Win32/RAMNIT.A Anyone?

Discussion in 'Virus Information' started by David Kaye, Jul 27, 2010.

  1. David Kaye

    Buffalo Guest

    Journeyman license. Never went for the Masters since I don't contract.
    Buffalo
    PS: When I ask for a liney, I usually mean a beer (Leinenkugel). :)
     
    Buffalo, Aug 4, 2010
    1. Advertisements

  2. David Kaye

    John Slade Guest

    It's like people calling powdered drink mix from Flavor
    Aid, "Kool-Aid". I'm sure we've all heard the expression,
    "Drinking the Kool-Aid" when talking about someone who follows
    something or someone blindly. Well it came from the Jim Jones
    tragedy in Jonestown, Guyana. They drank poisonded Flavor Aid
    but most people still call it Kool-Aid.

    They just wrote me an essay trying to explain why some
    people call them soldering pencils and soldering guns rather
    than irons. I've heard those expressions before, it's just a
    matter of the person's background and doesn't really mean much.

    John
     
    John Slade, Aug 4, 2010
    1. Advertisements

  3. David Kaye

    John Slade Guest

    "Virus" is both a generic term and a specific term. Why do
    you think they call the software used to clean trojans and
    worms, "Anti-Virus" software? I'm sure you don't think that they
    only clean viruses and leave trojans and worms alone. It's all a
    matter of semantics. Just about all of the major anti-malware
    vendors have products that they call Anti-Virus. This is because
    it just stuck. You're a professional and you don't know this?

    John
     
    John Slade, Aug 4, 2010
  4. David Kaye

    John Slade Guest

    "Virus" is both a generic term and a specific term. Why do
    you think they call the software used to clean trojans and
    worms, "Anti-Virus" software? I'm sure you don't think that they
    only clean viruses and leave trojans and worms alone. It's all a
    matter of semantics. Just about all of the major anti-malware
    vendors have products that they call Anti-Virus. This is because
    it just stuck. You're a professional and you don't know this?

    John
     
    John Slade, Aug 4, 2010
  5. David Kaye

    John Slade Guest

    "Virus" is both a generic term and a specific term. Why do
    you think they call the software used to clean trojans and
    worms, "Anti-Virus" software? I'm sure you don't think that they
    only clean viruses and leave trojans and worms alone. It's all a
    matter of semantics. Just about all of the major anti-malware
    vendors have products that they call Anti-Virus. This is because
    it just stuck. You're a professional and you don't know this?

    I know exactly what I'm talking about. So tell me what
    tools do you use to remove worms and trojans from computers? Are
    any of them called "Anti-Virus" software?

    I also know that words can have dual meanings.


    John
     
    John Slade, Aug 4, 2010
  6. From: "John Slade" <>





    | "Virus" is both a generic term and a specific term. Why do
    | you think they call the software used to clean trojans and
    | worms, "Anti-Virus" software? I'm sure you don't think that they
    | only clean viruses and leave trojans and worms alone. It's all a
    | matter of semantics. Just about all of the major anti-malware
    | vendors have products that they call Anti-Virus. This is because
    | it just stuck. You're a professional and you don't know this?

    Sorry John - No.

    Virus is specific and is INCORRECTLY used way too often. That's what the term malwrae is
    for.

    The reason they call anti virus software that is due to its legacy. At one time there
    were only viruses.

    Anyone who calls any/all malicious software a virus without specifically knowing what it
    is is just plain wrong.
     
    David H. Lipman, Aug 4, 2010
  7. [...]
    Generally, they call it antimalware unless it is also effective against
    viruses and worms (which are self-replicators). If it is effective
    against viruses, they call it an antivirus. Antivirus programs can also
    detect some non-replicating malware.
    Of course it is, but semantics shouldn't be a dismissive word. The
    meanings of words are *important* to effective communications.
    We all know this, and we don't like it one bit. The fact remains that
    viruses are a special case requiring more than what many antimalware
    applications are equipped to handle.
     
    FromTheRafters, Aug 4, 2010
  8. [...]
    Yes, but that is beside the point.

    Some antimalware applications rely on cryptographic hash algorithms to
    identify known malware. This doesn't work very well with some
    polymorphic self-replicating malware (viruses and worms). Some
    antimalware applications check autostart methods as a way to detect that
    malware is installed - true viruses don't need any autostart mechanism
    at all (they start when an *infected program* runs as a matter of
    course. The methods needed to detect, identify, and remove malware
    generally, and replicating malware specifically are *different*.
     
    FromTheRafters, Aug 4, 2010
  9. From: "FromTheRafters" <>

    |
    | [...]

    | Generally, they call it antimalware unless it is also effective against
    | viruses and worms (which are self-replicators). If it is effective
    | against viruses, they call it an antivirus. Antivirus programs can also
    | detect some non-replicating malware.

    | Of course it is, but semantics shouldn't be a dismissive word. The
    | meanings of words are *important* to effective communications.

    | We all know this, and we don't like it one bit. The fact remains that
    | viruses are a special case requiring more than what many antimalware
    | applications are equipped to handle.



    Eactly and is why Malwarebytes' Anti Malware (MBAM) is not an "anti virus" product. MBAM
    can NOT remove viral code such as Virut and (in this thread) Ramnit from a file that has
    prepended, inserted or appended its code to the binary.
     
    David H. Lipman, Aug 4, 2010
  10. Same sort of thing applies to crescent wrench (Crescent is a brand name
    of a very popular open end adjustaqble wrench). Crowbar is another,
    where a wrecking bar is almost always incorrectly called a crowbar.
    Dykes are a misnomer for the shortening of the tool known as a "diagonal
    cutter".

    Most people don't care about using correct terminology, and so there is
    often confusion and shouts of *mere semantics* when someone tries to
    inform them.
     
    FromTheRafters, Aug 4, 2010
  11. From: "FromTheRafters" <>


    | Same sort of thing applies to crescent wrench (Crescent is a brand name
    | of a very popular open end adjustaqble wrench). Crowbar is another,
    | where a wrecking bar is almost always incorrectly called a crowbar.
    | Dykes are a misnomer for the shortening of the tool known as a "diagonal
    | cutter".

    | Most people don't care about using correct terminology, and so there is
    | often confusion and shouts of *mere semantics* when someone tries to
    | inform them.


    Mom always told me not to be anti semantic :)
     
    David H. Lipman, Aug 4, 2010
  12. David Kaye

    RJK Guest

    ....same old hair being split again an again :)

    ....when someone dumps a system box in my lap, or pleads down the 'phone, he
    or she often suspects that "...there's a virus in it."

    :)

    regards, Richard
     
    RJK, Aug 5, 2010
  13. Calling self-replicating programs "viruses", coupled with the fact that
    almost all malware in existence at one time were indeed
    self-replicating, led to the popular lexicon's adoption of the term
    "virus" to mean the same as "malware". The idea that a computer could
    catch a cold virus is *too damned sexy* an idea for the populous to let
    go of - they 'prefer' to call any 'bad computer stuff' a virus now.

    Be that as it may, three of the groups posted to are technical in nature
    (even have "virus" in their names). Ask a question about whether a virus
    could infect a data store (no, it cannot), you might get a wrong idea
    about where *malware* can be hiding. Viruses are rather unique, and
    despite Aunt Polly's refusal to use the term *malware* - there *are*
    important differences in the terms, and people should be educated as to
    that fact.
     
    FromTheRafters, Aug 5, 2010
  14. :eek:D
     
    FromTheRafters, Aug 5, 2010
  15. From: "FromTheRafters" <>




    ::eek:D

    But then again...
    Maybe Mom meant not to be anti Symantec ;-)
     
    David H. Lipman, Aug 5, 2010
  16. David Kaye

    Dustin Guest

    The only people who think virus is a generic term are the ones who don't
    know any better and wouldn't be considered professional in my book.

    The reason virus isn't a generic term is because it describes a very
    specific function and requirement of the software to be called a virus.

    It's obvious to me atleast that you are someone who fixes computers and
    you might even do a good job of it, but you aren't deserving of the title
    professional. I do respect the knowledge you do have, but at this time, I
    wouldn't agree with your self assessment.
     
    Dustin, Aug 5, 2010
  17. In addition to being an auto-distribution method for other code, being
    self-replicating affords them the opportunity to change their appearance
    with every iteration (self-polymorphism). In this way one beast can
    result in a large number of cryptographic hashes. In addition to that,
    the code is often inserted inside the program files of other programs
    thus making detection (and hash matching) even more difficult. They are
    not unique in being polymorphic as polymorphism in other distribution
    methods such as hosting malware on a server can be achieved by
    server-side code that changes their appearance with each download.

    So, they are not unique in having the ability to change their
    appearance, and they are not unique in their ability to self-replicate
    because computer worms, bacteria, and rabbits are also self-replicating
    code examples.

    So, I felt that *rather unique* was the best choice of wording IMO.
     
    FromTheRafters, Aug 5, 2010
  18. David Kaye

    John Slade Guest

    Terminology is subject to any number of factors. It's
    perfectly correct to use "virus" when talking about trojans and
    worms. It's also perfectly correct to call all three "bugs". It
    just matters what the prevailing thinking is. Also professionals
    who actually make software that remove malware often called
    their products anti-virus software.

    John
     
    John Slade, Aug 5, 2010
  19. David Kaye

    John Slade Guest

    They call it that because it's quite common to refer to
    all malware as viurses. Been this way for decades.

    It's all a matter of who you're talking to. If the person
    wants to nitpick even though they know what a person means then
    what can you do but explain. I've worked for people who are very
    computer savvy and people who are new to computers. I use all
    the terms to describe the problem and rarely hear anyone nitpick
    about using the word "virus" to describe a trojan or worm. It's
    just acceptable.
    It seems to anger you on some level. I don't care in
    the least what they call it, as long as it does the job.

    John
     
    John Slade, Aug 5, 2010
  20. David Kaye

    John Slade Guest

    The only people who really care are the people who want too
    nitpick over a commonly accepted term to describe all malware. I
    could see this person correcting a customer that they're using a
    the wrong terminology and I can see that customer saying they
    won't call that person back because they were a nerdy asshole.
    I've seen it happen.
    This means absolutely nothing in the real world. Just an
    opinion. I don't care what you think of me or what I do. I do
    know this, I will be able to retire soon because of my work. I
    also did it all on my own, built a great reputation as a nice
    guy who wouldn't get bent out of shape because someone
    substitutes "virus" for "malware".

    A funny story. I used to work with a guy who was very
    correcting of people he worked with. He would try to make
    himself seem superior to people he worked for because he knew a
    lot about his field. He was the kind of guy that would
    repeatedly correct someone he was working for. I would work for
    some of his former customers and many of them didn't want to
    call him back because he was such an anal retentive asshole. But
    hey he just had to be "right" all the time and refused to admit
    he was wrong when he obviously was... Just a little tale to help
    you reach retirement in your field...

    John
     
    John Slade, Aug 5, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.