FBI wipes Chinese PlugX malware from over 4,000 US computers

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

f1assistance

f1assistance

Well-known member
Apr 17, 2024
84
8
Holly Springs, NC
f1a.us
WTH? Doesn't this unsolicited action by the FBI prove that all systems and their "perimeter defenses" in the united states ineffective? :oops::oops::oops:

https://www.bleepingcomputer.com/ne...e-plugx-malware-from-over-4-000-us-computers/
"The FBI is now notifying the owners of U.S.-based computers that have been cleaned of the PlugX infection through their internet service providers and says the action didn't collect information from or impact the disinfected devices in any way."
 
Unsure what your concern is. Unskilled users allowed their PC to get infected with malware that left open a command and control infrastructure which "the good guys" used to send a script to kill the malware through. Basically they told the malware to self-destruct using its own communications back end. The running malware kept open the back channel link through any routers/firewalls and the good guys just send a final message through it.
 
Last edited:
PHolder said:
Unsure what your concern is. Unskilled users allowed their PC to get infected with malware that left open a command and control infrastructure which "the good guys" used to send a script to kill the malware through. Basically they told the malware to self-destruct using its own communications back end.
Click to expand...
You might want to re-think your argument...two wrongs don't make a right. But that's besides the point...
 
f1assistance said:
re-think your argument
Click to expand...
It's not my argument--you're the one being argumentative here. I merely explained why there is no additional security concern that the government is able to magically walk through defences like you implied. The correctness or not of what they did was not part of your initial argument, and was not something I made any claims about. The facts are they (the government agencies) are doing things they think are improving the security of the infrastructure and thus are in my estimation "the good guys" as opposed to the people spreading the malware and then using it for lord knows what.
 
I recall many years ago a discussion on SecurityNow about just this sort of thing. Would it be legal for a good guy to release a malware killer, that leverages the vulnerability that said malware creates, to kill the malware. As I recall, at the time, the person in question chose to NOT release said malware killer because of the risk of being prosecuted for leveraging a vulnerability that changes computer systems not his own.
 
Fuzzball said:
I recall many years ago a discussion on SecurityNow about just this sort of thing. Would it be legal for a good guy to release a malware killer, that leverages the vulnerability that said malware creates, to kill the malware. As I recall, at the time, the person in question chose to NOT release said malware killer because of the risk of being prosecuted for leveraging a vulnerability that changes computer systems not his own.
Click to expand...
Anyone (especially the State) reaching within my perimeter/endpoint defense(s) without permission to do anything (benevolent or not) is very concerning. Snowden and Wikileaks revealed to the world the State's 3 letter agency(s) malevolent and not to be trusted. :mad::mad::mad:
 
In this case, your defense was already broken. What you're complaining about here would be the same is if a burglar broke your door to steal from your house, but the police happened to see this action, walked into your house to stop the burglar, but you're mad at the police for walking into your house without permission, and you're outright ignoring the fact your house isn't secure because the burglar broke the door in the first place.
 
  • Like
Reactions: hyperbole and PHolder
miquelfire said:
In this case, your defense was already broken. What you're complaining about here would be the same is if a burglar broke your door to steal from your house, but the police happened to see this action, walked into your house to stop the burglar, but you're mad at the police for walking into your house without permission, and you're outright ignoring the fact your house isn't secure because the burglar broke the door in the first place.
Click to expand...
I would argue the user's "defense" wasn't initially broken, but they (user) ignorantly/unknowingly launched the malicious payload to be installed/run on their endpoint by either an email, attachment or opening a link which executed the malevolent code...all actions have consequences. The fact a 3 letter agency affected someones endpoint device without the user's action/permission is my concern. Yes?

P.S. Ransomware doesn't attack...it's launched!
 
If malicious software is running, it has the capability to disable or otherwise work around any defences you thought you had working. It's as simple as opening a channel to the back end command and control server. The FBI simply took over this back end server, they didn't take over your computer... it was already taken over.
 
  • Like
Reactions: hyperbole
PHolder said:
If malicious software is running, it has the capability to disable or otherwise work around any defences you thought you had working. It's as simple as opening a channel to the back end command and control server. The FBI simply took over this back end server, they didn't take over your computer... it was already taken over.
Click to expand...
Would you agree the user, while unaware of the consequence, gave permission (allowed) for the said "malicious" software to run on their endpoint with either an ignorant download and/or inadvisable click of the mouse, and their defenses are still doing what they're 'advertised' to do (i.e., prevent "unwanted" code from being executed on their endpoint)?
Should "security" software running on an endpoint(s) prevent the user from doing what they intend or want, because their 'program' knows better and what's best for the user, and user's shouldn't be responsible for your binary actions?
And again, the initial question is; should 3 letter agencies (e.g., FBI) have the potential to remotely affect any code (malevolent or not) running on any endpoint without permission from the user?
If the answer to the above question is "yes", than our 'perimeter defenses' are ineffective as I initially asked. and the 4A irrelevant in our binary realm.
 
Last edited:
f1assistance said:
Should "security" software running on an endpoint(s) prevent the user from doing what they intend or want
Click to expand...
By your own faulty logic, the user caused or allowed said software to be installed... so obviously by that logic they should be prevented from even owning a computer to begin with. /sarcasm
 
PHolder said:
By your own faulty logic, the user caused or allowed said software to be installed... so obviously by that logic they should be prevented from even owning a computer to begin with. /sarcasm
Click to expand...
D'oh! Of course in 2025 the endpoint user's 'clicks' are NOT responsible for any device compromise...they were "cyberattacked!" ;););)

"49 percent of those surveyed report having experienced a cyberattack in the past year."

Enterprises under growing pressure to demonstrate readiness for cyber threats
 
Last edited:
This event clearly shows that the notorious ransomware doesn't "attack", but is launched with a simple click of a mouse. Social Engineering has been successful 100% of the time, because users (and it only takes one) are known to have been conditioned the weakest link since the beginning of computing. We've been setup and Punk'd! by science...EZ-PZ.

Notorious crooks broke into a company network in 48 minutes. Here’s how.
 
You must log in or register to reply here.

Similar threads

iSecurityGuru
Beware! Critical Apple bug wipes out passkeys
Replies
2
Views
1K
Security
iSecurityGuru
iSecurityGuru
D
Privacy Badger from the latest security now
Replies
8
Views
2K
Security
SeanBZA
S
gvlx
How the curl team handled "CVE-2024-9681: HSTS subdomain overwrites parent cache entry"
Replies
0
Views
331
Security
gvlx
gvlx
rfrazier
Letter from Lastpass about "incident"
Replies
10
Views
2K
Security
Ralph
R
bevhoward
scanning usb sticks for malware
Replies
6
Views
1K
Security
PHolder
P
Top Bottom
Back