65MB Malware install - .net framework missing? not for long!

Discussion in 'other security issues & news' started by Paperghost, Mar 3, 2005.

Thread Status:
Not open for further replies.
  1. Paperghost

    Paperghost Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    5
    Yep, the bar is raised for the biggest malware install out there yet again. Words fail me with this one - dont have the .net framework on your PC to utilise the adware makers technology? No problem, they'll download it for you - without you knowing.

    Problem is, it's sixtyfive megabytes in size...

    Do yourself a favour and block anything from iowrestling.com, and broadcastpc.tv.

    Full story here.
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Thanx for the heads up Paperghost
     
  3. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Let me get this right. This malware will download 65MB without you knowing? I find it very hard to believe that many people would not notice it, especially those still on a 56k Connection.

    Jimbob
     
  4. Paperghost

    Paperghost Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    5
    Yep - been confimed by myself, Eric Howes and Ben Edelman. I'm sure Ben will post one of his videos on his site if he covers it (which im sure he will!)

    Not really an issue for dial up - more of a problem for DSL etc. There is absolutely no warning that anything is downloading except for a bit of PC chugging whilst it dls the file. Quite unbelievable.
     
  5. I alread have microsoft .net framework installed on my pc, through windows update. Do u mean, it's useless, and should be removed?
     
  6. Paperghost

    Paperghost Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    5
    No, don't remove the .NET framework if you actually use it - the big problem is that

    1) 65MB+ of your HD space is being used up without your permission to download .NET (if you don't have and / or need it)

    and

    2) An entire application framework is being installed without your permission to run programs you'd rather not have onboard. The sheer cheek of it is staggering, to say the least.

    edited - correction made due to half asleep typing action!
     
    Last edited: Mar 4, 2005
  7. WYBaugh

    WYBaugh Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    122
    Location:
    Florida
  8. Paperghost

    Paperghost Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    5
    Agreed, and if you use certain types of thinstaller, the size is reduced to as little as under 5MB once installed - the main thrust isn't the size of it whilst downloading...the size of the .NET framework to download can vary drastically depending on whether or not you get a custom-built package etc - and dont forget the service packs, of which SP1 is around 10 extra MB in size. And to someone on a capped service, 23MB IS a massive chunk of bandwidth gone. The main point is that regardless of the actual amount of bw used up (which will vary), theres a VERY large chunk of your machine being hogged to run this adware. Im actually understating the amount of HD space used up as the .NET package can total over 100MB as opposed to the 40 to 60 it usually weighs in at. However, I've tweaked the article along with the latest update addition to make it clearer that I'm mainly banging on about the size of the file once installed :)

    The post a few above this one said "65mb bandwith hosed" because by that point i'd been awake for nearly 18 hours straight and was feeling the burn somewhat after talking about this on too many sites to mention :D I've also edited that accordingly.

    (though to be fair, the article is called 65MB malware install, rather than download!)
     
    Last edited: Mar 4, 2005
  9. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Will such a download be picked up by commonly used security tools such as our firewalls?

    Jimbob
     
  10. Paperghost

    Paperghost Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    5
    Well, the network traffic (http etc) would show up in your logs, and even better if you have some sort of IDS such as Snort....though the .NET framework will still eventually just "appear" on your HD if you got nailed. The only way to know for sure would be to constantly have your connections up in front of you.

    For info, IE-Spyad blocks the domains mentioned above.
     
Loading...
Thread Status:
Not open for further replies.