9 million PC's infected with ZeroAccess botnet

[DRK Star]

http://nakedsecurity.sophos.com/2012...naked+security


Over 9 million PCs infected - ZeroAccess botnet uncovered
Join thousands of others, and sign up for Naked Security's newsletter


by James Wyke on September 19, 2012
FILED UNDER: Featured, Malware, SophosLabs

ZeroAccess is a hugely widespread malware threat that has plagued individuals and enterprises for years. It has evolved over time to cater for new architectures and new versions of Windows.

Here at SophosLabs we have looked at previous incarnations of the ZeroAccess rootkit in depth, describing how it enslaves victim PCs, adding them to a peer-to-peer botnet which can receive commands to download further malware.

Most recently, Sophos's researchers explored how ZeroAccess took a major shift in strategy, operating entirely in user-mode memory.

Due to the continued high profile of this malware family we felt it was necessary to examine the threat in greater detail, not only the latest version of ZeroAccess, but also the ZeroAccess botnet as a whole.

SophosLabs researchers can reveal that the current version of ZeroAccess has been installed on computers over nine million times with the current number of active infected PCs numbering around one million.



ZeroAccess uses a peer-to-peer network to download plugin files which carry out various tasks designed to generate revenue for the botnet owners. Our researchers monitored this network for a period of two months to discover where in the world the peers were located and what kind of files the botnet was being instructed to download.

We found the IP addresses of infected machines from a total of 198 countries ranging from the tiny island nation of Kiribati to the Himalayan Kingdom of Bhutan, as can be seen when the infected machines are plotted on a world map:



The largest numbers of infected computers were found in the USA, Canada and Western Europe:



Our research has discovered that the ZeroAccess botnet is currently being used for two main purposes: Click fraud and Bitcoin mining.

If running at maximum capacity the ZeroAccess botnet is capable of making a staggering amount of money: in excess of $100,000 a day.

We have also reverse-engineered the mechanisms by which the ZeroAccess owners keep tabs on the botnet, and discovered an array of techniques used that are designed to bury the call-home network communications in legitimate-seeming traffic.

You can find out much more about ZeroAccess in our new technical paper - "The ZeroAccess Botnet - Mining and fraud for massive financial gain".

Read: "The ZeroAccess Botnet - Mining and fraud for massive financial gain"

[408Mike]

"Most recently, Sophos's researchers explored how ZeroAccess took a major shift in strategy, operating entirely in user-mode memory."

Yes I know this, I am trying to sanitize a couple computers I am almost 100% sure are infected with the fucking thing and I can't get rid of it.

The problem I have run into is that the fucking thing prevents me from booting any kind of recovery media, be it dban on usb or dvd, parted magic, RIP linux, UBCD you name it, nothing on usb nothing on dvd will boot. I tried booting into RAM no good, booting into live environment no good, nothing works. I consistently get the recovery distro to load and when it's almost finished I get an error stating the loopback file system (?) is unable to load and something about squash.fs not being able to mount on / (root) which is REALLY FUCKING WEIRD.

The only live media I was able to boot from is a windows 7 iso I burned and all it did was let me restore via factory image kept in Dell's recovery partition. I could not install win7 as it spit out an "this version of windows can not be restored" or something similar, when I go over today I can post screenshots and more detailed info if anyone cares. I did some research and downloaded a bunch of tools as recommended to me by a guy from bleeping computer and I intend to beat this fucking crap.

I suspect it's part bootkit, there is no other explanation for it to be dodging booting into a live environment, not one I can think of. I am not much of an expert but I'm certainly no dummy and this infection has been perplexing. It's spread around the guys network as well, disabling the cd drive on his imac and ruining two other DELL laptops that he had.

You know, I keep wondering about something- Dell has a tendency to make life difficult for anyone trying to reformat and/or reinstall windows, I'm guessing it's either the shadowed bios or the sheisty windows installation (this is done to keep costs down as they do not send you an actual windows cd, they just image your hard drive with windows and put a recovery image in a secret partition if you need it) but regardless, I have a question- what percentage of these persistent infections are DELL computers? No one is asking that, but I suspect it's a LOT. Of the infections that aren't DELL i'd wager the majority are similar to dell, companies that rig a piece of crap together as cheaply as possible and this is probably being exploited in some way.

I have plans today for a workaround, getting back on topic, and the plan is this- install win7 (or other recovery media, parted magic being my #1 as it has a kick ass version of HDPARM on it) on to an external hard drive I have, remove the hard drive from the infected laptop and boot via recovery media into RAM first, into the external hard drive second if #1 doesn't work, and from there I'll see what I can do. The hard drive that's in there now I am going to dban with a clean machine, clean meaning I know it's sanitized and it has never been on the guy's network. Once dban'd a second wiping with hdparm incouding dco restore is in order.

What scares me is #1 bootkits are fucking HARD to install and make work in general, meaning they're normally not autonomous, which (if I'm right so far) means someone has to look after the thing and keep it working. So I'm planning on starting his network over from scratch and hardening the cunting shit out of it, but not until I get the laptop and his imac thoroughly sanitized. Is it overkill to contact the ISP for a new IP address or would that be ideal? I am probably going to do it anyway, but i'd like to hear opinions.

#2 is a bios infection/hack possible here? If true, wtf am I supposed to do about THAT? Scooter once pointed me in the direction of downloading utlities the the manufacturer, but I'm fuzzy on what to do and look for.

I really get the feeling dude should shitcan most devices that have been on his network at this point, but I hate surrendering, and for now I have no plans to.

[Corrigan]

"Most recently, Sophos's researchers explored how ZeroAccess took a major shift in strategy, operating entirely in user-mode memory."

Yes I know this, I am trying to sanitize a couple computers I am almost 100% sure are infected with the fucking thing and I can't get rid of it.

The problem I have run into is that the fucking thing prevents me from booting any kind of recovery media, be it dban on usb or dvd, parted magic, RIP linux, UBCD you name it, nothing on usb nothing on dvd will boot. I tried booting into RAM no good, booting into live environment no good, nothing works. I consistently get the recovery distro to load and when it's almost finished I get an error stating the loopback file system (?) is unable to load and something about squash.fs not being able to mount on / (root) which is REALLY FUCKING WEIRD.

The only live media I was able to boot from is a windows 7 iso I burned and all it did was let me restore via factory image kept in Dell's recovery partition. I could not install win7 as it spit out an "this version of windows can not be restored" or something similar, when I go over today I can post screenshots and more detailed info if anyone cares. I did some research and downloaded a bunch of tools as recommended to me by a guy from bleeping computer and I intend to beat this fucking crap.

I suspect it's part bootkit, there is no other explanation for it to be dodging booting into a live environment, not one I can think of. I am not much of an expert but I'm certainly no dummy and this infection has been perplexing. It's spread around the guys network as well, disabling the cd drive on his imac and ruining two other DELL laptops that he had.

You know, I keep wondering about something- Dell has a tendency to make life difficult for anyone trying to reformat and/or reinstall windows, I'm guessing it's either the shadowed bios or the sheisty windows installation (this is done to keep costs down as they do not send you an actual windows cd, they just image your hard drive with windows and put a recovery image in a secret partition if you need it) but regardless, I have a question- what percentage of these persistent infections are DELL computers? No one is asking that, but I suspect it's a LOT. Of the infections that aren't DELL i'd wager the majority are similar to dell, companies that rig a piece of crap together as cheaply as possible and this is probably being exploited in some way.

I have plans today for a workaround, getting back on topic, and the plan is this- install win7 (or other recovery media, parted magic being my #1 as it has a kick ass version of HDPARM on it) on to an external hard drive I have, remove the hard drive from the infected laptop and boot via recovery media into RAM first, into the external hard drive second if #1 doesn't work, and from there I'll see what I can do. The hard drive that's in there now I am going to dban with a clean machine, clean meaning I know it's sanitized and it has never been on the guy's network. Once dban'd a second wiping with hdparm incouding dco restore is in order.

What scares me is #1 bootkits are fucking HARD to install and make work in general, meaning they're normally not autonomous, which (if I'm right so far) means someone has to look after the thing and keep it working. So I'm planning on starting his network over from scratch and hardening the cunting shit out of it, but not until I get the laptop and his imac thoroughly sanitized. Is it overkill to contact the ISP for a new IP address or would that be ideal? I am probably going to do it anyway, but i'd like to hear opinions.

#2 is a bios infection/hack possible here? If true, wtf am I supposed to do about THAT? Scooter once pointed me in the direction of downloading utlities the the manufacturer, but I'm fuzzy on what to do and look for.

I really get the feeling dude should shitcan most devices that have been on his network at this point, but I hate surrendering, and for now I have no plans to.

[Muck Ficon]

"Most recently, Sophos's researchers explored how ZeroAccess took a major shift in strategy, operating entirely in user-mode memory."

Yes I know this, I am trying to sanitize a couple computers I am almost 100% sure are infected with the fucking thing and I can't get rid of it.

The problem I have run into is that the fucking thing prevents me from booting any kind of recovery media, be it dban on usb or dvd, parted magic, RIP linux, UBCD you name it, nothing on usb nothing on dvd will boot. I tried booting into RAM no good, booting into live environment no good, nothing works. I consistently get the recovery distro to load and when it's almost finished I get an error stating the loopback file system (?) is unable to load and something about squash.fs not being able to mount on / (root) which is REALLY FUCKING WEIRD.

The only live media I was able to boot from is a windows 7 iso I burned and all it did was let me restore via factory image kept in Dell's recovery partition. I could not install win7 as it spit out an "this version of windows can not be restored" or something similar, when I go over today I can post screenshots and more detailed info if anyone cares. I did some research and downloaded a bunch of tools as recommended to me by a guy from bleeping computer and I intend to beat this fucking crap.

I suspect it's part bootkit, there is no other explanation for it to be dodging booting into a live environment, not one I can think of. I am not much of an expert but I'm certainly no dummy and this infection has been perplexing. It's spread around the guys network as well, disabling the cd drive on his imac and ruining two other DELL laptops that he had.

You know, I keep wondering about something- Dell has a tendency to make life difficult for anyone trying to reformat and/or reinstall windows, I'm guessing it's either the shadowed bios or the sheisty windows installation (this is done to keep costs down as they do not send you an actual windows cd, they just image your hard drive with windows and put a recovery image in a secret partition if you need it) but regardless, I have a question- what percentage of these persistent infections are DELL computers? No one is asking that, but I suspect it's a LOT. Of the infections that aren't DELL i'd wager the majority are similar to dell, companies that rig a piece of crap together as cheaply as possible and this is probably being exploited in some way.

I have plans today for a workaround, getting back on topic, and the plan is this- install win7 (or other recovery media, parted magic being my #1 as it has a kick ass version of HDPARM on it) on to an external hard drive I have, remove the hard drive from the infected laptop and boot via recovery media into RAM first, into the external hard drive second if #1 doesn't work, and from there I'll see what I can do. The hard drive that's in there now I am going to dban with a clean machine, clean meaning I know it's sanitized and it has never been on the guy's network. Once dban'd a second wiping with hdparm incouding dco restore is in order.

What scares me is #1 bootkits are fucking HARD to install and make work in general, meaning they're normally not autonomous, which (if I'm right so far) means someone has to look after the thing and keep it working. So I'm planning on starting his network over from scratch and hardening the cunting shit out of it, but not until I get the laptop and his imac thoroughly sanitized. Is it overkill to contact the ISP for a new IP address or would that be ideal? I am probably going to do it anyway, but i'd like to hear opinions.

#2 is a bios infection/hack possible here? If true, wtf am I supposed to do about THAT? Scooter once pointed me in the direction of downloading utlities the the manufacturer, but I'm fuzzy on what to do and look for.

I really get the feeling dude should shitcan most devices that have been on his network at this point, but I hate surrendering, and for now I have no plans to.

Nothing wrong with the computers, just the dumb ass who's trying to work on them. Why is it that EVERY computer you own or work on has some "super virus"?

[tommyt]

"Most recently, Sophos's researchers explored how ZeroAccess took a major shift in strategy, operating entirely in user-mode memory."

Yes I know this, I am trying to sanitize a couple computers I am almost 100% sure are infected with the fucking thing and I can't get rid of it.

The problem I have run into is that the fucking thing prevents me from booting any kind of recovery media, be it dban on usb or dvd, parted magic, RIP linux, UBCD you name it, nothing on usb nothing on dvd will boot. I tried booting into RAM no good, booting into live environment no good, nothing works. I consistently get the recovery distro to load and when it's almost finished I get an error stating the loopback file system (?) is unable to load and something about squash.fs not being able to mount on / (root) which is REALLY FUCKING WEIRD.

The only live media I was able to boot from is a windows 7 iso I burned and all it did was let me restore via factory image kept in Dell's recovery partition. I could not install win7 as it spit out an "this version of windows can not be restored" or something similar, when I go over today I can post screenshots and more detailed info if anyone cares. I did some research and downloaded a bunch of tools as recommended to me by a guy from bleeping computer and I intend to beat this fucking crap.

I suspect it's part bootkit, there is no other explanation for it to be dodging booting into a live environment, not one I can think of. I am not much of an expert but I'm certainly no dummy and this infection has been perplexing. It's spread around the guys network as well, disabling the cd drive on his imac and ruining two other DELL laptops that he had.

You know, I keep wondering about something- Dell has a tendency to make life difficult for anyone trying to reformat and/or reinstall windows, I'm guessing it's either the shadowed bios or the sheisty windows installation (this is done to keep costs down as they do not send you an actual windows cd, they just image your hard drive with windows and put a recovery image in a secret partition if you need it) but regardless, I have a question- what percentage of these persistent infections are DELL computers? No one is asking that, but I suspect it's a LOT. Of the infections that aren't DELL i'd wager the majority are similar to dell, companies that rig a piece of crap together as cheaply as possible and this is probably being exploited in some way.

I have plans today for a workaround, getting back on topic, and the plan is this- install win7 (or other recovery media, parted magic being my #1 as it has a kick ass version of HDPARM on it) on to an external hard drive I have, remove the hard drive from the infected laptop and boot via recovery media into RAM first, into the external hard drive second if #1 doesn't work, and from there I'll see what I can do. The hard drive that's in there now I am going to dban with a clean machine, clean meaning I know it's sanitized and it has never been on the guy's network. Once dban'd a second wiping with hdparm incouding dco restore is in order.

What scares me is #1 bootkits are fucking HARD to install and make work in general, meaning they're normally not autonomous, which (if I'm right so far) means someone has to look after the thing and keep it working. So I'm planning on starting his network over from scratch and hardening the cunting shit out of it, but not until I get the laptop and his imac thoroughly sanitized. Is it overkill to contact the ISP for a new IP address or would that be ideal? I am probably going to do it anyway, but i'd like to hear opinions.

#2 is a bios infection/hack possible here? If true, wtf am I supposed to do about THAT? Scooter once pointed me in the direction of downloading utlities the the manufacturer, but I'm fuzzy on what to do and look for.

I really get the feeling dude should shitcan most devices that have been on his network at this point, but I hate surrendering, and for now I have no plans to.

Nothing wrong with the computers, just the dumb ass who's trying to work on them. Why is it that EVERY computer you own or work on has some "super virus"?

he gives them COMP-AIDS obv.

[limitles]

Mac's are okay again?

[chinamaniac]

"Most recently, Sophos's researchers explored how ZeroAccess took a major shift in strategy, operating entirely in user-mode memory."

Yes I know this, I am trying to sanitize a couple computers I am almost 100% sure are infected with the fucking thing and I can't get rid of it.

The problem I have run into is that the fucking thing prevents me from booting any kind of recovery media, be it dban on usb or dvd, parted magic, RIP linux, UBCD you name it, nothing on usb nothing on dvd will boot. I tried booting into RAM no good, booting into live environment no good, nothing works. I consistently get the recovery distro to load and when it's almost finished I get an error stating the loopback file system (?) is unable to load and something about squash.fs not being able to mount on / (root) which is REALLY FUCKING WEIRD.

The only live media I was able to boot from is a windows 7 iso I burned and all it did was let me restore via factory image kept in Dell's recovery partition. I could not install win7 as it spit out an "this version of windows can not be restored" or something similar, when I go over today I can post screenshots and more detailed info if anyone cares. I did some research and downloaded a bunch of tools as recommended to me by a guy from bleeping computer and I intend to beat this fucking crap.

I suspect it's part bootkit, there is no other explanation for it to be dodging booting into a live environment, not one I can think of. I am not much of an expert but I'm certainly no dummy and this infection has been perplexing. It's spread around the guys network as well, disabling the cd drive on his imac and ruining two other DELL laptops that he had.

You know, I keep wondering about something- Dell has a tendency to make life difficult for anyone trying to reformat and/or reinstall windows, I'm guessing it's either the shadowed bios or the sheisty windows installation (this is done to keep costs down as they do not send you an actual windows cd, they just image your hard drive with windows and put a recovery image in a secret partition if you need it) but regardless, I have a question- what percentage of these persistent infections are DELL computers? No one is asking that, but I suspect it's a LOT. Of the infections that aren't DELL i'd wager the majority are similar to dell, companies that rig a piece of crap together as cheaply as possible and this is probably being exploited in some way.

I have plans today for a workaround, getting back on topic, and the plan is this- install win7 (or other recovery media, parted magic being my #1 as it has a kick ass version of HDPARM on it) on to an external hard drive I have, remove the hard drive from the infected laptop and boot via recovery media into RAM first, into the external hard drive second if #1 doesn't work, and from there I'll see what I can do. The hard drive that's in there now I am going to dban with a clean machine, clean meaning I know it's sanitized and it has never been on the guy's network. Once dban'd a second wiping with hdparm incouding dco restore is in order.

What scares me is #1 bootkits are fucking HARD to install and make work in general, meaning they're normally not autonomous, which (if I'm right so far) means someone has to look after the thing and keep it working. So I'm planning on starting his network over from scratch and hardening the cunting shit out of it, but not until I get the laptop and his imac thoroughly sanitized. Is it overkill to contact the ISP for a new IP address or would that be ideal? I am probably going to do it anyway, but i'd like to hear opinions.

#2 is a bios infection/hack possible here? If true, wtf am I supposed to do about THAT? Scooter once pointed me in the direction of downloading utlities the the manufacturer, but I'm fuzzy on what to do and look for.

I really get the feeling dude should shitcan most devices that have been on his network at this point, but I hate surrendering, and for now I have no plans to.

Nothing wrong with the computers, just the dumb ass who's trying to work on them. Why is it that EVERY computer you own or work on has some "super virus"?

I have always wondered this as well

[gauchojake]

Yet somehow he always has one working well enough to post his meth induced diatribes that make users want to scoop their eyeballs out with a spoon.

[408Mike]

Druff responses like the ones above are precisely why I can't keep to one site, can you blame me?

Anyway, fuck you guys, I fixed the problem, God praise parted magic and the glorious grub2 bootloader.

While I was waiting for shit to finish I helped a poor dude get windows xp loaded on his home made desktop, built piece by piece from parts he saved out of people's trash cans. Running xp 32bit perfectly, I even burned the service packs for him and installed, burned drivers and installed and presto, the guy has his first working computer since he became homeless about 8 years ago. His face said it all...

Muck and China (reallly mark, this is a low blow) obviously I will be called over to help fix a computer WITH MALWARE ON IT, though that's not always the case. I also crack passwords, reformat and install new media, configure for security, speed, or whatever else the person wants. BUT MOSTLY I WOULD BE TALKING ABOUT COMPUTERS WITH MALWARE ON THEM IN THIS, A MALWARE THREAD.

Can you really all be this dumb? Honest question. It's really getting under my skin, if that's actually intended and you are all playing stupid to troll me, bravo.

[408Mike]

To those who troll me, keep in mind I am here voluntarily, you get what I give freely never fucking forget that.

To those who actually enjoy my posts, your silence is indeed deafening, and you'll have yourselves to blame and that's the truth. Trolls are to be expected, they will always exist, but what is NOT expected nor is it ok is apathy, at least not as far as I am concerned.

[Muck Ficon]

To those who troll me, keep in mind I am here voluntarily, you get what I give freely never fucking forget that.

To those who actually enjoy my posts, your silence is indeed deafening, and you'll have yourselves to blame and that's the truth. Trolls are to be expected, they will always exist, but what is NOT expected nor is it ok is apathy, at least not as far as I am concerned.

[chinamaniac]

Druff responses like the ones above are precisely why I can't keep to one site, can you blame me?

Anyway, fuck you guys, I fixed the problem, God praise parted magic and the glorious grub2 bootloader.

While I was waiting for shit to finish I helped a poor dude get windows xp loaded on his home made desktop, built piece by piece from parts he saved out of people's trash cans. Running xp 32bit perfectly, I even burned the service packs for him and installed, burned drivers and installed and presto, the guy has his first working computer since he became homeless about 8 years ago. His face said it all...

Muck and China (reallly mark, this is a low blow) obviously I will be called over to help fix a computer WITH MALWARE ON IT, though that's not always the case. I also crack passwords, reformat and install new media, configure for security, speed, or whatever else the person wants. BUT MOSTLY I WOULD BE TALKING ABOUT COMPUTERS WITH MALWARE ON THEM IN THIS, A MALWARE THREAD.

Can you really all be this dumb? Honest question. It's really getting under my skin, if that's actually intended and you are all playing stupid to troll me, bravo.

Ok Mike, I really didn't understand if you kept getting these viruses over and over and over. If they are other peoples PCS you are working on then that makes sense. I think I got hammered with one virus really hard a couple years ago on a laptop but that piece of shit was ready to go anyways. So all in all I think I have had 4 or 5 machines in 11 years.

1. First one ran well for a while but I knew 0 about security and eventually it got fried by a virus but it didn't have much life left

2. Laptop fried by some virus but I got many many miles out of the thing

Both of the above were lacking virus protection

3. PC, I put virus protection on it and the thing ran like brand new. Never infected and I have since upgraded

4. New Super PC - 0 problems

5. Laptop - 0 problems


Bottom line is if you run a decent security program and don't fuck with things you shouldn't then you will be ok. Or just get a Mac

[408Mike]

Druff responses like the ones above are precisely why I can't keep to one site, can you blame me?

Anyway, fuck you guys, I fixed the problem, God praise parted magic and the glorious grub2 bootloader.

While I was waiting for shit to finish I helped a poor dude get windows xp loaded on his home made desktop, built piece by piece from parts he saved out of people's trash cans. Running xp 32bit perfectly, I even burned the service packs for him and installed, burned drivers and installed and presto, the guy has his first working computer since he became homeless about 8 years ago. His face said it all...

Muck and China (reallly mark, this is a low blow) obviously I will be called over to help fix a computer WITH MALWARE ON IT, though that's not always the case. I also crack passwords, reformat and install new media, configure for security, speed, or whatever else the person wants. BUT MOSTLY I WOULD BE TALKING ABOUT COMPUTERS WITH MALWARE ON THEM IN THIS, A MALWARE THREAD.

Can you really all be this dumb? Honest question. It's really getting under my skin, if that's actually intended and you are all playing stupid to troll me, bravo.

Ok Mike, I really didn't understand if you kept getting these viruses over and over and over. If they are other peoples PCS you are working on then that makes sense. I think I got hammered with one virus really hard a couple years ago on a laptop but that piece of shit was ready to go anyways. So all in all I think I have had 4 or 5 machines in 11 years.

1. First one ran well for a while but I knew 0 about security and eventually it got fried by a virus but it didn't have much life left

2. Laptop fried by some virus but I got many many miles out of the thing

Both of the above were lacking virus protection

3. PC, I put virus protection on it and the thing ran like brand new. Never infected and I have since upgraded

4. New Super PC - 0 problems

5. Laptop - 0 problems


Bottom line is if you run a decent security program and don't fuck with things you shouldn't then you will be ok. Or just get a Mac

It's like you hardly read a word I wrote. After noticing Druff do the same thing, and all the comments on skatz, Tine no bullshit this once, is it true?

[DRK Star]

Mike,

seriously man, you are spending an obscene amount of time telling stories when people over here (including you) have no idea who your audience is.

why do you spend so much time telling people here about your daily trials and tribulations?

[sonatine]

To those who troll me, keep in mind I am here voluntarily, you get what I give freely never fucking forget that.

To those who actually enjoy my posts, your silence is indeed deafening, and you'll have yourselves to blame and that's the truth. Trolls are to be expected, they will always exist, but what is NOT expected nor is it ok is apathy, at least not as far as I am concerned.

no one enjoys your posts.

even to those of us who love train wrecks, your novelty is long gone; we feel like recreational fans of horror movies forced to sit and watch open heart surgery every time you log on.

even your manic depressive cycles have become tedious and predictable.

soon youll start writing about how down on your luck you are and how you might have to finally join the navy.

then youll tell us how you actually work 3 jobs which sounds great but impacts your ability to efficiently farm your neighbors garbage for cigarette butts.

then youll tell us how youre all better now because you got into a mental health outreach program.

then youll tell us how lucky you are scooter took the time to make you well enough to get the help you so richly desire.

then youll do a fat rail and spend all night posting on pfa.

then youll PM everyone on skatz and tell them how the sites dead.

then youll actually read the responses on pfa to your last round of contributions, enter Butt Hurt Maximum Level, log off and retire to your shed to feed your pet black widow spiders your tears, and then when you think youve been gone long enough and everyone must miss you, youll come back to tell us how down on your luck you are and how you might have to finally join the navy.

rinse, wash, repeat. again.

[Muck Ficon]

To those who troll me, keep in mind I am here voluntarily, you get what I give freely never fucking forget that.

To those who actually enjoy my posts, your silence is indeed deafening, and you'll have yourselves to blame and that's the truth. Trolls are to be expected, they will always exist, but what is NOT expected nor is it ok is apathy, at least not as far as I am concerned.

no one enjoys your posts.

even to those of us who love train wrecks, your novelty is long gone; we feel like recreational fans of horror movies forced to sit and watch open heart surgery every time you log on.

even your manic depressive cycles have become tedious and predictable.

soon youll start writing about how down on your luck you are and how you might have to finally join the navy.

then youll tell us how you actually work 3 jobs which sounds great but impacts your ability to efficiently farm your neighbors garbage for cigarette butts.

then youll tell us how youre all better now because you got into a mental health outreach program.

then youll tell us how lucky you are scooter took the time to make you well enough to get the help you so richly desire.

then youll do a fat rail and spend all night posting on pfa.

then youll PM everyone on skatz and tell them how the sites dead.

then youll actually read the responses on pfa to your last round of contributions, enter Butt Hurt Maximum Level, log off and retire to your shed to feed your pet black widow spiders your tears, and then when you think youve been gone long enough and everyone must miss you, youll come back to tell us how down on your luck you are and how you might have to finally join the navy.

rinse, wash, repeat. again.

[408Mike]

To those who troll me, keep in mind I am here voluntarily, you get what I give freely never fucking forget that.

To those who actually enjoy my posts, your silence is indeed deafening, and you'll have yourselves to blame and that's the truth. Trolls are to be expected, they will always exist, but what is NOT expected nor is it ok is apathy, at least not as far as I am concerned.

no one enjoys your posts.

even to those of us who love train wrecks, your novelty is long gone; we feel like recreational fans of horror movies forced to sit and watch open heart surgery every time you log on.

even your manic depressive cycles have become tedious and predictable.

soon youll start writing about how down on your luck you are and how you might have to finally join the navy.

then youll tell us how you actually work 3 jobs which sounds great but impacts your ability to efficiently farm your neighbors garbage for cigarette butts.

then youll tell us how youre all better now because you got into a mental health outreach program.

then youll tell us how lucky you are scooter took the time to make you well enough to get the help you so richly desire.

then youll do a fat rail and spend all night posting on pfa.

then youll PM everyone on skatz and tell them how the sites dead.

then youll actually read the responses on pfa to your last round of contributions, enter Butt Hurt Maximum Level, log off and retire to your shed to feed your pet black widow spiders your tears, and then when you think youve been gone long enough and everyone must miss you, youll come back to tell us how down on your luck you are and how you might have to finally join the navy.

rinse, wash, repeat. again.

WOW that's harsh bro

[408Mike]

Mike,

seriously man, you are spending an obscene amount of time telling stories when people over here (including you) have no idea who your audience is.

why do you spend so much time telling people here about your daily trials and tribulations?

Ah good point, my bad. I had been blogging at one point and it helped a LOT in terms of relieving anxiety and such. If I dont blog, I blog here instead of posting, and in all honesty I don't mean to do it.

I also wanted to get some kind of malware discussion going (didn't you?)

my mistake I guess.

[408Mike]

no one enjoys your posts.

even to those of us who love train wrecks, your novelty is long gone; we feel like recreational fans of horror movies forced to sit and watch open heart surgery every time you log on.

even your manic depressive cycles have become tedious and predictable.

soon youll start writing about how down on your luck you are and how you might have to finally join the navy.

then youll tell us how you actually work 3 jobs which sounds great but impacts your ability to efficiently farm your neighbors garbage for cigarette butts.

then youll tell us how youre all better now because you got into a mental health outreach program.

then youll tell us how lucky you are scooter took the time to make you well enough to get the help you so richly desire.

then youll do a fat rail and spend all night posting on pfa.

then youll PM everyone on skatz and tell them how the sites dead.

then youll actually read the responses on pfa to your last round of contributions, enter Butt Hurt Maximum Level, log off and retire to your shed to feed your pet black widow spiders your tears, and then when you think youve been gone long enough and everyone must miss you, youll come back to tell us how down on your luck you are and how you might have to finally join the navy.

rinse, wash, repeat. again.

if you knew how much of his trolling me flies right over your heard you'd be drawing a lot less attention to yourself right about now.

[408Mike]

Good technical paper written on the infection:

http://sophosnews.files.wordpress.co...eroaccess2.pdf <---download as pdf


http://nakedsecurity.sophos.com/zeroaccess2/ <---view online as html