Comments on: We Love You, Rinbot!

By: Artem

Artem — Sun, 26 Aug 2007 13:20:47 +0000

NOD 32 is the best anyway…

By: Allen

Allen — Tue, 19 Jun 2007 02:49:17 +0000

You know, I’ve been using NOD32 for the past year, and still got infected by no less than 2 trojans, a handful of viruses, and various malware, so my experience has been that “It doesn’t work.” I even identified one of the trojans that went unidentified by sniffing my network traffic, then I put the files on a clean VM with NOD32 installed just to make sure it wasn’t a pre-existing condition (unlikely, since I installed NOD32 immediately after installing the OS) and it still didn’t detect them. THEN I sent the samples to NOD32 for analysis, and they basically said “We need your logs.” I’d wiped the logs by then, since I reinstalled the OS entirely, but they were basically devoid of any identified threat, so it was meaningless.

On the other hand, Windows Defender actually identified one trojan that NOD32 didn’t, and Windows Live OneCare identified several other trojan installers. Sophos AV identified even more. That’s not to say there aren’t significant issues with those platforms either, but NOD32 didn’t serve me well at all. I’ve been using Sophos for a week, and though it’s a bit too restrictive and processor intensive for my taste, it seems to be very effective, even going so far as to block cracks and windows hacks like the max half-open connection patch, which was somewhat annoying. It also blocked a program because it was “created with malpacker” or something, although I had little reason to question the program in question (which was indeed a hack). On the other hand, OneCare was causing bluescreens. I’d like something with the detection rate of Sophos and the configurability of NOD32.

At any rate, where network security is concerned, there’s no substitute for routinely monitoring and logging your network traffic.

By: Delbot (Rinbot) infikoval mate�skou firmu CNN

Delbot (Rinbot) infikoval mate�skou firmu CNN — Sun, 22 Apr 2007 17:11:35 +0000

[...] antivirov�ch produkt� spole�nosti Symantec. Dal�� informace naleznete pod n�sleduj�c�mi odkazy (1, 2, 3). -mho- AKTU�LN� ZPR�VY: 20.04.2007 IBM Tivoli Monitoring, p�ete�en� bufferu 20.04.2007 [...]

By: An Information Security Place » Blog Archive » Dealing with Rinbot

An Information Security Place » Blog Archive » Dealing with Rinbot — Thu, 05 Apr 2007 13:53:02 +0000

[...] a pretty cool blog post about [...]

By: Techgage

Techgage — Mon, 19 Mar 2007 17:47:07 +0000

[...] Neosmart Posted by Rob Williams on March 2, 2007 08:41 AM PST - Permalink News [...]

By: need to get new antivirus in a few weeks, whats the hottest/latest? - MyUnreal BBS

Mon, 19 Mar 2007 12:30:12 +0000

[...] is a scathing review of Norton Corporate Ed. : http://neosmart.net/blog/2007/we-love-you-rinbot/ It also mentions the once-a-week update - Rinbot is a new virus that is targetting Symantec based [...]

By: Untitled Document

Untitled Document — Sun, 18 Mar 2007 18:23:50 +0000

[...] We Love Rinbot [...]

By: Blue Dot: We Love You, Rinbot! at The NeoSmart Files

Blue Dot: We Love You, Rinbot! at The NeoSmart Files — Tue, 13 Mar 2007 13:31:44 +0000

[...] “FFFFFF”;google_color_link = “106FCE”;google_color_text = “464646″;google_color_url = “898989″; We Love You, Rinbot! at The NeoSmart Filesfreshmaker13 | Shared With: Everyone - 11 days ago | security, software, computersQuoted: Connecting [...]

By: Computer Guru

Computer Guru — Sun, 11 Mar 2007 13:28:19 +0000

Sure, all articles on The NeoSmart Files are published under the Creative Commons agreement. Our specific licensing style lets you translate articles and host them on your site so long as you let others do the same, and you link back to the original article here, and name NST as the original author.

Once you’ve translated it, please comment here or send a pingback our way, and I’ll even link your translation in the main article

By: Pozycjonowanie

Pozycjonowanie — Sun, 11 Mar 2007 11:31:36 +0000

Thanks for very interesting article. Can I translate your article into polish and publish at my webblog? I will back here and check your answer. Keep up the good work. Greetings

By: Techpodcasts.com

Techpodcasts.com — Fri, 09 Mar 2007 15:17:39 +0000

[...] Show Notes: Sony at it again! Digg Corruption CompUSA Trouble RIAA Slams Fair Use Upgrade to XP Netflix Streaming Shortcut Moon Eclipse Saturday Zune Phone? XM Billing 51gb HD-DVD Amazing Careport Apple at NAB TiVo Canceled Julie Amero Sentencing RIAA Boycott Day 1 Jobs Apple insensitive to real consumers RIAA Attacks College Students BackupHDDVD Takedown Ear Scope S3 and Scripting News Preserving Ideas Spotplex ISS Risks Gash in Atlantic Symantec Concerns [...]

By: Microsoft’s Not Like Symantec! at The NeoSmart Files

Microsoft’s Not Like Symantec! at The NeoSmart Files — Fri, 09 Mar 2007 07:08:38 +0000

[...] God, it looks like Microsoft isn’t like Symantec! Back in 2006, when Microsoft bought out software vendor Sysinternals (now Windows Sysinternals), [...]

By: Nirbot - Even Botters Need Attention · Security to the Core | Arbor Networks Security Blog

Wed, 07 Mar 2007 21:03:56 +0000

[...] We Love You, Rinbot! from the NeoSmart Files [...]

By: Computer Guru

Computer Guru — Mon, 05 Mar 2007 14:30:25 +0000

Hey MrJodie,

Don’t worry about it, I’ll add the paragraphs if you like. We’ve been slashdotted before, but never this bad (200k hits in just about 2 hours), it completely knocked the server offline.

By: MrJodie

MrJodie — Mon, 05 Mar 2007 14:19:08 +0000

Thanks, George… although, I swear that I did use paragraphs. Why the hell did they get reformatted? In fact, several of the quotes before mine had separate paragraphs when I read them before posting. I wonder if the index had to be republished. If so, it may have ditched the HTML tags. I noticed the site wasn’t accessible for a short while, yesterday.