Kenzero Virus

[houseisland]

"Web users thought they were downloading porn game, got extortion scam instead"

CBC: http://www.cbc.ca/cp/Oddities/100416/K041602AU.html

There was an extremely attractive woman I knew back in university days. She claimed that if she could get a man on roller skates and get his fly down, she would have a pull toy for as long as the situation continued to amuse her.

The situation with the virus in the news story is obviously somewhat different, but I suspect that there is a shared physiological phenomena, the diversion of cephalic blood flow to a different kind of blood flow, something without the initial "CE" and with an extra "L."


____________________________________________



It is my pure and virtuous heart that
gives me the strength of ten!

[Niclo Iste]

Interesting article. I love the uneducated advice they offer at the end. "Bah just reinstall windows" instead of telling the reader to take it to a computer service center to have it taken care of properly.

[houseisland]

Interesting article. I love the uneducated advice they offer at the end. "Bah just reinstall windows" instead of telling the reader to take it to a computer service center to have it taken care of properly.

It may be just bad reporting of what was said. Was it the security guy who said this or was it the reporter reporting what he/she thought the security guy said?

Reloading is not necessarily a bad idea. Today's malware is so multi-vectored that it is never entirely possible to be sure that you have removed everything.

And besides, most home users wouldn't know how to reload windows. Most of them will have already thrown any system recovery disks they might have had out with boxes their big box store PC or notebook came in.

Lucky me, I get to work mostly with corporate stuff. Usually policy sez ain't sposed to be nuttin on a workstation except the OS and apps. If the security software gets defeated, it is almost always faster to reload from an image than it is to remove the crud, safer too - nuke the MBR and reload. A PC can be re-imaged faster than you can say ComboFix and Malwarebytes. If I am feeling kind, I might backup favorites, Outlook.NK2, and the MP3 files (the ones that aren't supposed to be there).




____________________________________________



It is my pure and virtuous heart that
gives me the strength of ten!

[Niclo Iste]

Quite lucky to be in that situation. A restore image is very fast when nothing needs to be recovered. I'm partially about to do that for one client who likes to abues his PC. Just have a image to install and make him start keeping backups on an external so I can wipe and restore all in an hour.

[slgrieb]

I have a client who owns two hotels, and within a 4 month period, I had to reformat and reload Windows on each of the front desk computers at one property. That was a trivial task, but afterwards, reinstalling printers, Symantec Endpoint Security, and reconfiguring their hotel management software took about 2 hours. When I had to do the second machine, I came on site with an external hard drive, imaged both machines, and promptly had the manager lock it in the safe.

Not surprisingly, both times I nuked the machines was due to malware infections. Where this really gets sorta interesting is that the 2 front desk computers, printers, reservation system, credit card processing, and the server for the system as well as the manager's office are on their own LAN and router entirely separate from the remainder of the property. The router in the system has most ports that aren't actually in use by the system closed, and the connection uses the franchise's corporate proxy server as the DNS server. The proxy server is also supposed to incorporate extensive site blocking.

Nevertheless, both machines were so infected that I could reformat and reinstall faster than I could disinfect. In each case the only warning reported by Endpoint Security was a false positive about a LogMeIn component.