Nerd Vittles takes notice

Author	All Replies
cbrain join:2000-05-21 Silver Spring, MD Reviews: ·Future Nine Corp.. ·Google Voice ·Verizon FiOS ·DSL EXTREME	reply to tommy13v Nerd Vittles takes notice Monday, December 17, 2007 Just Say No: Hidden BOTs and Asterisk Don't Mix ... Our objection is more fundamental and goes to the existence of the tool itself and the failure to disclose it. Unfortunately, a remotely configurable BOT with root access privileges is a bit like giving someone a blank check… with your signature affixed. And it’s worse in this case because users had no notice that they were handing over the keys to their castle by installing and using trixbox. One can’t help wondering if Fonality management really grasps how dangerous such a system design is in this day and age. This isn’t about the commands that Fonality was executing. It’s about the commands that could be executed if this system were ever compromised. We have daily logs full of attempts to hack our systems using, you guessed it, remotely controlled BOTS. ... »nerdvittles.com/index.php?p=198
	to forum · permalink · 2007-12-18 00:22:02 ·

Test99 Premium join:2003-04-24 San Jose, CA kudos:1	Not Just Trixbox I recently installed a Windows port of Asterisk from this site: »www.asteriskwin32.com/ to evaluate it. The next Zone Alarm scan discovered this nasty critter: Win32.Backdoor.IRCBot.td in c:\Program Files\cygroot\bin\cygwin.dll This is the registry entry: File: C:\Program Files\cygroot\bin\cygwin1.dll Module: C:\Program Files\cygroot\bin\cygwin1.dll RegistryKey: HKEY_CURRENT_USER\Software\Cygnus Solutions RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions I'm still investigating to see what I have to do to clean the system. -- 50775@fwd.pulver.com
	to forum · permalink · 2007-12-19 16:17:24 ·
tommy13v Premium join:2002-02-15 Niskayuna NY	That DLL acts as a Linux API emulation layer providing the linux functionality.
	to forum · permalink · 2007-12-19 18:28:55 ·
Test99 Premium join:2003-04-24 San Jose, CA kudos:1	said by tommy13v: That DLL acts as a Linux API emulation layer providing the linux functionality. Understood. What's not yet clear is where it acquired the ability to take orders from Internet Relay Chat. -- 50775@fwd.pulver.com
	to forum · permalink · 2007-12-19 20:20:07 ·
B Premium,MVM join:2000-10-28	I'm betting (guessing) that it didn't, and that this is a false positive... Good luck. You could try running it by one of the multi-engine scanners (Jotti). -- B -- In a realm outside causality and function
	to forum · permalink · 2007-12-20 14:19:45 ·
Test99 Premium join:2003-04-24 San Jose, CA kudos:1	said by B: I'm betting (guessing) that it didn't, and that this is a false positive... Good suggestion. You may be right. Scans thus far have not detected any other signs of intrusion. Writing malware detection programs must be a difficult assignment. -- 50775@fwd.pulver.com
	to forum · permalink · 2007-12-20 14:46:46 ·
B Premium,MVM join:2000-10-28	Maybe, but I suspect the opposite -- that it's astonishingly EASY, at least as it's currently practiced, and that the rewards are so great that no one has to try very hard. That's why free products (from AVG to the open source ClamAV project) can perform so well, and that's why the mainstream commercial offerings (McAfee and Symantec) are such festering mounds of bloated feces, and that's why the slightest little change in code lets malware continue to slip by the overwhelming majority of "detectors". Yeah, it's a losing proposition because one person's trojan is another person's remote control feature, but that's not much excuse for today's shoddy state of affairs. When in doubt, just blame Windows. -- B -- In a realm outside causality and function
	to forum · permalink · 2007-12-20 14:56:05 ·

VOIP etc > Voice Over IP - VOIP > VOIP Tech Chat > [General] Trixbox phoning home controversy.

Not Just Trixbox