Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

watch my back technique?

  
   Security Forums (Home) -> General Discussions RSS
Next:  bizarre text  
Author Message
teletype

External


Since: Apr 10, 2006
Posts: 2



(Msg. 1) Posted: Mon Apr 10, 2006 1:43 am
Post subject: watch my back technique?
Archived from groups: alt>comp>virus (more info?)
There is this technique now no longer rare in the parasites world, where
a few processes running in the background, and once "you" try to
terminate one of them, the other process tries to restore it
immediately. The same with deleting files.

I wonder if this technique has a name.

Telli

 >> Stay informed about: watch my back technique? 
Back to top
Login to vote
Virus Guy

External


Since: Aug 05, 2005
Posts: 424



(Msg. 2) Posted: Mon Apr 10, 2006 1:43 am
Post subject: Re: watch my back technique? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
teletype wrote:

> There is this technique where a few processes running in the
> background, and once "you" try to terminate one of them, the
> other process tries to restore it immediately. The same with
> deleting files.
>
> I wonder if this technique has a name.

Yes, the technique is called Windows XP (eXtra Processes).

XP spends a good chunk of the CPU's resources just watching itself.

Try to delete a directory called "MSN Gaming zone".

 >> Stay informed about: watch my back technique? 
Back to top
Login to vote
John Foster

External


Since: Apr 09, 2006
Posts: 1



(Msg. 3) Posted: Mon Apr 10, 2006 1:43 am
Post subject: Re: watch my back technique? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
teletype wrote:

> There is this technique now no longer rare in the parasites world,
> where a few processes running in the background, and once "you" try
> to terminate one of them, the other process tries to restore it
> immediately. The same with deleting files.
>
> I wonder if this technique has a name.
>
> Telli

I don't know, but if you type the following search phrase into Google
(with the quotes exactly as given) you'll find lots of references to
an early example. Maybe some research based on that will yield a term
for the technique. Failing that, perhaps a new name could be based on
the example...

"Robin Hood" "Friar Tuck" computer virus

HTH

John
 >> Stay informed about: watch my back technique? 
Back to top
Login to vote
edgewalker

External


Since: Apr 07, 2006
Posts: 111



(Msg. 4) Posted: Mon Apr 10, 2006 11:11 am
Post subject: Re: watch my back technique? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"teletype" <teletype DeleteThis @address.is.invalid> wrote in message news:673j329quoc1gjj639hte88do6ech5eoo9@4ax.com...
> There is this technique now no longer rare in the parasites world, where
> a few processes running in the background, and once "you" try to
> terminate one of them, the other process tries to restore it
> immediately. The same with deleting files.
>
> I wonder if this technique has a name.

Guardian.
 >> Stay informed about: watch my back technique? 
Back to top
Login to vote
Gabriele Neukam

External


Since: Sep 14, 2004
Posts: 462



(Msg. 5) Posted: Mon Apr 10, 2006 11:22 am
Post subject: Re: watch my back technique? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On that special day, John Foster, (john@address.invalid) said...

> Failing that, perhaps a new name could be based on
> the example...

Companion resurrection?


Gabriele Neukam

Gabriele.Spamfighter.Neukam.TakeThisOut@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
 >> Stay informed about: watch my back technique? 
Back to top
Login to vote
teletype

External


Since: Apr 10, 2006
Posts: 2



(Msg. 6) Posted: Mon Apr 10, 2006 10:53 pm
Post subject: Re: watch my back technique? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Sun, 09 Apr 2006 23:40:29 +0000, John Foster <john.TakeThisOut@address.invalid>
wrote:

>I don't know, but if you type the following search phrase into Google
>(with the quotes exactly as given) you'll find lots of references to
>an early example. Maybe some research based on that will yield a term
>for the technique. Failing that, perhaps a new name could be based on
>the example...
>
>"Robin Hood" "Friar Tuck" computer virus

Thank for this interesting info.

Looking for this combination of keywords, I found an article in the Sep
2002 issue of Virus Bulletin, where they mention a presentation by Peter
Szor in the 1999 conference of the Virus Bulletin, where he called this
technique "The Twins". I prefer either Gabriele Neukam's "companion
resurrection" or my "watch my back".

Telli
 >> Stay informed about: watch my back technique? 
Back to top
Login to vote
Nick FitzGerald

External


Since: Jul 03, 2003
Posts: 179



(Msg. 7) Posted: Fri Apr 21, 2006 10:17 pm
Post subject: Re: watch my back technique? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"teletype" <teletype.TakeThisOut@address.is.invalid> wrote:

> There is this technique now no longer rare in the parasites world, where
> a few processes running in the background, and once "you" try to
> terminate one of them, the other process tries to restore it
> immediately. The same with deleting files.
>
> I wonder if this technique has a name.

That is one of several techniques that falls under the general term
"guardian". I use this a fair deal, but I'd hesitate to say it is common
usage yet.


--
Nick FitzGerald
 >> Stay informed about: watch my back technique? 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
New plugin update technique ? - I was wondering if somebody use this technique to update botnets, worms or virus softwares (I am not telling i am going to do it !!!): keyservers (like hkp://subkeys.pgp.net) - there is so much space in the comments, name or email area (inside public..

My Watch-Pacman eats every virus program - Yes, I have a dangerous watch - Pacman who will eat every virus and spit out the bones. Watch-Pacmans will eat any virus.

I want an APP that gives me back control of my PC - I'm really sick of this virus stuff. Isn't there an APP that I can use with Windows XP that will not allow ANY .exe or process or anything that can cause harm to run on my PC without my express persmission first. Why is this so difficult. In the old..

Help Please BACK DOOR VIRUS'S - Hi There, I have 2 virus's Backdoor.Litmus & Backdoor.Harcomy I am womdering if anyone could give me any help in getting rid of them. I am using XP and use Norton 2002 and the life updates are not helping Any help would be appreciated ...

haxdoor.back virus - I have the haxdoor.backdoor virus on my home pc. I have norton2005 anti virus. It sees the virus and can't get rid of it. I went to the norton website and followed thier instructions to get rid of it. When I to the part to take it out of my registry...
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]