MS AntiSpyware beta compromised

the Register:

<Q>
The first piece of malware to attack Microsoft's new prototype
anti-spyware product has emerged. The BankAsh-A Trojan disables
Microsoft AntiSpyware Beta in an attempt to suppress any warning
messages the package might display. It also deletes files within the
program's folder. Unlike other items of malware, BankAsh-A makes no
attempt to turn off anti-virus apps.

The main function of BankAsh-A is to steal online banking
passwords...
</Q>

Rest of article:
<http://www.theregister.co.uk/2005/02/09/banking_trojan/>

 

which is exactly why anyone who uses windows has to be a fool.

 

Well, without getting into another "us vs them" thing.......

Anyone that installs a beta version of ANYTHING in a live environment
is indeed truly a fool.

--

 

Which is also why anyone who does online-banking is extremely foolish.


Divine

 

As is anyone who crosses the road.

 

why is using online banking extremely foolish?
or are you meaning in the context of running a compromised windows box
and doing online banking?

if so, then surely the same applies for any compromised machine, no
matter which OS.

 

add in the idiots who get inside a flying machine.. certifiable they are!

 

sorry,
which is exactly why I use it, as soon as an issues is identified, its
fixed...
not 'role back to verson x.x.x.x' or thats why I use x release causes
its got a bette y then z version

 

All you have to do is click on File/ Check for Updates...

 

I am foolish then. Watch out if you use telephone banking someone could be
listening in too. Also keep an eye out for fake/modified ATMs...

The internet is dangerous (especially to fools). I am starting a movement
to get it banned.

 

Yes - agreed.

There are any number of servers between a desktop and the bank's server -
and any or all of them could be sniffing for useful data - encrypted or
otherwise. And unless you have a *very* large encryption key it won't take
too long for some of the fast computers now available to crack the key and
harvest the information.

Using a Windows box only makes the harvesting much easier.

I have a gigabit ethernet switch which is capable of creating on one port
an exact duplicate of everything being sent to another particular port -
and without anyone knowing that anything was happening.

The Internet is quite simply an insecure medium, and encryption only stops
the innocent and the not bright/rich enough.

Remember - that the police have the ability to silently snoop on anything
and everything to do with the Internet.


Divine