From brand new laptop to infected by pressing 'on'

From brand new laptop to infected by pressing 'on'.

-- Tom

 

Hm! An interesting article, indeed! Thx.

It mentions the origin of the malware as 3322.org in China. So I looked it up: http://whois.domaintools.com/3322.org

...and found this:

"Name Server:NS3.MICROSOFTINTERNETSAFETY.NET
Name Server:NS4.MICROSOFTINTERNETSAFETY.NET"

I'm a bit concerned about MS -- of all companies -- getting/being involved in Internet security. Their track record is not exactly 'stellar' in this respect! OK! I'm not 'a bit', I'm 'a lot' concerned about MS in the security field!

Any thoughts, anyone?

 

I looked 3322.org up as well and it wasn't MS see insert

IP Addresses Report



Created by using IPNetInfo

Order 1 IP Address 61.160.239.28 Country China Network Name CHINANET-JS Owner Name CHINANET jiangsu province network From IP 61.160.0.0 To IP 61.160.255.255 Contact Name Chinanet Hostmaster Address No.31
jingrong street
beijing
100032
Email anti-spam@ns.chinanet.cn.net Abuse Email abuse@jsinfo.net Whois Source APNIC Host Name 3322.org Resolved Name

 

Just the name server I found was MS. Here's something else I found. It's a map and MS shows up not two, but three times. If I only knew what it all meant!!

http://www.robtex.com/dns/3322.org.html#graph

[Edit.1] You have to click the 'Graph' link at top-of-screen.[/Edit.1]

[Edit.2] Just for fun: http://www.robtex.com/dns/google.com.html#graph only I still don't know what it all means. ;o) [/Edit.2]

 

Microsoft finds malware hidden in new computers in China

Microsoft finds malware hidden in new computers in China

Microsoft made this statement

 

ESET's David Harley weighs in:
http://blog.eset.com/2012/09/14/nitol-you-will-never-break-the-chain

 

It doesn't matter much where the DNS translater systems lives as long as it gives you the correct country and range of IP addresses for the site.

There is no doubt the site is in China.

For me personally I block the whole country. That way when the bad guys move to another rouge server in China I'm still blocking them.

 

Sure. Any new pc pre-loaded with Windows should be wiped and re-installed. This would not only eliminate possible malware, but also all the crapware that gets installed by vendors such as HP or Sony, to name a few.

There's also, depending upon one's needs, Linux as a possible option. Ubuntu 12.04 is really nice

 

Agreed. Wipe new laptops ALWAYS. You don't know what's been put on there by the time it finished the production line and you receive it. The amount of bloatware and crap put on Laptops these days is huge, seriously get rid of the crap.

 

yeah but while for most of us doing this is not too difficult, 99% of other people may find this too technical.

 

interesting

 

You're right, it's not a "mainstream" thought process. Most people who buy a laptop are thinking nothing more than antivirus when it comes to security.

 

Microsoft Reaches Settlement with Defendants in Nitol Case

Article.

Also see:
Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT

 

It needs to change then, you can only trust software you get from a well respected uncompromised source you download yourself.

 

Bingo.
Mrk

 

I don't think you get a pure-Windows installation disk when you buy a computer. Normally, these days, it's some sort of recovery CD or partition which includes all the trash.
So while a great idea, it's not practical.

 

It doesn't help that the end-user version of Windows has gone from being licensed for 3 machines by (Windows XP Home) to being licensed for one and only one (Windows 7 Home Premium). The "family pack" version doesn't cost a whole lot more, but that still puts a bit of a damper on the idea of wiping the disks and installing the unadulterated MS version.

 

Most laptops come with a recovery partition. This usually has crap like Adobe Reader 8 and other security holes like outdated browser or flash.

 

When I get a new PC, Adobe is the first thing I delete.

I'm also very discerning about what I put on it, abiding by the "less is more" route for all software.

I'm not sure, though, that I can yet wrap my head around the idea of making the first action be reinstalling the OS. It would have to be way more practical than it is now. Easier to check out the system thoroughly in the first few days and if it is suspect, do an exchange ASAP with the vendor.

 

It depends on whom you buy your computer from. In my case, a local PC shop always delivers all installation disks with the computer as they are an approved vendor.

-- Tom