[27070] in resnet

home help back first fref pref prev next nref lref last post

Re: Trojan DNS Changer Virus

daemon@ATHENA.MIT.EDU (Jeff Kell)
Fri Dec 2 13:27:59 2011

MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------070702050006040006080203"
Message-ID:  <4ED9180D.3030905@utc.edu>
Date:         Fri, 2 Dec 2011 13:25:17 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Jeff Kell <jeff-kell@utc.edu>
To: RESNET-L@listserv.nd.edu
In-Reply-To:  <CAEPWjzuY54g9eHYF+-YZR+jv+m0kn=WRaH0C1PbxYx3v+qe9Yg@mail.gmail.com>

--------------070702050006040006080203
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

On 12/2/2011 12:59 PM, Doughty, Marc wrote:
> I've personally seen two machines with 'undetectable' malware in the last few weeks.
> Undetectable inside the booted system (even running Forefront and Symantec), but
> clearly visible from a boot disk.

The DNS Changer was often included in TDSS payload packages.  TDSS is very prolific at
hiding and restoring itself.

Jeff

___________________________________________________
You are subscribed to the ResNet-L mailing list.

To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________

--------------070702050006040006080203
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    On 12/2/2011 12:59 PM, Doughty, Marc wrote:
    <blockquote
cite="mid:CAEPWjzuY54g9eHYF+-YZR+jv+m0kn=WRaH0C1PbxYx3v+qe9Yg@mail.gmail.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      I've personally seen two machines with 'undetectable' malware in
      the last few weeks. Undetectable inside the booted system (even
      running Forefront and Symantec), but clearly visible from a boot
      disk.<br>
    </blockquote>
    <br>
    The DNS Changer was often included in TDSS payload packages.&nbsp; TDSS
    is very prolific at hiding and restoring itself.<br>
    <br>
    Jeff<br>
  </body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________

--------------070702050006040006080203--
home help back first fref pref prev next nref lref last post