Avast WEBforum

Other => General Topics => Topic started by: polonus on March 22, 2006, 02:29:14 PM

Title: Dangerous rootkit steals 40.000 passwords
Post by: polonus on March 22, 2006, 02:29:14 PM

Hi forum members,

Read here about this threat: http://www.nthworld.org/archives/2006/03/on_march_20th_w_1.htm#more

More about win-alcra and removal instructions:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43300


polonus

Title: Re: Dangerous rootkit steals 40.000 passwords
Post by: CharleyO on March 22, 2006, 08:11:09 PM

***

Interesting, Polonus ... and very scary!    :o

The first link give interesting background info.

Hopefully, everyone reads the second link as there is info there that can tip you off that something unwanted is installing (the faked install window) and therefore can take appropiate action.


***

Title: Re: Dangerous rootkit steals 40.000 passwords
Post by: mike6688 on March 22, 2006, 08:28:08 PM

Wow,

So glad I don't use P2P programs which the worm uses.

Title: Re: Dangerous rootkit steals 40.000 passwords
Post by: CharleyO on March 22, 2006, 08:50:17 PM

***

Yeah, I have no use for P2P programs neither, Mike.   :)

Though, I do have P2P Shield activated for all supported ... just in case I get stupid some day!    ;)  ;D


***

Title: Re: Dangerous rootkit steals 40.000 passwords
Post by: YLAP on March 22, 2006, 08:53:27 PM

Hmmm... And Skype... I thought this application is P2P based too... Am I wrong?  ??? I know it is covered by avast with IM Shield. The only one P2P I have is uTorrent.

Title: Re: Dangerous rootkit steals 40.000 passwords
Post by: polonus on March 22, 2006, 10:04:10 PM

Hi CharleyO,

While they are declaring their program is malware free, Kazaa for instance gives you malware you cannot shut down, only if you are a malware fighter or get help from specific tools. But you would not like to have the SpyFalcon or like installs there on the first place, would you folks? There is a perfectly legit way to do this, and it is malware free but heavily moderated, and that is use Usenet, but you have to subscribe.
People like to scare you and say the Internet is not a safe place. The sites that are the source of malware aren't that many, and it is like in the real world, go to a back alley, and you can get clubbered over the head. If you take your precautions (layered protection and in-browser pre-scanning) you can surf with not too many risks. It is the masses of un-educated people that make the Internet an unsafe place, they always have three options: click right, click left or ignore, until the clicking gives out, because their machines have come to a halt and are taken to the repair man or just dumped by the road-side. A sorry state of affairs. We try to teach them better ways, but it is a long struggle to achieve.

polonus

Title: Re: Dangerous rootkit steals 40.000 passwords
Post by: CharleyO on March 22, 2006, 10:22:07 PM

***

I never have used P2P programs. From the very first I heard of such things, I started saying what a bad idea it is. In the first place, the purpose of those programs was to fool the young (and otherwise unknowledgable) into downloading spyware, adware, and any other form of malware. It worked and is still working because there are so many unaware newbies "born" everyday.

When using P2P programs, you are just asking for trouble ... and sooner or later, you will be sure to get it.


***

Title: Re: Dangerous rootkit steals 40.000 passwords
Post by: Omar on March 23, 2006, 12:05:44 AM

I presume avast detects it? ;)

Title: Re: Dangerous rootkit steals 40.000 passwords
Post by: polonus on March 23, 2006, 08:15:43 AM

Hi Omar,

On Febr. 18th it did not, look here:
http://www.computing.net/security/wwwboard/forum/17782.html
Hope avast can confirm, it does now,

polonus