OT; IP address?

Well something simple like

that the controllers are using python which isn't likely to be running on windows. Nor are they likely to be using their own machines as that would get them caught.

The following, which you quoted, but apparently failed to grasp.

Thes serervs are r=unning linux. The clients are to a man windozePC's

Its a shame u dont understand what you read.

But then, you never did.

Vulnerable unix machines are public hosting servers. Not joe bloggs at home with his desktop. Of necessity these machines have actual customer upload facilities, and very open access. And are not maintained by the owners of the software upon them. Any sysadmin can open a door for cash.

Or by mistake.

Running behind a NAT router at home, is a vastly different proposition.

But then, that means nothing to you, because not much does.

Yep - none of the Linux systems were infected with viruses; they were installed for the purpose of controlling the virus. Interesting that the virus writers knew better than to use Windows themselves ;-) The virus infects and lives in the NTFS filesystem drivers on Windows.

Ebay and PayPal send very few e-mails, even to registered users, IME. What you are probably receiving are e-mails purporting to be from them (phishing). Genuine PayPal e-mails will always address you by your registered name, not "dear paypal user" or similar.

The simple answer is NEVER click on a link in any such e-mails, nor cut and paste links into your browser. ALWAYS access them via you browser by typing in the URL or using a known good favourite link.

No problems with either.

MBQ

Not so. Ebay regularly send out details of special offers. But this may be an option. Just be wary of any that require you to click on a link and log in.

Really? Not just an FS filter or such? Never heard of such a thing. Do you have a link?

Andy

This is dennis the moron you're asking there. I wouldn't bother holding your breath.

it's not just the NTFS drivers, it's also the network drivers, so its behaviour (and existance) is invisible to virus scanners, network snoopers, and firewalls running in the same system looking at the filesystem or at network activity. It also hooks into the kernel's registry support, to hide its registry settings.

Basically, it runs entirely in the kernel, and the kernel components seem to do a good job of hiding its existance, in addition to actually deploying the payload. After all, once you're in the kernel, you can make sure any virus scanner is only seeing a sanitised version of the system with any evidence of the virus removed from anything outside of itself. Of course, virus scanners catch up once the scanning companies have worked out what its doing and how it works.

Well as you are agreeing with what I said I suppose you don't actually have a clue what you are saying. But then, you never did and, probably, never will.

Yet again we have viruses singled out as being the problem and not the users failing to understand security. I expect you are a linux user and think you are safe just because you use linux.

Hi huge, feeling well enough to put in an appearance I see. Keep taking the pills as you are still posting cr@p.

Well, we're just responding to your suggestion that a Linux system was somehow being subverted into spreading this virus, which wasn't the case. The Linux systems were setup for this sole purpose, and were not in any way compromised.

Not a single Linux system installed here (although it does happen occasionally when I need to work on one).

I didn't say it was compromised by a virus. I said it was compromised and that linux is not secure as many linux user like to claim, some may even believe it too. Which is why linux users that understand vulnerabilities always appear to like bringing virii into the argument, just to try and deflect the uninformed from actually understanding that linux is vulnerable to various attacks.

No they are frequently compromised systems that user doesn't know is being used for the purpose. It would be easy to stop the attacks if they were using their own machines as well as being easy to identify and arrest them.

So which system are you running knews on then?

Well it wasn't.

That may be true (I don't know what security linux users like to claim), but in the example you provided, no linux systems were hacked, compromised, infected, etc.

No, they were a set of 25 Itanium Linux systems in McColo's hosting centre in San Jose, hired for the purpose.

McColo allegedly specialised in hosting services which would be difficult to take down. I would expect you can just buy the service from anywhere around the world (as with any hosting centre), so identity and arrest is easily avoided.

a20$ uname -a SunOS a20 5.11 snv_125 i86pc i386 i86pc a20$

(i.e. Solaris)

Knews should build and run on any unix with Motif libraries (or Motif-compatible libraries in the case of Linux).

Fascinating. Clever B***rs aren't they!

Andy