Previous entries
Next entries

August 24th, 2006

Gromozon: AKA, Real Nasty Rootkit


By Chris Boyd
Contributing Writer, RealTechNews

At this point, you’re probably wondering what a “Gromozon” is. Well, sadly it’s not a monster from Star Trek - it’s actually a rather nasty domain that pumps out all manner of Adware and Rootkits:

In May 2006, users started to report strange behaviour in Windows: strange crashes at boot up, unusual reports of Antivirus software reporting heuristic detections of files they couldn’t clean, and odd files appearing on the hard drive. Source: PC Al Sicuro

We Say: I’ll refrain from cracking an oh-too-obvious “sounds like another day at the office to me” style gag and (instead) point you in the direction of this PDF Document. It shows you what the infection does, how it gets on board and (more importantly) what domain to completely avoid. Here’s a clue - it contains the word “Gromozon”…!

From incredibly detailed PDF:

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Fark
  • NewsVine
  • Reddit
  • YahooMyWeb
You can leave a comment, or trackback from your own site. RSS 2.0

36 comments to "Gromozon: AKA, Real Nasty Rootkit"

  1. MissingFrame says:

    Why can’t someone just start calling these things viruses so the writers can get jail time?

    August 24th, 2006 at 5:00 am

  2. ValuedCustomer says:

    so we should prolly go to gromozon.com for more info.. on it!

    August 24th, 2006 at 6:38 am

  3. achacha says:

    In FireFox, just Adblock “http://*.gbeb.cc/*” and you are set. Oh yeah you need FireFox and AdBlock extension (one of the best ad cleaning extension).

    August 24th, 2006 at 7:14 am

  4. Paperghost says:

    “Why can’t someone just start calling these things viruses so the writers can get jail time?”

    To be honest, it doesn’t really matter what you call it - it won’t help getting the people behind it some quality time with an overly friendly cellmate. In this case, everything from the way the attack is set up to the people hosting the thing is against you. ESTdomains are known to be Malware friendly, and here’s just one more example of the wonderful “content” they provide..

    August 24th, 2006 at 7:28 am

  5. Linux says:

    Why not get linux?

    August 24th, 2006 at 9:37 am

  6. Linux Isnt The Answer says:

    “Why not get Linux”

    Linux isn’t the answer for everything and in many cases, isn’t an option. There are security with Linux as there are with any operating system out there. A fully patched Windows box, running in a locked down User account, utilizing Firefox, and a little “EDUCATION” should be plenty to fix issues like this.

    August 24th, 2006 at 10:07 am

  7. inekam says:

    “This site is closed.
    Abuse Team”

    gromozon.com is no more

    August 24th, 2006 at 10:18 am

  8. MiRRoRMaN says:

    Linux and Mac suck ass. Amiga ownz.

    August 24th, 2006 at 10:20 am

  9. Steo says:

    Excellent Article. It is obvious a lot of time and effort went into it.

    August 24th, 2006 at 11:01 am

  10. commodore64 says:

    Phuck amigas windows and mac’s,,,,I surf the net with my commodore 64 beeeatchessss

    August 24th, 2006 at 11:13 am

  11. Atari says:

    pac-man goes awa awa awa awa

    August 24th, 2006 at 11:14 am

  12. TNT says:

    “gromozon.com/ is no more”

    Actually, it’s a completely fake message, and it’s been there for weeks. The domain is still alive and well and pushing trojans and exploits all over the place. The “site closed” message is nothing but another scam by these clowns.

    This same thing is also pointed out in the pdf as well.

    August 24th, 2006 at 11:25 am

  13. commodore64 says:

    !!!!!WARNING!!!!!!
    Your computer has been infected by spyware
    Please click here to download it

    http://swandog46.geeks2go.com/avenger.zip

    August 24th, 2006 at 11:25 am

  14. commodore64 says:

    or
    htt://www.gromozon.com

    I dare you to click it..
    double dog dare yah

    August 24th, 2006 at 11:26 am

  15. commodore64 says:

    or
    gromozon.com

    I dare you to click it..
    double dog dare yah

    August 24th, 2006 at 11:27 am

  16. smoker says:

    The best solution is just editing your HOSTS file and redirecting the gbeb.cc site to 127.0.0.1 This isn’t a reason not to use firefox and adblock, but it doesn’t mean you have to.

    August 24th, 2006 at 12:29 pm

  17. linuxuser says:

    poor windows users ;)
    ive lost count of how many security alerts/warnings ive seen relating to windows in the last few weeks, like 20? several maaajor ones , even patches opening up exploits.. its retarded

    linux is just plain better. period.
    windows for now is still more popular

    thats the only thing it has going for it. its like how we still dont use the metric system even though its better/simplier, or how we dont use alternative fuels even though they are better/cleaner/safer/renewable, tons of people still use windows even with all its flaws (to many to list)

    August 24th, 2006 at 1:11 pm

  18. Crisco says:

    Linux is not the answer for these things. if everyone was to convert to linux over night, the “bad guys” would be exploiting security holes in linux. Linux is safer right now because few people are attacking it.

    August 24th, 2006 at 2:59 pm

  19. Threepwood says:

    This is incorrect, there are far fewer exploitable holes in linux regardless of how many people use it or not. The apache webserver is another opensource project thats widely used, 2 out of every 3 websites use it. Despite the fact that its used by far more people than the Microsoft webserver, it is far more secure and has a vastly superior security record.

    Microsoft are not capable of writing quality software.

    > Linux is not the answer for these things. if everyone was to convert to
    > linux over night, the “bad guys” would be exploiting security holes in
    > linux. Linux is safer right now because few people are attacking it.

    August 24th, 2006 at 3:21 pm

  20. superdave says:

    “This is incorrect, there are far fewer exploitable holes in linux regardless of how many people use it or not. The apache webserver is another opensource project thats widely used, 2 out of every 3 websites use it. Despite the fact that its used by far more people than the Microsoft webserver, it is far more secure and has a vastly superior security record.

    Microsoft are not capable of writing quality software.”

    This is not completely correct. True, most webservers run Apache. BUT if people weren’t so dead set at bringing down Microsoft, the holes wouldn’t be exploited. I personally used both Apache and Win2K/ISA server with no problems whatsoever. Very few hackers out there spend the time hitting linux that others spend hitting microsoft. OK, microsoft is HUGE and outnumbers linux by an enormous margin, but think about the number of people trying to exploit windows vs. the number of people trying to exploit linux. The % is roughly the same. If windows has a 90% market share, they attract 90% of the hackers. No operating system or browser is 100% secure. Never will be unless you never plug the box into the wall. Use whatever you like best, I don’t care. I personally use windows because I like it. I have used Linux and it has some advantages as well as disadvantages. Much better games come with it for sure. It’s your money, your choice.

    > Linux is not the answer for these things. if everyone was to convert to
    > linux over night, the “bad guys” would be exploiting security holes in
    > linux. Linux is safer right now because few people are attacking it.

    I agree.

    August 24th, 2006 at 6:34 pm

  21. Pradeep Arya says:

    Try Ubuntu (Linux for human beings):
    http://www.ubuntu.com/

    You can download the Desktop CD, which allows you to try it out on a Windows machine without affecting the machine at all. If you don’t like Ubuntu, take out the CD and reboot the computer; simple. If you do like Ubuntu, click the icon to install it on the machine. You can decide if the machine will keep Windows or not during the install.

    This website will tell you everything you need to know about how to use Ubuntu; like installing media players, file-sharing programs, and Wine to play all of your Windows games, and any other fun stuff you do on your Windows machine.

    http://ubuntuguide.org/wiki/Dapper

    The only major differences between Windows and Linux are: With Linux, 90% of the hackers aren’t targeting you, and you are free to share the CD with your friends, family, and co-workers without legal worries.

    And, if you do run into any problems you can’t figure out, post a message on this website. You’ll find plenty of people willing to help you.

    http://www.ubuntuforums.org/

    Good luck on your first steps at being immune to Gromozon!

    August 24th, 2006 at 9:17 pm

  22. gcc says:

    I disagree with the sentiment posted above (that fewer people are attacking linux and therefore linux seems to be more secure) because it ignores the question of who is issuing the security warnings. The groups that are issuing the security warnings are professional security auditors- people whose job it is to perform penetration testing. It doesn’t stand to reason that they would allow security flaws to go unnoticed, since the more flaws they discover, the less likely it is that they will be held accountable for a successful attack. The fact is that penetration testing is penetration testing is penetration testing- bias has nothing to do with it.
    Besides, even if you accept the specious arguments about user base, the high percentage of servers running linux and unix make them prime targets, and therefore many times more likely to be attacked than the vast majority of windows desktops.

    August 24th, 2006 at 10:27 pm

  23. Vendor says:

    Speaking of Apache, … about 95% of phishing pages, which I get, are hosted on installed but yet unconfigured Apache servers. An example: http://203.188.241.118/%20/.confirm/update/cgi-bin/index.php?MfcISAPICommand=SignInFPP (still up at time of writing this). Now remove everything but the ip (http://203.188.241.118) and voila, there it sits.

    August 25th, 2006 at 12:23 am

  24. Crisco says:

    That’s an interesting rationalization but we’re not going to find penetration testing to be nearly as aggressive for Linux because Windows happens to be the “big dog” and the vast majority of the “bad guys” are trying to bring them down. Why would you put so much energy in testing a product for security holes if no one is trying to penetrate it to start with? I’m of the opinion that there just isn’t the same attention being given to Linux either in attacks or preventative testing.

    August 25th, 2006 at 8:00 am

  25. Tom says:

    Anyone saying Linux is the answer is a moron, plain and simple. Of course there aren’t many viruses or exploits to Linux because NO ONE USES IT, and therefore no one CARES TO WRITE viruses for it, plain and simple, as soon as you figure that out you won’t sound like a moron saying Linux is the answer.

    August 25th, 2006 at 9:02 am

  26. TNT says:

    Wow. This thread went to the stupid “my OS is better than yours” path really fast.

    People, Windows is not a secure system, that’s a given. Linux is probably more secure, but no cigar either. Spend your time learning how to counter these attacks instead of wasting your time on flames that go nowhere. And by the way yes, this attack target Windows, but if you believe you’re safe because you have Linux, learn about something called botnets and ddos first. Please.

    August 25th, 2006 at 3:00 pm

  27. loser says:

    Yep- “My OS beat up your OS” is lame.

    Fact is- there’s a MUCH larger base of Windows installed out there, AND Windows has more security holes than other OS’s, generally.

    Keep in mind it was built as a General Purpose OS, rather than a Purpose-Built design. This enabled it to run in a default config for most purposes, but not necessarily at best performance. It was a trade-off.

    PART of the reason Linux isn’t nailed like Win IS because of market share/penetration, but that’s not the totality of the answer. Linus is generally more secure, if merely because it hosts fewer open ports/services out of the box. One has to selectively enable a great deal of net-based services. This is a more secure approach, but remember the average user would find installing Linux (to the same level of functionality as Win) to be a little challenging. Hell, most users don’t know what right-click is, or how to edit a config file (What’s ASCII?)

    Win is here, and will be for the forseeable future. Linux is helping to change the marketplace, but is also not the be-all answer (doesn’t play all PC-based games, yet). Also, personally I’ve yet to see a management system for Enterprise installations of Linux (something akin to Tivoli/SMS/Altiris). Has anyone else? (Seriously-I haven’t really looked, so one may exist).

    So the big question is how should we approach Root-Kit problems? Education, securing our boxes (amazing what happens when you run a tool as simple as Ad-Watch, or if you want the geek approach, lock down some registry keys.)

    While I don’t agree with throwing Windows out, I do agree with getting away from Internet Exploder, and not just for security.

    Just my three-cents worth….

    August 25th, 2006 at 4:38 pm

  28. OldTimer says:

    Personally.. im going back to CPM, damn mouse cramps my fingers anyway. Or maybe I’m just being nostalgic. WFW 3.11 with Banyan Vines. That’ll do it. They’ll definately be scratching their heads.

    It doesn’t matter what OS you use, education is key. I’ve read some good posts I agree with and some I don’t. Education. The information about exploits is released onto the net, so that we can deal with it, not put a band aid on it. As I recall with the Code Red worm.. the patch had been out for quite some time but nobody paid much attention to it.. lots got screwed.. others were fine. Stuff like this, regardless of OS, will not go away.. ever. It sucks, I know. But for the majority, it can be controlled… education. We geeks are here to provide that. They write em, we block em. That’s our job boys and girls, accept it and move on. Whatever they dishout, for whatever OS, we can deal with it. The OS debatewas never valid to begin with, both have pros and cons. Period.

    August 27th, 2006 at 10:46 am

  29. Crisco says:

    As it relates to post number 27 by loser… Very well said and intelligent contribution to the thread.

    August 28th, 2006 at 5:46 pm

  30. Jacques Erasmus says:

    Hi,

    After many hours of work Prevx have released a free removal tool for the gromozon infection. This is the ONLY available tool thats fully automatic and removes ALL components of the infection.

    Link here: http://www.prevx.com/gromozon.asp

    Regards,

    Jacques

    September 1st, 2006 at 8:16 am

  31. Chris Marshall says:

    It looks like Prevx is the first to create an automated removal tool for Gromozon.

    http://www.marketwire.com/mw/release_html_b1?release_id=159395

    September 1st, 2006 at 8:31 am

  32. Ursprung Paradoxon says:

    Ursprung Paradoxon…

    news…

    June 3rd, 2007 at 4:43 pm

  33. Bloody Kisses says:

    Bloody Kisses…

    news…

    June 3rd, 2007 at 4:44 pm

  34. Art Blakey\'s Jazz Messengers W says:

    Art Blakey\’s Jazz Messengers W…

    news…

    June 6th, 2007 at 4:57 pm

  35. jakw says:

    wdefgvw gf e g sdv d v adsv dasvADSVS DV

    August 28th, 2008 at 8:44 pm

  36. jakw says:

    GO HERE

    http://dfvadsiisadv.com

    August 28th, 2008 at 8:45 pm

Leave a comment