Thread: Windows reality - The Torpig botnet and LOTS of others out here
View Single Post
  #7  
Old May 7th 09, 02:48 PM posted to microsoft.public.win98.gen_discussion
98 Guy
External Usenet User
  
Posts: 2,951
Default Windows reality - The Torpig botnet and LOTS of others out here
thanatoid wrote:

http://web17.webbpro.de/index.php?pa...sis-of-sinowal

"only XP systems are affected because..."

Viva 98!

Yes. I missed that:

--------------
Affected Systems

Only Windows XP operating systems are affected, because of the file and
mechanism dependencies of Sinowal. Sinowal includes statical signatures
to find the respective code to hook in system files; they are static and
may not be found in different file versions. Sinowal has following file
dependencies:

* Master Boot Record to be just one sector big
* ntldr
* ntoskrnl
* memory directly after ntoskrnl in memory to be free
* Partition Table may not be changed

(no mention of the atapi driver here)
---------------

In looking up information on Mebroot / Sinowal, I found many pages
showing Windows 98 in the list of vulnerable operating systems. A
continuation of stupid, misleading, ignorant or reflexive tendencies to
add Windows 98 to such lists, or a concerted effort to continue the
illusion that windows 98 is vulnerable to even the most recent exploits
and malware.

With regard to this and future malware, we will continue to see win-98
show up incorrectly on lists of affected systems, and MEB will continue
to bring the new malware to our attention - even though they do not (and
most likely will not) be operable on or compatible with windows 98.