
> >Why would you think I am?
> >
> There are 'stealth' infections that only appear when
> triggered. Several of the 'bots function that
> way. You get the spyware infection that downloads an
> appropriate payload into a known good directory. Your
> system is added to the list of known systems. It sends
> out an ack/syn/ack pattern when you boot up and connect to
> the Internet on a known 'good' port (nothing like the 37733
> port that is blocked by just about everyone.) It sits
> and waits. You would only become aware when the 'bot
> fires and then it is too late. That is why there are
> such things as rootkit hunters and spyware applications for
> Linux. However, it is your choice not to use
> them. I do.
As with any new malware, no one knows about it until it's too late and the damage is done. All you can do is take precautions and handle the consequences when the precautions prove inadequate, as they sometimes are.
I don't know why some people here got the impression that just because I said none of my systems have ever been hacked or infected, I don't take security precautions on them. I do. Daily scans, firewalls, check logs, etc. etc. I'm just not paranoid about it.
B
More information about the users
mailing list