backtop


Print 79 comment(s) - last by EricMartello.. on Jul 6 at 10:48 PM

TDL-4 detects and disables other malware to hide itself

Over the last year, there have been a number of high profile takedowns of botnets. These takedowns lead to a significant reduction in the amount of spam that computer users see in their inbox.

Security researchers are talking about a new botnet called TDL-4 and they say that it is virtually indestructible. The designers of the botnet used some ingenious methods to ensure that their net isn't as easy to take offline as previous botnets.

Security researcher Sergey Golovanod from Kapersky Labs said in a report on the TDL-4 botnet, "[TDL-4 is] the most sophisticated threat today." Joe Stewart is a malware researcher at Dell SecureWorks, he said, "I wouldn't say it's [TDL-4] perfectly indestructible, but it is pretty much indestructible. It does a very good job of maintaining itself."

There are several factors that work together to make TDL-4 so robust. One of the factors is that the malware infects the master boot record of the computers HDD it resides on. This is the first sector of the hard drive read when a computer starts and the malware rootkit is installed there. That makes the rootkit invisible to security software and the OS.

The thing that makes the botnet even more robust is the method that it uses to communicate with infected computers from the command and control servers. The TDL-4 botnet uses a public peer-to-peer network called the Kad P2P network for one of the two channels it uses to communicate between infected machines and the C&C servers.

Kapersky researcher Roek Schouwenberg wrote in an email to Computerworld, "The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet. The TDL guys are doing their utmost not to become the next gang to lose their botnet."

The hackers behind the botnet also use their own encryption algorithm and use the domain names of the C&C servers as the encryption keys. The use of a public network is the key to the robust botnet and helps ensure the TDL-4 network remains online.

Schouwenberg said, "Any attempt to take down the regular C&Cs can effectively be circumvented by the TDL group by updating the list of C&Cs through the P2P network. The fact that TDL has two separate channels for communications will make any take-down very, very tough."

So far, the TDL-4 botnet is very effective with an estimated 4.5 million Windows computers currently infected. Stewart said, "The 4.5 million is not surprising at all. It [TDL-4] might not have as high an infection rate as other botnets, but its longevity means that as long as they can keep infecting computers and the discovery rate is small, they'll keep growing it."

Another key to the longevity of the TDL-4 malware is the fact that it finds and disables other malware on the computer. This is done because the less likely the user is to know of any infection on their computer, the less likely they are to investigate further and potentially discover the TDL-4 malware on the machine.

Golovanov said, "TDL-4 doesn't delete itself following installation of other malware. At any time [it] can ... delete malware it has downloaded."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Wow
By icanhascpu on 6/30/2011 11:46:35 AM , Rating: 5
Where can I get this thing? Id like to hire these guys to make some tightly coded software.

In the decade of 20GB+ game installation, 200MB GPU, 150MB printer, 100MB mouse/keyboard driver downloads, I almost applaud their ability to search and destroy other malware in such a relatively small space with such good self protection.

Now if we could only use their power for good...




RE: Wow
By Wiggy Mcshades on 6/30/2011 11:51:00 AM , Rating: 5
I kinda want to get infected, free malware protection!


RE: Wow
By AnotherGuy on 6/30/2011 12:01:51 PM , Rating: 2
lol tdl4 is very easy to detect and remove... just get Kaspersky's TDSSkILLER and the scan takes only a minute


RE: Wow
By trajan on 6/30/2011 1:05:45 PM , Rating: 5
I think the point is, you can't easily take down the net as a whole. Removing one computer at a time is like trying to drain a lake with a teaspoon. TDL4, as a whole network, can't be easily wiped out.


RE: Wow
By DJ Brandon on 7/1/2011 11:01:36 AM , Rating: 2
I literally just spit my ddrink out reading this lol


RE: Wow
By wysiwyg009 on 7/5/2011 8:03:05 PM , Rating: 2
Disgusting.


RE: Wow
By geddarkstorm on 6/30/2011 3:44:26 PM , Rating: 4
It's pretty cool to me how this is so closely emulating what actual biological viruses do to avoid the immunesystem. Taking out all other infections in a cell to give time to replicate without the IS being tipped off is standard practice, with the few exceptions being incredibly interesting to biological research.

If any piece of software out there will ever develop true intelligence, the first will be a virus.


RE: Wow
By DopeFishhh on 7/1/2011 8:37:43 AM , Rating: 3
I agree it's cool to a certain extent it's emulation of biological viruses, but the way we develop programs as well as distributing them (including viruses) doesn't lead to developing intelligence. Programs are almost always distributed as perfect copies, this means it will never be any more intelligent after any number of replications.

This virus is intelligent because someone made it so, this is the same with software in general. Even the learning AI's are limited to the effort we put into developing them. The proverbial skynet is going to be made by some asshole.


RE: Wow
By StevoLincolnite on 6/30/2011 12:25:30 PM , Rating: 4
quote:
In the decade of 20GB+ game installation, 200MB GPU, 150MB printer, 100MB mouse/keyboard driver downloads


Makes me glad that Internet Connections have moved on from Dial-up years ago!
Hours... Just to download a driver up-date... Then disconnects at 99% downloaded... *Shudder*


RE: Wow
By bah12 on 6/30/2011 1:13:30 PM , Rating: 5
quote:
Makes me glad that Internet Connections have moved on from Dial-up years ago!

Not necessarily, because if the standard was still 56K, HP would not have the balls to release a 150MB printer drivers.

Back then driver coders had to be responsible, and write effective thin downloads. Today it has gotten out of hand, what should be relatively small programs/drivers have been bloated with extra crap no one needs because the manufacturer can.


RE: Wow
By EricMartello on 6/30/2011 6:17:02 PM , Rating: 3
That's right and I've said this many times before. These days your average McCoder relies on some bloated "managed language" like C# rather than learning and using C or C++ (languages that actually take skill). They get their DeVry degree and before you know it they are cutting-and-pasting "custom" programs like a boss.

There are still a handful of coders that actually write their own code and therefore can create optimized programs. Botnets are commonly written in ASM to facilitate small file sizes, but nowadays small file sizes are tripping some AV scanners so ASM may only be used where speed is of the essence (such as packing in a portable compiler that would allow the program to "morph" itself).


RE: Wow
By Slyne on 6/30/2011 6:57:40 PM , Rating: 3
You seem to have a very narrow understanding of the 'skills' required to deliver software. Memory management is not a skill, it's a chore. Wasting hundreds of man hours to root out memory leaks (and fail anyway) when you can have a garbage collector do it for free is not being smart to me. I'll take a managed language over free() and malloc() any time.


RE: Wow
By Gondor on 7/1/2011 5:36:14 AM , Rating: 2
GPU and printer control program (such as Catalyst) does not have to be 70+ MB in size. I am fairly confident that same application could be written in some more efficient language (C++, heck even Delphi) and fit into under 10 MB, majority of which would be taken by stupid splashscreens and other graphics that most users disable anyway if they can.

It's just a menu, a form, a handful of panels and few other UI bits and pieces for heaven's sake ! Adjust a property and one line of code invokes the driver to update the setting.

I used to write drivers (mainly framebuffer drivers) for certain opensource OSes. When compiled into binary form (.o) they were rougly 10 KB (kilobytes) in size. Userspace program that could interface with them (via ioctl) was well under 100 KB (kilobytes again).

70+ MB (WTF !?) garbage collector for what should be a 2MB app, where UI elements are perfectly capable of freeing memory when their destructor is invoked on their own and where you've got approximately 0 need for other memory structures (apart from one to interface with the driver itself which is allocated upon startup and freed upon exit) ? Puhleeese, spare us the apologetic nonsense ... The fact is that today's "programmers" using "languages" such as C# for driver control programs are nothing but utter inepts who should be hanged, drawn and quartered for humanity's sake.


RE: Wow
By tygrus on 7/1/2011 8:07:32 AM , Rating: 2
The base driver is probably <10% of the total. I think most of the rest is code to replace game code and support older DirectX/OpenGL API's.


RE: Wow
By bah12 on 7/1/2011 9:51:25 AM , Rating: 3
Ding we have a winner. I is not the language that is the problem it is all the other crap. Seriously look at HP's crap, how much extra code is used to monitor ink levels, pop up a fancy screen complete with links to their site to buy them. I also don't need a stupid animation and voice for "printing started"..."printing complete". They think they are doing some BIG service to the user, but all they do is over complicate crap.

Another sticking point are dell WiFi drivers, that don't just use the built in windows interface for connecting to a network. Why did we need another???


RE: Wow
By NellyFromMA on 7/1/2011 11:29:07 AM , Rating: 2
You're clearly assuming things about a technology you've chosen to hate without understanding. You know what they say about those who assume, don't you? ;)


RE: Wow
By EricMartello on 7/2/2011 7:28:41 AM , Rating: 2
quote:
You seem to have a very narrow understanding of the 'skills' required to deliver software. Memory management is not a skill, it's a chore. Wasting hundreds of man hours to root out memory leaks (and fail anyway) when you can have a garbage collector do it for free is not being smart to me. I'll take a managed language over free() and malloc() any time.


I like how you think that memory management is the only or even the most important element of an application. It's not. And guess what, there are plenty of libraries in C and C++ that you can use freely so you don't need to reinvent the wheel.

Managed languages add bloat and reduce application performance, often times substantially - 30% to 40%. You can compile a program in C# and by default it will include all the garbage necessary for it to work PLUS it relies on the user having a runtime installed. A "hello world" type program in C# would result in an exe file several megabytes in size. Done in C? A few KB at most. Done in ASM? A few bytes at most.

As far as the driver packages - a lot of their bloat is probably due to sloppy "joint" coding done by many different people, where one guy may introduce an error so they fix it by adding more shit to it. What's the nvidia driver version? 280 something now? Really? They needed nearly 300 attempts and still can't get it right...lol


RE: Wow
By ekv on 7/4/2011 2:27:33 AM , Rating: 2
quote:
reduce application performance
Actually only about 3-5% if you know what you're doing.
quote:
Done in C? A few KB at most. Done in ASM? A few bytes at most.
Excuse me, but are you even rational? Besides the inflammatory language, akin to a religious war, WHO CARES?! a couple bytes here and there, so what. I've got a small'ish workstation w/ only 4.6 some odd TB's. Am I really that concerned about a couple kb's, or even mb's?

Look, I'm kind of old-school in that I try to make a somewhat optimized program, small, easy-to-use, etc. But if I've got some kind of inept POS for a boss ranting about how slow a dev I am, then the optimization steps may have to take a back seat, in order to make the delivery date.

Your condemnation of C# reminds me of Edsger W.Dijkstra

"It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration."

http://www.cs.virginia.edu/~evans/cs655/readings/e...

A moronic statement if ever there were. And strays far from the OP.


RE: Wow
By EricMartello on 7/4/2011 3:53:38 AM , Rating: 2
quote:
Actually only about 3-5% if you know what you're doing.


No, not really. The whole point of managed languages is to enable people who DON'T know what they're doing to create programs. The performance limitation is due to its high-level nature and the sandbox it operates within. Even if you made a "perfectly" optimized program in C#, the optimized C equivalent would be at least 30% faster.

quote:
Excuse me, but are you even rational? Besides the inflammatory language, akin to a religious war, WHO CARES?! a couple bytes here and there, so what. I've got a small'ish workstation w/ only 4.6 some odd TB's. Am I really that concerned about a couple kb's, or even mb's?


That's the kind of fail mentality that leads to sloppy, bloated and generally unoptimized code. It's really not an issue of nit-picking a few bytes here and there for the executable's filesize, it's more about the coder taking the time (and having the intelligence) to write a program that isn't a clunky piece of garbage.

quote:
Look, I'm kind of old-school in that I try to make a somewhat optimized program, small, easy-to-use, etc. But if I've got some kind of inept POS for a boss ranting about how slow a dev I am, then the optimization steps may have to take a back seat, in order to make the delivery date.


A GREAT coder means you have the key to MANY income opportunities, so if your boss is a c0cksucker you can easily find another place to work OR just freelance. As a McCoder whose area of expertise is churning out cut-n-paste apps in C# or VB, your options are limited because like a janitor you are easily replaceable.

quote:
"It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration."


I don't think that is true, as a good coder can adapt and learn new languages similar to people learning to speak in other languages.

I am not saying that C# is ruining the potential of good coders, what I am saying is that companies that spit out products based on crap like C# fail, and that C# lowers the bar so much that it did to coding what AOL did to the internet - unleashed a tidal wave of stupid.

I can concede that managed languages have their niche, but retail software applications are not that place. If you are in business to release software, hire a competent workforce that can deliver optimized C/C++ code within reasonable time frames.

By the way, if you use Delphi or C++ Builder you can develop decent apps quickly - but you'd still need to be smart enough to code in either of those languages.


RE: Wow
By ekv on 7/4/2011 5:19:26 PM , Rating: 3
quote:
No, not really.
Yes, yes really. Aren't you confusing "managed language" w/ "interpreted language"? And how much extra time do you spend optimizing your C program? and do you really still program in C? Seriously?
quote:
it's more about the coder taking the time (and having the intelligence) to write a program that isn't a clunky piece of garbage.
Time is of the essence isn't it. Like when you have a delivery date. And IntelliSense saves plenty of time. That's my mentality.
quote:
A GREAT coder means you have the key to MANY income opportunities
I don't consider myself a "great" coder, not that I even dwell on it. You said yourself there are few great coders. The rest of us then must simply be mentally mutilated bums. Btw, checked out the job market recently?
quote:
what AOL did to the internet - unleashed a tidal wave of stupid.
Right, all those idiot customers ... that pay the bills.

Can't this be better optimized?

void _(char *__, int ___, int ____) {//{+
if(___ <= ____)/*cin>>*/{cout<< *(__+___);//###
_((__),(++(___)),(____));}}/*printf("%s\t", *__x)*/
int/*0xFF___\p+*/main() {char x___[8/*__(*Z_)
*/]={0x43,0x6F,0x64,0x65,0x43,0x61,0x6C,0x6C};
_(x___, 0, 7);return
0
;
}

Sure, but while you're at that I've got people to meet and places to go. Enjoy your computer
http://www.dailytech.com/Robots+Become+More+Lifeli...
since I'm going to enjoy my date.


RE: Wow
By EricMartello on 7/4/2011 9:02:26 PM , Rating: 2
quote:
Yes, yes really. Aren't you confusing "managed language" w/ "interpreted language"? And how much extra time do you spend optimizing your C program? and do you really still program in C? Seriously?


Nah bro, not really...and if you're going to refute what I say at least provide some basis other than "nuh-uh". There are plenty of benchmarks that show the slow performance and bloated program sizes that managed languages produce when compared to C/C++. Runtime = Sandbox and C# requires a runtime installed (.NET Runtime) on the client system to operate.

quote:
Time is of the essence isn't it. Like when you have a delivery date. And IntelliSense saves plenty of time. That's my mentality.


Clearly a McCoder wouldn't understand the first thing about quality. That is why I wouldn't hire a schmuck like you...and I doubt you're missing many deadlines living in mom's basement.

quote:
don't consider myself a "great" coder, not that I even dwell on it. You said yourself there are few great coders. The rest of us then must simply be mentally mutilated bums. Btw, checked out the job market recently?


LOL you're a McCoder and nothing more. You may have had a passing interest in programming but never the mental capacity to do it until they rolled out "computer programming for morons" aka C#, VB and other languages of that ilk. The job market is fine for people who actually have skills. It's rough for people who think being employed is an entitlement.

quote:
Right, all those idiot customers ... that pay the bills.


We're not talking about revenues or profitability. The issue we're discussing here is code and program quality - and you've failed to make a case for your position other than "Morons need C# because they'd take too long to produce something in C."

quote:
Can't this be better optimized? void _(char *__, int ___, int ____) {//{+ if(___ <= ____)/*cin>>*/{cout<< *(__+___);//### _((__),(++(___)),(____));}}/*printf("%s\t", *__x)*/ int/*0xFF___\p+*/main() {char x___[8/*__(*Z_) */]={0x43,0x6F,0x64,0x65,0x43,0x61,0x6C,0x6C}; _(x___, 0, 7);return 0 ; }


Why are you copy-and-pasting code here? Do you think that earns you some kind of "cred"? The more you speak the more you reveal how little you know about this topic, and reinforce the McCoder stereotype.

The optimizations that allow C/C++ to outperform C# include the ability for functions to be tuned on a low level so that they execute in as few clocks as possible, where relevant, such as in media transcoding, media manipulation, algorithmic calculations, etc. What you pasted is irrelevant.

quote:
Sure, but while you're at that I've got people to meet and places to go. Enjoy your computer http://www.dailytech.com/Robots+Become+More+Lifeli... since I'm going to enjoy my date.


Have fun with your RealDoll and enjoy the benefits of being unemployed.


RE: Wow
By ekv on 7/5/2011 2:38:33 AM , Rating: 2
quote:
Nah bro, not really
Yes, really. And I'm not your "bro", thank you very much. In addition if you want benchmarks, go right ahead.
quote:
That is why I wouldn't hire a schmuck like you
First off, you couldn't afford me, especially since you're not in a position to do so. Second, you doubt I'm not missing any deadlines ... because, why? because I told you I wasn't. Again, time is of the essence. Thirdly, I used to think mental capacity and C++ were the greatest. Then I grew up. Silver bullets don't interest me. Getting the job done does. Which usually means good tools and communication w/ co-workers. Let me be clear regarding the latter, if you require somebody to put down in order to feel good about yourself, rots o' ruck.

The job market is so-so. Economy is rough [just ask NASA engineers]. But job requirements listing .Net platform skills are better than ever. Personally, that is likely puerile snob appeal, though I admit it not. Nor do I care for the polar opposite of pop appeal. Of course, the latter does have correlation with revenues and profitability. If you're stuck on good quality, then you are sacrificing one of the other legs of the project triangle: price and/or speed. But you don't know that. Yet.

I'd be willing to wager you can't even go back a couple weeks to your code and explain your design decisions w/o looking at your notes. What? you didn't comment anything? Nor can you look at somebody else's C and optimize it, instead you'd have to re-write it from the ground up. Big time savings there stud.
quote:
The optimizations that allow C/C++ to outperform C# include the ability for functions to be tuned on a low level so that they execute in as few clocks as possible, where relevant, such as in media transcoding, media manipulation, algorithmic calculations, etc.
Gee, golly, I bet Visual Studio doesn't have access to any of that, huh. Specifically those dastardly "algorithmic calculations." They always cause trouble. Lol .Net runs on many platforms and if I need tuned "media transcoding", I can purchase a library just as easily as you. Except I meet deadlines. Do you even make deadlines? Can you? because once you get the code working you'll have to pound your agile partner to re-code your optimizations ... yet more time.

Lastly, I congratulate you however, for convincing me that the hacks who created TDL-4 likely are watchmaker-types who get off on saving a byte and who look forward to the resurrection of D.

I give you the last word ... I've got a life to lead.


RE: Wow
By EricMartello on 7/5/2011 5:31:38 PM , Rating: 2
quote:
Yes, really. And I'm not your "bro", thank you very much. In addition if you want benchmarks, go right ahead.


Umadbro?

quote:
First off, you couldn't afford me, especially since you're not in a position to do so. Second, you doubt I'm not missing any deadlines ... because, why? because I told you I wasn't. Again, time is of the essence. Thirdly, I used to think mental capacity and C++ were the greatest. Then I grew up. Silver bullets don't interest me. Getting the job done does. Which usually means good tools and communication w/ co-workers. Let me be clear regarding the latter, if you require somebody to put down in order to feel good about yourself, rots o' ruck.


LOL if anyone is paying you more than $25K per year they're grossly overpaying, and I'm being generous with that $25K figure.

You're not missing deadlines because the moronic work you are hired to do takes little or no skill, and therefore you'd have to be absolutely braindead to spend more than a few hours hobbling together your advanced "What is 2+2? (Y/N)" McPrograms.

You keep talking about "getting the job done" but really you're not. Do you think that finishing something, regardless of its final quality, is all that matters? No. All you are doing is cutting corners and accepting something below 'good enough' as 'complete'. You ARE part of the problem, and I appreciate that you reiterate my original point so frequently with each of your responses. McCoders are the reason for the bloat and unoptimized, sluggish code that crops up in so many modern applications...but hey, they finished it a couple weeks sooner so there's that...yay.

quote:
The job market is so-so. Economy is rough [just ask NASA engineers]. But job requirements listing .Net platform skills are better than ever. Personally, that is likely puerile snob appeal, though I admit it not. Nor do I care for the polar opposite of pop appeal. Of course, the latter does have correlation with revenues and profitability. If you're stuck on good quality, then you are sacrificing one of the other legs of the project triangle: price and/or speed. But you don't know that. Yet.


Yes, there are lots of low-paying jobs for .NET McCoders...apparently the Mc part was lost on you. Even in this economy, you could land a job at a local McDonald's. You make fast food, it's edible and it 'gets the job done' but you won't be winning any culinary awards nor can you consider yourself a chef simply because you slide frozen buns through a toaster all day. As a McCoder you are no different and no better than a fast food chain grunt - common, easily replaceable and skill-less.

quote:
I'd be willing to wager you can't even go back a couple weeks to your code and explain your design decisions w/o looking at your notes. What? you didn't comment anything? Nor can you look at somebody else's C and optimize it, instead you'd have to re-write it from the ground up. Big time savings there stud.


LOLWTF I always comment my code. Why wouldn't I? I also indent it and make it readable - it's a matter of efficiency...the McCoders are the ones who wouldn't spend the extra time to comment because it would cut into their speed of "excrement" too much. That's right, when you program in C# you don't have a development cycle - it's called an excrement cycle because the end result is always a big, steaming turd. Don't spend too much time on the crapper! hahaha

quote:
Gee, golly, I bet Visual Studio doesn't have access to any of that, huh. Specifically those dastardly "algorithmic calculations." They always cause trouble. Lol .Net runs on many platforms and if I need tuned "media transcoding", I can purchase a library just as easily as you. Except I meet deadlines. Do you even make deadlines? Can you? because once you get the code working you'll have to pound your agile partner to re-code your optimizations ... yet more time.


Are you referring to your cut-n-paste bits, the equivalent of bundled clip art? That's what it seems like. Why is it that the only thing you can say about C# is deadlines? Do you think eating BigMacs daily is better than having a steak with real mashed potatoes? Sorry bro, but you're outta your element in this conversation and that has been quite evident early on.

.NET is owned by MS. It runs only on platforms MS wants it too, and it would typically run sub-optimally on anything other than a Windows-based system, much like ASP...so yeah, you're already taking a 30%+ performance hit by using C# and then you want to run it on a non-Windows platform. lawl It's probably going to execute 60-80% slower than a proper C application of the same type, while being 100-200%+ larger in file size.

quote:
Lastly, I congratulate you however, for convincing me that the hacks who created TDL-4 likely are watchmaker-types who get off on saving a byte and who look forward to the resurrection of D.


TDL-4 is an example of superior coding by people who know what they're doing. A McCoder will NEVER be able to create anything like that, the sandbox wouldn't allow it. The people who TDL-4 it will reap its benefits for a long time to come, while McCoders like you will continue a pointless existence hobbling together unimpressive programs "quickly" for peanuts.


RE: Wow
By WalksTheWalk on 7/6/2011 5:39:54 PM , Rating: 2
EricMartello,

Everyone knows you have a monopoly on coding 100% optimized applications.

Too many lulz to count. Given your logic, why not code everything in ASM? The extra time spent is surely worth the performance improvement. Coding in C/C++ just bloats the process with all of their nasty runtime overhead. Why code in C# or Java when everyone knows it's total crap to begin with, right? (BTW - The questions are rhetorical.)


RE: Wow
By EricMartello on 7/6/2011 10:48:41 PM , Rating: 2
I don't claim to have a monopoly on optimized code; but I do respect it and the people who take the time to create it, and I myself strive to avoid the laziness and bloater mentalities that McCoders have unleashed on the computing world while working on my own programs.

The C language still maintains the best balance between higher-than-machine-code level readability without the substantial performance issues you get with managed languages. Neither C nor C++ require any type of "runtime" and are largely platform independent. Any overhead that they might have would be introduced by customizing the program to the host OS, and even then, you would still get better performance with C or C++ than C#.

While coding exclusively in ASM may seem like a good idea, it would not yield substantial gains over a well-coded C program. You can actually embed ASM code within C as needed to speed up certain functions and algorithms within your program - without having to make the entire program in ASM. Also, with advanced compiler optimizations, C/C++ programs can actually match ASM programs in terms of file size and speed.

The main benefits of ASM are not merely the fact that a well-written ASM program can potentially execute faster than a program created in a higher-level language, rather it is the ultra-fine control you get over the host system with ASM.

If you need more control than C or C++ can give you, there's ASM. If you just need to make a program that runs as fast as possible, there's C or C++.


RE: Wow
By NellyFromMA on 7/1/11, Rating: 0
RE: Wow
By DarkUltra on 7/3/2011 1:49:28 PM , Rating: 2
I don't care how you build it, just don't use up all the space on my relatively small SSD drive. Windows 7 64bit HDD IO operations itself is so slow we need SSD drives to make it useful again. I see the same operations in xp vs 7 takes several times more time. Listing of folders, calculating size of a bunch of files, opening the same program that reside on the same partition in takes twice as long in 7 vs xp.

On a related note, I look forward to upgrading my computer to sandy bridge e, but there is no excuse to produce bloat. There are always developers willing to make something proper as long as theres a demand. I want my computer to be as fast and responsive as Windows Phone 7, windows 8 better have a lot of C++ and Direct2D.

http://jeremiahmorrill.com/2011/02/14/a-critical-d...
inefficient way in which WPF uses Direct 3D

http://www.youtube.com/watch?v=ToFgYylqP_U
windows 7 vs xp slow GUI


RE: Wow
By EricMartello on 7/4/2011 4:05:59 AM , Rating: 3
I've always wanted to make an OS that is super light, but fully functional. I think Windows 7 is a lumbering behemoth because it's still maintaining backward compatibility and it never really had super-tight coding practices to begin with. That said, it's a fairly solid OS and I do use it, but it is far from what I would call optimized software. Imagine if all that bloat was eliminated...overall system responsiveness would improve, applications would run smoother and faster and it's likely that you'd get better gaming and entertainment performance as well.


Invisible?
By Trisagion on 6/30/2011 12:11:03 PM , Rating: 5
Programs that infect the disk MBR were the earliest DOS viruses. Virtually all anti virus software scan this first. I don't see how infecting the MBR makes this malware 'Invisible'.




RE: Invisible?
By bigdawg1988 on 6/30/2011 1:34:46 PM , Rating: 3
Well sure, but don't you want to buy a $40 av subscription anyway!?!


RE: Invisible?
By bah12 on 6/30/2011 1:35:58 PM , Rating: 2
quote:
One of the factors is that the malware infects the master boot record of the computers HDD it resides on. This is the first sector of the hard drive read when a computer starts and the malware rootkit is installed there. That makes the rootkit invisible to security software and the OS.
Agreed. How can a program executed from an OS be written to a place "invisible" to the os? If the MBR was some mysterious "invisible" place to the OS, then it could not be written to in the first place. It may be the first place that is read from, but the OS definitely has visibility to it.

The botnet as a whole may be hard to take down, but the infection is pretty easy to get rid of, and is not really "invisible". As another user pointed out, kaspersky already has a detection and removal tool. Since it has a GUI and can be ran from the OS, how is it finding this "invisible" rootkit?

Although I find the article interesting from the resilience of the botnet itself, the usual DT dramatization of the infection itself is unfortunately par for this site. If the article can't stand on its own merit scare the reader into interest ...ug.

Shaun your one of the last good authors on DT don't use scare tactics to present your article we get far too much of that crap from Mick and female Mick (Tiffany). The rest of the article was interesting and spot on, but this paragraph only hurt an otherwise good read. Maybe a paragraph on how it can be detected and removed easily, but the botnet will survive would have been a better choice. Not only does it avoid the scare tactic (and alienation of informed readers), but actually strengthens the argument that although one PC may be fixed killing the botnet as a hole would indeed be challenging. After all the real genius of TDL-4 is not how hard it is to remove, but that it goes about it's business covertly. No 1000 false "your computer is at risk buy Windows Antivirus 2100 now!!!" popup messages.


RE: Invisible?
By Smilin on 6/30/2011 2:00:16 PM , Rating: 5
quote:
Agreed. How can a program executed from an OS be written to a place "invisible" to the os? If the MBR was some mysterious "invisible" place to the OS, then it could not be written to in the first place. It may be the first place that is read from, but the OS definitely has visibility to it.


This is not entirely correct. If you insert filter drivers (lower or upper as appropriate) into necessary I/O stacks you can intercept calls and change them. In this case inserting a filter driver into the disk driver would allow you to intercept any read attempt at sector 0 and redirect it to a sector of your choosing that has a copy of the original sector.

That's just one method and may or may not be what they are doing here. Making it completely bullet proof would be (nearly) impossible but you could easily intercept most methods.

The same thing can be done with the registry and even display. I've found viruses before that cause explorer to simply not list certain filenames. Rename a file to one of these names and it disappears. Since there are often multiple paths to the "evidence" you can still get to the infection. In this case launching the cmd prompt from taskmanager's 'run' will let cmd.exe run outside the explorer.exe process.


RE: Invisible?
By tastyratz on 6/30/2011 2:21:12 PM , Rating: 4
Exactly what I was going to say you beat me to it. The mbr is not visible if you are essentially emulating a clean mbr for every scanner. It is very easy to infect a windows machine with a virus that ends up transparent to windows itself even outside of the mbr if you hijack host processes. There are numerous virii that can not truly be scanned for and deleted without booting from a bartpe/ubcd disc or another partition.


RE: Invisible?
By Smilin on 6/30/11, Rating: 0
RE: Invisible?
By bah12 on 7/1/2011 9:56:47 AM , Rating: 2
My point was that if this was invisible to the OS (and thus anything running within the OS), then why is there a GUI tool already available that can see it and remove it. Invisible means, can't be seen. I'd expect the removal process to involve getting out of the OS if it were truly "invisible". Clearly the tool can see it, so the OS could as well, doesn't mean it does just that it could.

This paragraph read to me that the virus was hard if not impossible to remove. That simply is not the case.


RE: Invisible?
By Smilin on 7/1/2011 10:50:32 AM , Rating: 2
I explained this in my post above.

There are many ways to see masked rootkits and the good ones will prevent most of these. Hiding from antivirus is really easy once an infection is in place. Hiding from a tool dedicated to finding that particular malware would be difficult if not impossible.

For example (again): Stick a lowerfilter driver in to map sector 0 reads to another sector. You're screwed... nothing reading from the disk driver would be able to see the real sector. BUT..someone could always stick yet another filter driver under the first.

Impossible to remove? No. It's just going to take a bit more capability than is built into antivirus by default. A "cleaning tool" would be necessary (until the AV is updated).

Mind you, removing a rootkit from a machine is not the same thing as removing a botnet from the 'net. This particular one can't be disabled en-mass like some in the past.


RE: Invisible?
By ekv on 7/4/2011 2:37:38 AM , Rating: 2
quote:
This particular one can't be disabled en-mass like some in the past.
However, that gives me an idea. I shall require vast sums of research money in order to capture the botnet in toto.

And so it goes. Interesting game of cat-and-mouse, and I damn well intend to keep my computer clean. 8)


RE: Invisible?
By GTVic on 6/30/2011 2:38:04 PM , Rating: 3
Proof that you shouldn't come to DailyTech if you are hoping to engage in a technical discussion.


RE: Invisible?
By sidphoenix on 6/30/2011 7:13:25 PM , Rating: 2
It's not in the MBR, from what I have seen in removing them, they are written outside partitioned space. It doesn't add itself to MBR or FAT, it's simply written to specific sectors on the drive and the program can reference them without it having to be visible to everything else. Ths is ok because it doesn't have to be a responsible program: if it hoses the OS because it overwrote a necessary file, then no biggie. Sometimes you go to computer management in windows and you see no disks present because of this.


You have my sympathy
By Tony Swash on 6/30/11, Rating: 0
RE: You have my sympathy
By angryplayer on 6/30/2011 11:42:48 PM , Rating: 4
Because Ol' Stevie's farts smell like pansies and roses.

</sarcasm>


RE: You have my sympathy
By themaster08 on 7/1/2011 2:13:10 AM , Rating: 2
Just as those Mac Defender victims have my sypathy. Too bad they don't have Apples, because they willingly installed the software.

Oh, wait..... that's exactly how the vast majority of Windows users become infected!


Judgement Day
By TonyB on 7/1/2011 9:03:18 AM , Rating: 3
2:14AM EST - August 29th, 1997

In a panic, they tried to pull the plug.




What about the Microsoft rootkit ?
By tygrus on 7/1/2011 8:13:33 AM , Rating: 1
That's the one that has spread too millions of computers .. oh someone pays for it, that makes it different.

We need a anti-worm built into the boot sector. If the system is compromised when can tell because you can no longer interegate it.

I guess that's why they want us all to use Hypervisors with virtualised OS for protection.




I bet it's the Chinese
By soghjai on 6/30/11, Rating: -1
RE: I bet it's the Chinese
By FaceMaster on 6/30/2011 1:36:41 PM , Rating: 2
quote:
There is evidence that processors and other chips that are manufactured in China have malicious code in them.


Proof please? Are you just talking about that case where fake chips were sold to American defence contractors by a Chinese salesman? If so, I think you're skewing the facts a bit.

*Takes big breath of sarcasm*

I bet it's actually done by Bin Laden, since it's all just a conspiracy that he was captured. He's actually part of the skull and crossbones, along with all major world leaders. This is just a way of them controlling the populace.

/sarcasm


RE: I bet it's the Chinese
By XSpeedracerX on 6/30/2011 2:32:04 PM , Rating: 3
*Sigh*

I really do wish people would stop peddling Call of Duty style storylines as reality. China will never go to war with the US. Ever. It's not going to happen. They are a major purchaser of our debt. We are a major purchaser of their cheap poorly made crap. We are responsible for their explosive economic growth and an outright war with us would (a guarantee that they'd never get their money back (b shoot their growth in the foot (c end their aspirations of becoming a major world power.


RE: I bet it's the Chinese
By deathwombat on 6/30/2011 8:06:51 PM , Rating: 2
Good point. If China ever significantly reduces their ownership of US debt, then you can start to worry.


RE: I bet it's the Chinese
By Alexvrb on 6/30/2011 9:51:41 PM , Rating: 2
China works on much longer term goals than we do. If they continue to grow, and we continue to spend ourselves into insolvency, you can't really say what is going to happen in the long run. If they really DO want to take us over, they may not give a damn what they give up by doing so. Money they loaned us, that they didn't need? Oh well. They own this nice chunk of land between Canada and Mexico now, but it's OK Canada - they promise no more invasions. Worked for Hitler.

Look the rise and fall of kingdoms, empires, civilizations. You don't know what the future holds, and it is foolish to think that the Chinese would NEVER invade us because "we owe them money" and "we buy their stuff". Tons of countries buy Chinese-produced goods too, directly and indirectly. Who knows what the next hundred years will hold?


RE: I bet it's the Chinese
By XSpeedracerX on 7/1/2011 10:20:07 AM , Rating: 1
"China works on much longer term goals than we do."

No they do not. China works on extremely short term goals benefiting their immediate future at the cost of long term consequences. Currently, they are engaged in the modern equivalent of pyramid building; their obsession with "10% GDP growth no matter what!' has led them to build ghost cities and malls that are barely inhabited. This is contributing to what will be the biggest real-estate bubble in history and nothing good will happen for them once it goes 'pop'.

"If they really DO want to take us over, they may not give a damn what they give up by doing so."

That's gotta be the dumbest thing I ever heard. FYI; the cold war is over. There is no future scenario that does not include the U.S. as a major economic contributor to China thanks to Apple, Walmart, Target and a host of other major corporations. Therefore, there is no scenario of conflict between China and the U.S. that does not end with them knee-capping the income they'd desperately need to finance such a large scale global conflict, which by the way would end in defeat for china. I'm not even going to address the retarded reference to Hitler. Godwin's law strikes again...

"You don't know what the future holds, and it is foolish to think that the Chinese would NEVER invade us because "we owe them money" and "we buy their stuff"."

No, it isn't. Even if we pretend that China's military is advanced enough to spark a global conflict, it would take a steady stream of positive income to finance such a conflict, and that comes from economic growth (and I mean real economic growth, not this pyramid building shit they're doing now). We are their only source of income. War would cut off that source of income thus cutting off their ability to make war, not to mention permanently knee capping any future economic growth as well as any aspirations they have to become a global power; who would do business with China again knowing the deal would eventually end in a costly and fruitless war?

"Who knows what the next hundred years will hold? "

I do. China continues to be the premier source for cheap labor for the world at the cost of the quality of life for it's citizens. Their obsession with a constant 10% GPD growth has lead them into overcapacity in the real estate sector which will have significant economic consequences for them down the road, as it did for the U.S. Chinese citizens continue to notice how much better people in the west have it and continue to not be happy about it. As economic conditions change for the worse, the Chinese government faces managing a depression-like situation which leaves them wanting out of buying U.S. debt, but needing (now more than ever) business from U.S. corporations which are reliant on them as a source of cheap labor.

Then China goes to war with the U.S....but only in Call of Duty modern warfare 5.


RE: I bet it's the Chinese
By ekv on 7/4/2011 2:49:03 AM , Rating: 2
quote:
No they do not. China works on extremely short term goals
As far as industrial espionage is concerned, yes they do have long range goals.
quote:
ghost cities
Those cities apparently are vacation houses purchased by the nouveau riche. Weekends are busier than weekdays. Working there may suck, but there are rewards.
quote:
We are their only source of income.
You don't believe that for a second.
quote:
China continues to be the premier source for cheap labor for the world at the cost of the quality of life for it's citizens.
And your point? I mean, we care, but since when do they? Perhaps that is what ought to cause some concern.


RE: I bet it's the Chinese
By drycrust3 on 7/1/2011 2:36:20 AM , Rating: 1
quote:
They know they'll lose if they fight evenly with the US and it's allies.

I heard an American soldier, I think it was a general or a lieutenant, who said that if you go into a fair fight then you haven't done your homework properly because you should never go into a fair fight because it is war, so get the idea of an "even fight" out of your mind, it just isn't going to happen.


By themaster08 on 6/30/2011 12:06:40 PM , Rating: 5
quote:
Funny after nearly 20 YEARS of making operating systems Microsoft can't manage to close their security holes.
There's only one type of hole that Microsoft cannot patch. Assholes that willingly install just about anything on their systems with no consideration of the consequences.


By Ramstark on 6/30/2011 12:14:03 PM , Rating: 2
+5 to you sir. Working in IT let you have a wider view of this issue. 95% of infections cases are the result of the user clicking in something he/she did not even know what is...


By corduroygt on 6/30/2011 1:09:48 PM , Rating: 2
And the only thing to prevent that is the app-store model where every app would have to be approved by Microsoft before it could be installed.


By corduroygt on 6/30/2011 4:29:55 PM , Rating: 2
That's impossible unless you turned off UAC.


By themaster08 on 7/1/2011 2:15:39 AM , Rating: 2
And an effective firewall solution, and possibly even malware already on the system.


By MrBlastman on 6/30/2011 12:31:17 PM , Rating: 3
Stop being delusional.

There is no such thing as perfect computer security (unless you use an air-gap but even that can be circumvented as Private Manning showed us). No such thing at all.

The only reason Microsoft Operating systems keep being compromised is because they are so widely installed. They are a prime target due to so many people using them.

Since you seem to know everything there is to know about computer security--answer me this: What operating system do YOU use?

Additionally, as a previous poster mentioned--the biggest problem with Microsoft's operating systems is essentially a PEBKAC error...

Defense never, ever wins a war. Only a good Offense does.


By StevoLincolnite on 6/30/2011 12:39:50 PM , Rating: 2
quote:
Defense never, ever wins a war. Only a good Offense does.


Offense isn't always the answer... Look at the backlash Sony got after it stopped a hacker bringing back the OS Sony removed.

Microsoft's strategy is a bit more sound... It acquires it's enemy and gets them to work for the swarm (To much StarCraft, ugh.) with hardly a noise.


By MrBlastman on 6/30/2011 1:06:25 PM , Rating: 2
I wouldn't consider the hacker that Sony went after a threat to them at all nor a malicious individual--unlike TDL-4. What Sony did I would consider a complete blunder of judgement.

Oh, and since you play StarCraft (hopefully the original as StarCraft 2 is too simple and lacks depth), I'm sure you'll agree that if you don't expand (and your initial rush fails) you have little chance of winning. You have to be offensive to expand to other mineral patches.

About the only RTS I've played where you could turtle up in your base is Supreme Commander--and even in that, you had to reach critical mass (power and mass output)--at which point in time you could build T3 Artillery (nukes are for wimps) and shell people into oblivion. The act of shelling them though, would then move you to an offensive position. You'd eventually have to occupy their territory by ground or send in air units to wipe out the stragglers.


By MrBlastman on 6/30/2011 1:08:33 PM , Rating: 2
Heck, even in Chess it is a wasted move if you fail to implicate pressure upon your opponent indirectly (not necessarily an immediately adjacent piece) with that move coupled with even worse consequences to them if they were to counter directly.


By Hyperion1400 on 6/30/2011 2:18:35 PM , Rating: 2
Actually, if you do it right, nukes are the best offensive weapon.

The gameplay of Supcom is essentially Keynesian Economics. The object is to expand your economy quicker than the other person and then outproduce them. That is why I would always go Aeon.

Their shields are nearly invisible, so you can layer them without making it readily apparent, which causes you opponents to throw themselves onto you defenses. And, they have the best econ in the game. Once you hit T3, turn out 10 or so engis, then immediately make a quantum teleporter. Then, you start churning out subcommanders and upgrade them with the Engi and Resource Generation packs. The result is a self sustaining army of T4 engis and a strat that can make a nuke in less than 45 min if done right.

The best part is they don't even see it coming! It is an unparalleled joy to watch them scramble to get a T3 Strategic Missile Defense online while you cackle maniacally at their futile efforts!


By MrBlastman on 6/30/2011 3:37:24 PM , Rating: 2
Yes, yes exactly why I love Supcom. It was so strategic instead of a clickfest. You can really out-think your opponent in it and win.

I prefer vanilla Supcom over Forged Alliance Supcom though. In FA, they broke the economic part of the game and really kinked it. In FA you essentially can turtle up and drop nukes. In vanilla, you could reach an elegant critical mass that would enable you to amass an army of subcommanders (producing power and mass) and then use them to both build an anti-nuke silo and then fastbuild an anti-nuke inside it all in the time it took your opponents nuke to launch from their base and get to yours--thus thwarting their efforts.

FA fixed that. It really cramped the mid to late game flexibility that vanilla excels in. I still to this day wonder why they did this but then, after seeing the abomination that SupCom 2 is, I didn't have to wonder anymore. Chris Roberts was slowly reverting back to his TA: Kingdoms nightmarish gameplay based on simplicity rather than the beautiful complexity that regular SupCom is.

Man, I wish people would still play vanilla online these days. Those six to nine months that people played it when it came out before FA was released was awesome. I miss SupCom. :(

Oh, and I played nothing but Cybran at the time. Stealth fighters ruled. I guess Cybran fits me though--they're weak on defense and are masters of the swarm. Their T3 arty had a nice area-effect to it though.


By Hyperion1400 on 6/30/2011 11:24:50 PM , Rating: 2
Yeeaahhh, but the Spider Tank can't touch the Colossus!

Actually, there is a way to break anti-nuke defenses that I would use against my friends and never tell them about.

If you make 3 nuke silos, and bind them to a ctrl group so you can select them at will; you can make the fire at the same time. This, as it turns out, breaks the anti-nuke AI. All silos within range of the triple nuke, no matter how many, will all target the exact same missile! They can kill the first two, but they just don't have the fire rate to take out the third >:)

MWUAHAHAHAHA!!!!!!!!!!!!!!!!

But yeah, I hated FA so much when it came out; and then Supcom 2 was just such an abortion. If there will be a new Supcom, I hope they stick with the vanilla econ, expand the number of unit types and gameplay possibilities (T5 anyone!), and add some serious multi-threading support so we can get some 10k vs 10k battles going!


By Smilin on 6/30/2011 2:05:19 PM , Rating: 2
I think he meant "effective offense". Sony's attempt at taking down a single individual did *nothing*


By JakLee on 6/30/2011 4:15:47 PM , Rating: 3
quote:
Microsoft's strategy is a bit more sound... It acquires it's enemy and gets them to work for the swarm (To much StarCraft, ugh.) with hardly a noise.


Actually...... if go back a few years to a competitor to starcraft: Age of Empires. In the first one your priests could convert enemy units and buildings to be on your side....

Man I love church of microsoft in that game!


By MrBlastman on 6/30/2011 1:49:56 PM , Rating: 2
You failed to answer my question. Own up and answer it. What operating system do YOU use?


By themaster08 on 7/1/2011 2:18:23 AM , Rating: 1
Mac OS X contains KNOWN exploits. Safari anyone?


By RedemptionAD on 6/30/2011 12:45:51 PM , Rating: 2
You can't fix stupid. ID10T errors are unstoppable. Just like most problems origins are between the chair and the keyboard. No OS or protection can stop that.


By AmbroseAthan on 6/30/2011 2:08:55 PM , Rating: 2
"A common mistake people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools." -Douglas Adams


By RedemptionAD on 6/30/2011 2:28:38 PM , Rating: 2
Make it idiot proof and someone will build a better idiot. -Shirt at Microcenter


By RedemptionAD on 6/30/2011 2:09:29 PM , Rating: 4
That doesn't stop family and friends driving you crazy with phone calls when they refuse to learn anything on their own. If I secure it, I get calls of why it stopped their download and I tell them it was a virus and they say "But I want my download."


By chagrinnin on 6/30/2011 4:28:20 PM , Rating: 3
Apple already did that.


By bigdawg1988 on 6/30/2011 1:38:05 PM , Rating: 2
No OS or protection can stop that.

At least not until it becomes self-aware.... hee


By Smilin on 6/30/2011 2:03:30 PM , Rating: 4
Name me one modern OS that has NO security vulnerabilities and then we'll sit down together, have a beer, and gripe about Windows.

Until then STFU and go educate yourself, Troll.


"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki