Facebook   Twitter    YouTube    RSS Feed    Android App    iPhone and iPad App     BlackBerry App    
Subscribe to Newsletter



Results 1 to 9 of 9

Thread: For the lulz...

  1. #1
    SmoothOokerMaximus The_Librarian's Avatar
    Join Date
    Apr 2005
    Location
    Unseen University - my ancestral home
    Posts
    92,483
    Blog Entries
    21

    Default For the lulz...

    Got a PC from a client. Copied virusupdates etc to flash disk.

    Inserted flash disk into client's PC.

    Explorer window opened with the contents of my flash disk.

    All of a sudden all the directories is now *.exe's and I've got three extra folders - porn.exe, secret.exe and sexy.exe, and also what purports to be a x.mpeg movie clip



    Opened a DOS command prompt, and was able to copy the virus update package over by using DOS commands.

    Feh. Quite interesting

    Not gonna put that flash disk into a winders PC - it will have to wait for a Linux PC...
    Is the 10 Commandments for Christians?

    Saturday is the Seventh day, Sunday is the first day.

    VOTE #ROCK FOR PRESIDENT

  2. #2

    Default

    EINA!!! eish, Windows

  3. #3
    Super Grandmaster Madman88's Avatar
    Join Date
    Feb 2006
    Location
    Cape Town
    Posts
    9,305
    Blog Entries
    2

    Default

    wow!

    Boot disk antivirus FTW.

    Tho I been fighting that virus/trojan (or one very similar) on a couple of friends pc's over the last few months and MSSE deals with it just fine.
    I am 13531

    "Balance is the key to everything, without it we would just keep falling over."

  4. #4
    SmoothOokerMaximus The_Librarian's Avatar
    Join Date
    Apr 2005
    Location
    Unseen University - my ancestral home
    Posts
    92,483
    Blog Entries
    21

    Default

    McAfee picks it up as VBObfus.ci trojan.

    Still busy scanning the PC.
    Is the 10 Commandments for Christians?

    Saturday is the Seventh day, Sunday is the first day.

    VOTE #ROCK FOR PRESIDENT

  5. #5

    Default

    My brother in law is first line support and this sounds exactly like the latest virus he is battling throughout their userbase. Cant recall the name >.< Funny tho ;p

  6. #6

    Default

    Quote Originally Posted by The_Librarian View Post
    it will have to wait for a Linux PC...
    Solution right there!

    I was hit by something similar. All content on a USB disk had their hidden bit set and shorcuts with names resembling former files and folders created. The shortcut obviously performed some sinister activity. Resetting the 'hidden' bit in windows - no dice. Attrib didn't help either. Enter sir Ubuntu.

  7. #7

    Default

    Ubuntu has fixed many a USB stick fpr me as well

  8. #8
    SmoothOokerMaximus The_Librarian's Avatar
    Join Date
    Apr 2005
    Location
    Unseen University - my ancestral home
    Posts
    92,483
    Blog Entries
    21

    Default

    Righty-o

    Contents of "autorun.inf" of said USB disk :

    Code:
    [jWvtTVBqwmCwkP]
    
    YqrOJp=acgkRwNHHwYF
    
    kYJbnBEEIypk=amWjSGWoq
    
    tNDXIFqnptOmKaI=nLOOg
    
    PoLXUKTJjXf=nAfZfiYKYIyWxMF
    
    eCZOMLfXL=aXUVAMqR
    
    [autorun]
    
    ICoN=rwkiug.exe,0
    
    YOZXjdDegHRKLJ=TBxYySxOeoFQws
    
    MFDEXTfB=phJBdFQ
    
    dMzULCyjcDrk=FCmutGhf
    
    gCvgeJRutAsDVOO=bbvokNjV
    
    SWnXFyd=5970
    
    DhyTOjVzxXd=232
    
    BMFYGSVTWTawurQ=9159
    
    open=rWkIUG.EXE
    
    GMmFoLCp=9863
    
    OrRMW=5446
    
    xBurBkr=783
    
    ACtion=8925
    
    eybyaS=4775
    
    RDnIQNeHgDAt=1656
    
    KjuXZCxpihgMii=6952
    
    USeaUtopLay=1
    
    dMfPpGRdrGeTAZ=4072
    
    TgVwDADJn=4220
    
    wWhXs=4238
    
    [uUJBEQiWSyUwuR]
    
    KaHbnaJL=ErrNarbBm
    
    wanSXrjIl=NWUoivpYJUFWz
    
    XmcoBB=pTWruAWBl
    
    vokxsBz=ciQcyEG
    o_O
    Is the 10 Commandments for Christians?

    Saturday is the Seventh day, Sunday is the first day.

    VOTE #ROCK FOR PRESIDENT

  9. #9
    SmoothOokerMaximus The_Librarian's Avatar
    Join Date
    Apr 2005
    Location
    Unseen University - my ancestral home
    Posts
    92,483
    Blog Entries
    21

    Default

    Directory listing (in DOS)

    Code:
     Volume in drive E is Transcend
    
     Volume Serial Number is 0409-4694
    
    
    
     Directory of E:\
    
    
    
    11-06-2012  11:33              200,704 Alcohol.exe
    
    11-06-2012  11:33              200,704 Allycad Home.exe
    
    11-06-2012  11:33              200,704 antivirus.exe
    
    11-06-2012  11:33              200,704 avupdate.exe
    
    11-06-2012  11:38                    0 huh.txt
    
    11-06-2012  11:33              200,704 Microsoft.exe
    
    11-06-2012  11:33              200,704 Passwords.exe
    
    11-06-2012  11:33              200,704 peerguardian.exe
    
    11-06-2012  11:33              200,704 Porn.exe
    
    11-06-2012  11:33              200,704 Secret.exe
    
    11-06-2012  11:33              200,704 Sexy.exe
    
    11-06-2012  11:33              200,704 System Volume Information.exe
    
    11-06-2012  11:33                    0 x.mpeg
    
                  13 File(s)      2,207,744 bytes
    
                   0 Dir(s)  13,906,059,264 bytes free
    Directory listing under Linux Mint :

    Code:
    ook@TravelMate-5610 /media/Transcend $ ls -l
    total 2365
    drwx------ 1 emil emil      0 2011-12-16 18:48 Alcohol
    -rw------- 1 emil emil 200704 2012-06-11 11:33 Alcohol.exe
    drwx------ 1 emil emil      0 2012-05-18 11:23 Allycad Home
    -rw------- 2 emil emil 200704 2012-06-11 11:33 Allycad Home.exe
    drwx------ 1 emil emil   4096 2012-06-08 13:45 antivirus
    -rw------- 2 emil emil 200704 2012-06-11 11:33 antivirus.exe
    -rw------- 1 emil emil    601 2012-06-11 11:48 autorun.inf
    drwx------ 1 emil emil      0 2012-06-11 11:01 avupdate
    -rw------- 1 emil emil 200704 2012-06-11 11:33 avupdate.exe
    -rw------- 1 emil emil    886 2012-06-11 11:38 huh.txt
    drwx------ 1 emil emil   4096 2012-05-18 10:08 Microsoft
    -rw------- 2 emil emil 200704 2012-06-11 11:33 Microsoft.exe
    -rw------- 2 emil emil 200704 2012-06-11 11:33 Passwords.exe
    drwx------ 1 emil emil      0 2011-12-28 19:25 peerguardian
    -rw------- 2 emil emil 200704 2012-06-11 11:33 peerguardian.exe
    -rw------- 1 emil emil 200704 2012-06-11 11:33 Porn.exe
    -rw------- 1 emil emil 200704 2012-06-11 11:33 rwkiug.exe
    -rw------- 1 emil emil 200704 2012-06-11 11:33 Secret.exe
    -rw------- 1 emil emil 200704 2012-06-11 11:33 Sexy.exe
    drwx------ 1 emil emil      0 2012-06-08 12:37 System Volume Information
    -rw------- 2 emil emil 200704 2012-06-11 11:33 System Volume Information.exe
    -rw------- 2 emil emil      0 2012-06-11 11:33 x.mpeg
    ook@TravelMate-5610 /media/Transcend $
    I see what the pox did there...

    By the by, huh.txt is the DOS directory listing I made
    Is the 10 Commandments for Christians?

    Saturday is the Seventh day, Sunday is the first day.

    VOTE #ROCK FOR PRESIDENT

Similar Threads

  1. Lulz Security
    By Derrick in forum Company and People Info
    Replies: 1
    Last Post: 26-09-2011, 11:40 AM
  2. Anonymous and Lulz Security arrests in UK
    By rpm in forum Broadband and IT News
    Replies: 2
    Last Post: 02-09-2011, 09:50 AM
  3. Lulz Security strikes SOCA website
    By rpm in forum Broadband and IT News
    Replies: 7
    Last Post: 25-06-2011, 01:22 PM
  4. Replies: 6
    Last Post: 16-06-2011, 10:56 AM
  5. MyBroadband Xbox article hits N4G.com, lulz and confusion ensue
    By tinman in forum Gaming Consoles: Microsoft XBox 360, Sony PS3, PSP, Wii, PC Vita, Wii U, 3DS, 3DS XL
    Replies: 5
    Last Post: 21-01-2009, 02:29 PM

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •