Hey guys, I wanted to share this with you and hear your suggestions/opinions about this:
"In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine...."
Shellcode - Wikipedia, the free encyclopedia
Cracker's Choice
"....Buffer overflow has become one of the preferred attack methods for writers of viruses and Trojan horse programs....
QuickStudy: Buffer Overflow
On Windows Server 2008/Vista computers, it reduces the protection level of the computer, as it modifies the level of the Mandatory Integrity Control (MIC), leaving it low..."
Scanned with Avast, didn't find a thing, Malwarebytes results were (scanned and with a-squared after malwarebytes, nothing):
Trojan.Hiloti
Date spotted:
First seen on 2008-12-25.
Last seen on 2010-02-26.
Detection statistics:
This object is 0.05% of all objects detected.
1,403,342 instances detected worldwide.
Malwarebytes.org
Hiloti is a Trojan which downloads to the affected computer the adware detected as Lop.
Additionally, when users access through the Firefox browser certain websites related to search engines, they are redirected to malicious websites from which more malware will be downloaded.
What is Trojan Hiloti. Encyclopedia. Panda Security
Now, can that trojan be somehow connected with this buffer overflow attack, or something went wrong with defense+? Was reading on Comodo's forums, didn't find conclusive answer.
When clicked terminate (on the defense+ pop up window) was expecting explorer.exe to be killed, but nothing happened,hm.
The question remains, was the trojan responsible for that shellcode injection, defense+ got something wrong, randomly happened...?
Anyway, I've re imaged system partition, just to be on the safe side, I've lost 10-15 min of my time, it isn't that much I suppose (I've spent more time scanning then re imaging,huh) After that, I was still paranoid, so I've scanned again with Malwarebytes, and guess what? I don't have a clean image...:shock: So, for the conclusion, who ever reads this post, ALWAYS BEFORE CREATING IMAGE BE AT LEAST 100% SURE THAT YOUR SYSTEM IS CLEAN, ALWAYS.
cheers
P.S I apologize if the post is kind of too long, I just wanted to provide information
"In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine...."
Shellcode - Wikipedia, the free encyclopedia
Cracker's Choice
"....Buffer overflow has become one of the preferred attack methods for writers of viruses and Trojan horse programs....
QuickStudy: Buffer Overflow
On Windows Server 2008/Vista computers, it reduces the protection level of the computer, as it modifies the level of the Mandatory Integrity Control (MIC), leaving it low..."
Scanned with Avast, didn't find a thing, Malwarebytes results were (scanned and with a-squared after malwarebytes, nothing):
Trojan.Hiloti
Date spotted:
First seen on 2008-12-25.
Last seen on 2010-02-26.
Detection statistics:
This object is 0.05% of all objects detected.
1,403,342 instances detected worldwide.
Malwarebytes.org
Hiloti is a Trojan which downloads to the affected computer the adware detected as Lop.
Additionally, when users access through the Firefox browser certain websites related to search engines, they are redirected to malicious websites from which more malware will be downloaded.
What is Trojan Hiloti. Encyclopedia. Panda Security
Now, can that trojan be somehow connected with this buffer overflow attack, or something went wrong with defense+? Was reading on Comodo's forums, didn't find conclusive answer.
When clicked terminate (on the defense+ pop up window) was expecting explorer.exe to be killed, but nothing happened,hm.
The question remains, was the trojan responsible for that shellcode injection, defense+ got something wrong, randomly happened...?
Anyway, I've re imaged system partition, just to be on the safe side, I've lost 10-15 min of my time, it isn't that much I suppose (I've spent more time scanning then re imaging,huh) After that, I was still paranoid, so I've scanned again with Malwarebytes, and guess what? I don't have a clean image...:shock: So, for the conclusion, who ever reads this post, ALWAYS BEFORE CREATING IMAGE BE AT LEAST 100% SURE THAT YOUR SYSTEM IS CLEAN, ALWAYS.
cheers
P.S I apologize if the post is kind of too long, I just wanted to provide information
My Computer
- Computer Manufacturer/Model Number
- Micro-Star International/MS-7529
- OS
- Windows 7 Ultimate x32
- CPU
- DualCore Intel Pentium E2200, 2218 MHz (11 x 202)
- Motherboard
- MSI G31M3 V2 (MS-7529) (2 PCI, 1 PCI-E x16,2 DDR2 DIMM)
- Memory
- 2 GB DDR2-800 DDR2 SDRAM
- Graphics Card(s)
- nVIDIA GeForce 9500GT 1GB
- Sound Card
- Realtek ALC888/1200 @ Intel 82801GB ICH7
- Monitor(s) Displays
- Samsung SyncMaster 2253BW (Digital) 22'' LCD
- Screen Resolution
- 1680x1050
- Hard Drives
- SAMSUNG HD322IJ ATA Device (298 GB , IDE)
And I still don't now was that comodo's defense+ warning caused by hiloti, or something else...anyway, no hiloti now.