The Firing Line Forums

Go Back   The Firing Line Forums > Forum Support > Site Questions and Tech Support (NO FIREARMS QUESTIONS)

Reply
 
Thread Tools Search this Thread
Old March 23, 2002, 03:07 PM   #1
yankytrash
Senior Member
 
Join Date: April 17, 2001
Location: Farnham, Va
Posts: 2,183
Stealth Boot B Virus

Rich -

I read your anouncement in General that said:
"We're not certain, though we know it's not foul play. We suspect that the bump/grind/drop of round trip shipping has damaged a hardware component:
- The errors are all boot errors.
- The unit simply hangs up on recognizing the ethernet card.
- Given time to cool down, the server comes up...most of the time.

We are going to be replacing all cooling fans and the ethernet card and see what that does."

Boot errors and ethernet hangs are symptomatic of a Stealth Boot B Virus. For Linux, there may be another version of it, but it's a virus that infects the master boot record.

I've run across her many times, back when I was running an FTP server. It is, indeed, set by bandwidth stealers ("bounce" attacks) so they can get your re-configuration setups. Very hard to quarantine properly, being a master boot record virus. It moves when messed with. You think you got it, but it re-surfaces after it cinches up it's bootstraps.

You're heating up and killing ethernet first because of the extra work the machine is doing. To this day, I don't know how to monitor it's activity. Ethernet cards and modems are always the first to go. I suspect they are the most fragile of computer components, since they seem to fall victim first. A network administrotor friend of mine found that Western Digital drives were also very fragile to the over-activity. I don't particularly care for the WD's, so I can't confirm that claim.

Infects all new hard drives/removable drives inserted into the machine, the instant the disk starts spinning. I've defeated it by backing up to CD's. For some reason, she don't know how to get into CD's. Then killboot (fill the mbr with 0's). Completely erases the hard drive, including anyhting lingering in the mbr.

With the staggering archives of TFL, I'm not sure what your work-around would be. CD's back-up would be a terribly daunting task. Maybe back up to hard drives previously formatted to NTFS on a clean machine that's never had contact with any computers that have had access to the TFL files? She don't like NTFS either, because the virus is so out-dated.

We're talkin about an ancient virus here. IIRC, it's early 90's era, but still effective with no good cure, like cancer.

Not a Linux guru, so I can't tell you how the NTFS-to-Linux would work. If I'm not mistaken, it might be a non-issue.

Check into it. I'm almost certain that's your ailment.
__________________
Right turn, Clyde.
yankytrash is offline  
Old March 23, 2002, 04:08 PM   #2
Jason Demond
Senior Member
 
Join Date: May 9, 1999
Location: Mivonks, Michigan
Posts: 1,846
I hope that's not the problem!!
__________________
"ACCEPT NOTHING LESS THAN FULL VICTORY!"
General Dwight D. Eisenhower June 6, 1944
ΜΟΛΩΝ ΛΑΒΕ!
Jason Demond is offline  
Old March 23, 2002, 04:42 PM   #3
Rich Lucibella
Staff
 
Join Date: October 6, 1998
Location: South Florida
Posts: 10,229
I believe the Stealth Boot family is only a risk to MicroShaft's OS's.
We're on Linux.
Rich
__________________
S.W.A.T. Magazine
Weapons, Training and Tactics for the Real World
Join us at TFL or at AR15.com or on Facebook
Rich Lucibella is offline  
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 02:15 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
This site and contents, including all posts, Copyright © 1998-2021 S.W.A.T. Magazine
Copyright Complaints: Please direct DMCA Takedown Notices to the registered agent: thefiringline.com
Page generated in 0.04661 seconds with 8 queries