

All your drives are belong to us - crocowhile
http://blog.fortinet.com/all-your-drives-are-belong-to-us/

======
omh
The interesting part of this is that it claims to encrypt the drive, but
really just overwrites the MBR. Much easier, and probably gets them money from
at least half of the victims that they would have done anyway.

~~~
jwn
Wow, who would have thought malware writers would be such low-lifes as to lie
to us about their impenetrable security? I thought only marketers did that.

~~~
ominous_prime
Well, then it sounds like the malware writers got themselves a marketing
department.

------
Jabbles
Another reason to employ multiple backup techniques. In this case, raw
partition backups would have probably saved a lot of worry (although they
wouldn't have got rid of the original vulnerability, which is arguably more
important).

~~~
omh
Why would fixing the original vulnerability be more important than backups?

~~~
Jabbles
Perhaps there is a subtlety I have missed, but if the original vulnerability
is not fixed, no amount of restoring backup copies is going to allow your
users to consistently access their data. A vulnerable system will inevitably
be attacked in exactly the same way, particularly if the hacker is keeping a
log of which systems have been compromised but not unlocked online.

------
dminor
Spent an hour last night on the phone with my Grandpa dealing with a fake
antivir called "ThinkPoint". Malware writers are scum.

~~~
zephyrfalcon
Ah, yes, I had to remove ThinkPoint from my wife's computer a few weeks ago.
It's not that hard, it's just a bunch of work, and requires more knowledge
than can be expected from the average computer user. Unfortunately, since I
"know about computers", this job is always for me (which doesn't really
improve my mood, or my opinion of Windows, to say the least).

I do wonder how this malware got on the PC, since she is usually careful,
doesn't use IE, doesn't download any weird stuff, runs Windows Update
regularly, etc.

------
preek
Just this weekend I helped remove a trojan from a friend's Win7 PC which
Antivir did not detect. It put itself in the registry and autostarted. From
there it set a system proxy to 127.0.0.1:40521

What it did with my friend's data, I can only suspect. But it was one of those
days that I'm glad that I use different flavours of Unix since ten years.
Using Windows (for anything) just seems so naive to me.

~~~
nhangen
The last remaining Windows box I had suffered the same fate, and when I had
finally finished removing the worm, I made a decision never to use Windows
again.

It's not that it can't be secured, but it's the most targeted platform, thus
making it a part-time job to keep it secure.

Remember the day when Anti-Virus worked?

~~~
preek
> Remember the day when Anti-Virus worked?

Actually nope. Back in the day on DOS 6 I had Microsoft AV and like half a
dozen virii on every other floppy disk. Did it ever work?

Plus: I don't get the most targeted platform thing. Everyone says that since
decades, but Macintosh now is a major player in consumer hardware and
Linux/Unix is on more servers than Windows. So why is Windows the most
targeted platform? I guess, because "it can't be secured". Sorry, nhangen(;

~~~
nhangen
OK, well I believe you. I'm just not an AV expert, so I don't want to pretend
to know anything in that realm. All I know is that my Windows box always has
worms, and I'm not an idiot when it comes to protection...that's a big issue.

