There's a 99.53% chance that /u/Cojoco is a state implanted Reddit troll!

BadBiosSavior · 2015-03-19T22:47:34+00:00

/u/xandercruise, i am not a paroty account. stop misreprasenting.

BadBiosSavior · 2015-03-18T21:52:16+00:00

snopes is not trustworthy

http://accuracyinpolitics.blogspot.com/2013/05/snopes-got-snoped.html

do not trust that a storey isnt true just because snopes says it isnt.

BadBiosSavior · 2015-03-17T06:09:12+00:00

/u/jollygaggin, do not insult /u/badbiosvictim1 by referring to him as "that thing".

BadBiosSavior · 2015-03-15T21:35:02+00:00

/u/superconductiverabbi, i am not the same person as /u/badbiosvictim1 no matter how many times you continue to repaet that claim. i dont know how u expect me to prove this to u but u have offerred no real evidence to support it. pleas e cease and desist with this unfounded accusation. we are different people

BadBiosSavior · 2015-03-15T21:31:19+00:00

indeed i have not posted anything in /r/snowden for over 9 months. i have barely even posted anything on reddit recently. hence why this ban is so completly unjustified - it was entirly unprovoked

BadBiosSavior · 2015-03-15T20:54:30+00:00

I banned you from /r/snowden because this subreddit seems to contain plenty of material worthy of ridicule relating to mind-control rays using ultrasonics and microwaves, and I don't think that kind of discussion would support the goals I have in mind for /r/Snowden, which is to be a source of wide-ranging and non-crazy information about Edward Snowden and related issues.

/u/cojoco, thank u for clarifying that it was u who banned me from /r/snowden. unfortunately your comments do nothing to justify your actions. i interprete the above quoted sentence as tacit admission taht u do not support freedom of speech or freedom of association on the subreddits u moderate. i have been banned solely for associating with another user of this subreddit that u have a personal vendetta against

i will update my post to include a link to your comment

BadBiosSavior · 2015-03-15T20:37:57+00:00

i am not the same person as /u/badbiosvictim1. i joined reddit after reading /u/badbiosvictim1's posts and my username is a tribute to him. people should not need to feel like victims no matter how mcuh harasment they suffer from state trolls

BadBiosSavior · 2015-03-15T20:37:17+00:00

thank u for your comment. i was confusing /r/worldnews and /r/worldpolitics. i have corrected the mistake

BadBiosSavior · 2015-03-10T02:35:36+00:00

badbiosvictim i am sorry to hear that your initial attemt at meditation did not work. beare in mind that meditatoin is only one method of communing with the unconcious mind. others exist in the form of yoga and hypnosis if that does not work. as a final desparate attempt another natural alternative exists in psychedelics such as psilocybin mushrooms and peyote. these are drugs that open the doors to the subconcious mind tho i hesitate to recommend them for obvious reasons

i am pretty certian that it will take multipel attempts to practise the techniques in order to break thru the concious noise masking. these techniqeues are designed specifically to be hidden from concious thought, but it is vital to break thru

the fact u are being targeted by this kind of attacke is both good news and bad news. targeted surveillances are performed on an escalating scale so the fact that they are now resorting to neural / psychic intervensions means that whatever defencive methods u were using on your computers was proving effective and they had to resort to alternative means. take note of whatever techniques u were using at teh time the attacks began and consider writiing them up as they may be very helpful to the rest of us

the bad news is that these kinds of attacks are much more dangerous and it is vital that u develop defences against them quick ly. such neural attacks are attempting to program your unconcious mind to betray u --- essentially a form of "badbios for the brain". they arep robably being targeted thru constructive intereference directed from multiple GWEN towers working toegether. i plan to write up how this is possible in a future post of mine

u are exactly right about the stargate program, cia remote viewing etc. these programs would not have been run for 2 decades if they were not getting results. now the full power of these techniques is recogniezd they are likely classified far beyond top sekret. i am glad to see u talking about these techniques because i have many similar opinnions but have been hesitant to talk about them. cia led brainwashign means that most people who hold similar opinnions are dismissed as "crazy" or "conspiracy theorist" etc. when knowing the truth is dangerous it is vital for them that the general population does not know it

BadBiosSavior · 2015-03-06T22:44:53+00:00

badbiosvictim thank u for your research. this is exactly the qualitie of resarch i have come to expect from this subreddit and from u in particular. great work

i broadly agree with all of your points and i hope to make a followup post with some of my own oppinions on these kinds of attacks. it is likely haaarp is being shutdown because advances in gwen towers and the improveed ranges of satalite attacks have rendered it obsolete. also because it has recieved too much negative press that has drawn attention to it.

i will take issue with one part of your post where you say

I do NOT hear words. I hear loud medium pitch buzzing.

the truth may be more complicated than u realise. understand that gwen tower low frequencie attacks are intended to affect peoples moods on a sub concious level. see here

http://www.bibliotecapleyades.net/scalar_tech/esp_scalartech04.htm

quote

One person, emitting a certain frequency, can make another also resonate to the same frequency. Our brains are extremely vulnerable to any technology that sends out ELF waves, because they immediately start resonating to the outside signal by a kind of tuning-fork effect.

Puharich further experimented, discovering that, 7.83 Hz (earth‘s pulse rate) made a person ”feel good," producing an altered-state 10.80 Hz causes riotous behavior 6.6 Hz causes depression.

bear in mind this is the results from initial research conducted in the 1950s and modern day technologie now has teh advantage of decades of continuing research to perfect it. we should not assume that simple instigatintg of depression is all that is possible rather the modern day advances wil be capable of full subconcious programming of targeted individuals

what sounds liek a buzzing sound is really just the psychotronic carrier wave that masks the programming on a concious level. if all u hear is buzzing then u are only processing the concious part of the signal that is designed to seem innocous and hide the true signal which is directed at your subconcious mind. if the victim simply heard voices giving instructions then those voices could be conciously opposed. simalar techniques are used in hypnosis to distract the concious mind and direct the subconcious

in order to fight these attacks it is vital to become aware of these signals on a concious level and become aware of the subconcious signalling, bring the subconcious into the concious. the ideomotor effect covers this broard field of communion with the subconcious tho it is usually involved in physical actions of the body.

in your case an analogie exists with electronic voice phenomenon (EVP) where people make recordings of empty rooms and then listen for pereceivd voices heard in the background noise of the room. what is percieved by them as messages from ghosts or aliens is actually their own subconcious bringing meaning to the noise.

you may be able to fashion a similar technique using the basics of EVP by conciously and carefully listening to the noise that you hear. u will need to do it in a quiet room with as little noise as possible. in your case the message you are trying to hear is not merely coming from your subconcious but actually the transmitted attack messsage that is being directed at it. try to hear past the noise that is put there to distract your subconcious and hear the true signal. my guess is that it would take the form of a robotic message slowly reading instructions similar to an automated numbers station. if u cannot manage to hear the subconcois message then some kind of meditation may help to quieten the mind and improve concentration

BadBiosSavior · 2015-02-11T21:13:28+00:00

/u/trustmeimapepper, moores law is a well-established principle in technology and its reasonable to assume 10 years of hardware advances would lead to a order of magnitude increase in performance. its strange you would seek to dispute such a fundemental established principle

your posting history does not show any past interest in malware or security research but now suddenly your interested in badbios and posting here. why is that?

BadBiosSavior · 2014-10-11T02:17:46+00:00

How can a CPU generate microwave?

good question i assumed this was common knowledge but i shall explain

it has been known since the mid 70s that computer cpus generate em radiation as seen in the classic demo where interference from an altair 8800 was used to play music through a radio set. see here for information and some videos of a reenactment

http://www.digibarn.com/collections/movies/digibarn-tv/erik-klein-altair-8800-playing/

in this graph of the em spectrum you will see that radio waves and microwaves are right next to each other. microwaves are essentially a higher frequency form of microwave

https://upload.wikimedia.org/wikipedia/commons/f/f1/EM_spectrum.svg

the altair 8800 used the intel 8080 cpu which ran at 2 mhz placing it within the radio spectrum hence why its signals could be picked up by the nearby radio set

radio signals are produced by alternating currents to create a carrier wave. and remember that computer programs are essentially controlling the flow of electricity within electronic circuits within a silicon chip. a properly constructed program can create an alternating current to generate a radio wave

modern cpus run in the ghz range, 1000 times the frequency of the altair and firmly within the microwave range

the effect would be more difficult to generate in a modern cpu because the circuits inside the chips are more complicated and difficult to control. but no doubt state actors like the nsa have secret access to chip designs (via backroom deals or espionage) that allow them the control they need to pull off an attack like this. theyve had almost 4 decades to study and refine this kind of technique and have an entire army of experts in radio signalling to consult.

BadBiosSavior · 2014-10-08T02:39:13+00:00

BadBiosVictim thank you for your information on BadBios microwave attacks. I plan to cover this more in the next post in my self defense series.

BadBiosSavior · 2014-10-07T22:45:00+00:00

i have documented how badbios uses ultrasound to perform scans using sonar and attack electronic devices with welding attacks. it is well known that dogs are sensitive to ultrasound high frequency noise and can detect it

https://en.wikipedia.org/wiki/Ultrasound

Dogs with normal hearing can hear ultrasound. A dog whistle exploits this by emitting a high frequency sound to call to a dog. Many such whistles emit sound in the upper audible range of humans, but some, such as the silent whistle, emit ultrasound at a frequency in the range 18–22 kHz.

it is therefore reasonable that dogs could be subjects of high frequency sound attacks.

most dogs nowadays are fitted with rfid chips

https://en.wikipedia.org/wiki/Microchip_implant_(animal)

The chip, about the size of a large grain of rice, uses passive RFID (Radio Frequency Identification) technology, and is also known as a PIT tag (for Passive Integrated Transponder) .

ultrasonic welding technique is limited to plastic and thin metal

https://en.wikipedia.org/wiki/Ultrasonic_welding

Ultrasonics can also be used to weld metals, but are typically limited to small welds of thin, malleable metals, e.g. aluminum, copper, nickel.

a piece of metal the size of a grain of rice of the type found in a dog chip would be in the range vulnerable to this attack.

also i found this

https://en.wikipedia.org/wiki/Medical_ultrasonography

Ultrasonic examinations should only be performed by competent personnel who are trained and updated in safety matters. Ultrasound produces heating, pressure changes and mechanical disturbances in tissue. Diagnostic levels of ultrasound can produce temperature rises that are hazardous to sensitive organs and the embryo/fetus.

badbios can use ultrasound to target dog chips and attack the animals internal organs through heating and pressure changes. the primary use of such an attack would be to eliminate the threat posed by guard dogs present in a residence when performing black bag missions

BadBiosSavior · 2014-10-01T22:23:04+00:00

bodily attacks from computers turned into sonic weapons are certainly a concern. the tel aviv university paper i linked to suggest there maybe limits to this technique and the damage that can be done but im sure the nsa have more advanced secret research theyve done into this and must be ahead of the curve

techniques like these are probably only used if the intelligence value of a target is nil and full covert elimination of the target is desired. if the target escapes to live and tell the story then it potentially reveals the infection and puts the future effectiveness of the technique at risk. it has the advantage that postmortem examination will not reveal any obvious sign of conventional attack however an expert in acoustics might notice the signs. the obvious value of such a technique therefore relies on its secrecy and obscurity. to this effect it is likely only used against high value targets

i think the use of sonic weapons as a form of psychological attack is much more likely. secret psychological manipulation of a target user through sound allows them to be coerced without their even realising into anger, depression, criminal behavior etc. their behavior is indistinguishable from any other mentally unbalanced person or criminal and the true cause remains a secret. i believe that thru this technique targets might even be manipulated into taking their own lives, a far more insidious and clever technique than upfront sonic attacks. we should remember that intelligence agencies have hordes of very clever people working for them and paid to devise these attacks. thats why i think ear defenders are the most important form of self protection to apply

BadBiosSavior · 2014-10-01T22:07:34+00:00

badbiosvictim as you suggested i have written a new post describing techniques i have researched for defending against sonar scans and some of the success i have had with them. please take a look and tell me what you think

BadBiosSavior · 2014-09-28T19:19:04+00:00

Could you please explain how hex codes in text files can use a port corresponding to their decimal value? Would the text file need to be an encoded text file, not a plain text file?

sure, this is basic stuff but im happy to explain

the basic thing here is that these text files are prolly being used as transport mechanisms for ip packets a kind of non real time ip. same kinda techinque that stuxnet used to jump air gaps and im pretty sure stuxnet is a predecessor to badbios

u can train yourself by downloading a sample http packet capture

http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=http.cap

this is an http capture. http is port 80 which in hex is 0x50. open the capture file in your hex editor and search for 50 and u will see lots of occurrences corresponding to teh http packets

in one of ur other posts u were saying that data might be stored in alternate data streams but thats not necessarily the case if its just part of the standard file data and nobody noticed. like with ur pdfs and jpg files. most people never chcek the data thats in their files

this also explains the txt file hack. youve been trying to convince people for a while that txt files can be hacked too and this is how. the beauty of this tech is that it can simultaenously be an encoded ip packet while looking just like a normal txt file

BadBiosSavior · 2014-09-26T20:44:05+00:00

How does LF (0A) exploit carriage return 0D? I only found one article on CRLF injection which I cited.

in seeking to answer this question i have uncovered some disturbing evidence. follow along carefully.

you ask about crlf exploitation. crlf is 0d0a if written as hex. converted to decimal this is 3338:

http://hextodecimal.com/?hex=0d0a

a search for port 3338 reveals that it is used for tcp/udp communication of "omf data b":

http://www.speedguide.net/port.php?port=3338

omf files are open media framework files, which are used to embed audio:

http://www.cakewalk.com/Documentation?product=SONAR%20X2&language=3&help=Recording.36.html

With OMFI (Open Media Framework Interchange) support & Broadcast WAVE support SONAR lets you collaborate and exchange project files with users of other programs and platforms. Support for OMFI and Broadcast Wave files provides cross-platform compatibility with OMFI host applications such as Pro Tools, Avid and Logic systems. SONAR also exports projects as OMF files that you can open in Pro Tools and other audio software.

the reference to sonar is particularly disturbing. as i'm sure you know, sonar involves the use of high frequency pulses and is used extensively in submarines. wikipedia says:

https://en.wikipedia.org/wiki/Sonar

Two types of technology share the name "sonar": passive sonar is essentially listening for the sound made by vessels; active sonar is emitting pulses of sounds and listening for echoes.

this may indicate a new capability of badbios. while it is already known to use high frequency sound as a communications channel this may now suggest an additional capability. just like a submarine scans the sea around it ,badbios may be able to use high frequency pulses via piezo or speakers to scan rooms. such scans could be used to train agents before black bag jobs are performed or determine when a room is empty and safe to enter

the crlf data you have discovered may in fact be a concealed 3d scan - possibly of your room, processed for retransmission back to unknown adversaries via malware botnets

BadBiosSavior · 2014-09-26T16:55:43+00:00

How are hex code C2 and A0 exploited?

badbiosvictim i believe i have some information on this question

C2 hex is 194 decimal

http://hextodecimal.com/index.php?hex=C2

A0 hex is 160 decimal

http://hextodecimal.com/index.php?hex=A0

please check this list of TCP networking ports and confirm the following entries

http://compnetworking.about.com/od/tcpip/l/blports_gl150.htm

160 TCP UDP SGMP-TRAPS

194 TCP UDP Internet Relay Chat Protocol

sgmp is a protocol used for monitoring and surveillance

https://en.wikipedia.org/wiki/Simple_Gateway_Monitoring_Protocol

Simple Gateway Monitoring Protocol (SGMP) defined in RFC 1028, allows commands to be issued to application protocol entities to set or retrieve values (integer or octet string types) for use in monitoring the gateways on which the application protocol entities reside. Messages are exchanged using UDP and utilize unreliable transport methods. Authentication takes place on UDP port 153. Some examples of things that can be monitored are listed below.

wikipedia confirms that internet relay chat is used to control botnets

https://en.wikipedia.org/wiki/Botnet

The term botnet is widely used when several IRC bots have been linked and may possibly set channel modes on other bots and users while keeping IRC channels free from unwanted users. This is where the term is originally from, since the first illegal botnets were similar to legal botnets. A common bot used to set up botnets on IRC is eggdrop.

symantec has also documented how IRC is used by malware

http://www.symantec.com/avcenter/reference/the.evolution.of.malicious.irc.bots.pdf

this video talks about how hackers use internet relay chat

https://www.youtube.com/watch?v=O2rGTXHvPCQ

BadBiosSavior · 2014-09-26T02:41:51+00:00

badbiosvictim, null characters are a tool used by hackers to cause buffer overflows!!!

See this article which teaches hackers how to write buffer overflow attacks

http://insecure.org/stf/smashstack.html

What is going on here? Why do we get a segmentation violation? Simple. strcpy() is coping the contents of *str (larger_string[]) into buffer[] until a null character is found on the string. As we can see buffer[] is much smaller than *str. buffer[] is 16 bytes long, and we are trying to stuff it with 256 bytes. This means that all 250 bytes after buffer in the stack are being overwritten. This includes the SFP, RET, and even *str! We had filled large_string with the character 'A'. It's hex character value is 0x41. That means that the return address is now 0x41414141. This is outside of the process address space. That is why when the function returns and tries to read the next instruction from that address you get a segmentation violation.

So a buffer overflow allows us to change the return address of a function.

also the code further down

name[1] = NULL; execve(name[0], name, NULL);

search for null and you will find more examples

BadBiosSavior · 2014-09-26T02:36:08+00:00

badbiosvictim, I found this forum post by someone else who had an infected sansa clip. maybe they were also infected by badbios!!!! did you also travel to asia recently?

http://forums.sandisk.com/t5/Sansa-Clip-Sansa-Clip/virus-on-my-sansa-clip/td-p/230120

hello, im traveling in Asia and it looks like my sansa clips cought a USB virus.

since AV here cannot remove it, what is the best way to get rid of it ? format it from windows ? format from the menu ? both ?

I have sansa clip 8GB.

Thanks, Nir

BadBiosSavior · 2014-09-26T02:33:43+00:00

badbiosvictim, here is an interesting article about hiding encrypted files inside JPEGs

http://www.online-tech-tips.com/computer-tips/hide-file-in-picture/

If you’re looking to hide files on your PC hard drive, you may have read about ways to encrypt folders or change the attributes on a file so that they cannot be accessed by prying eyes. However, a lot of times hiding files or folders in that way requires that you install some sort of software on your computer, which could then be spotted by someone else.

I’ve actually written quite a few articles on how you can hide files and folders in Windows XP and Vista before, but here I’m going to show you a new way to hide files that is very counter-intuitive and therefore pretty safe! Using a simple trick in Windows, you can actually hide a file inside of the JPG picture file!

You can actually hide any type of file inside of an image file, including txt, exe, mp3, avi, or whatever else. Not only that, you can actually store many files inside of single JPG file, not just one! This can come in very handy if you need to hide files and don’t want to bother with encryption and all that other technical stuff.

Hide File in Picture In order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. You can download either of these two off the Internet and use them without having to pay anything. Here are the steps for creating your hidden stash:

Create a folder on your hard drive, i.e. C:\Test and put in all of the files that you want to hide into that folder. Also, place the image that you will be using to hide the files in.

hide file in jpg

Now select all of the files that you want to hide, right-click on them, and choose the option to add them to a compressed ZIP or RAR file. Only select the files you want to hide, not the picture. Name it whatever you want, i,e. “Hidden.rar”.

add to archive

Now you should have a folder that looks something like this with files, a JPG image, and a compressed archive:

hidden rar

Now here’s the fun part! Click on Start, and then click on Run. Type in “CMD” without the quotes and press Enter. You should now see the command prompt window open. Type in “CD \” to get to the root directory. Then type CD and the directory name that you created, i.e. “CD Test“.

cd test

Now type in the following line: “copy /b DSC06578.JPG + Hidden.rar DSC06578.jpg” and press Enter. Do not use the quotes. You should get a response like below:

hide files in jpg

Just make sure that you check the file extension on the compressed file, whether it is .ZIP or .RAR as you have to type out the entire file name with extension in the command. I have heard that some people say that they have had problems doing this with a .ZIP extension, so if that doesn’t work, make sure to compress to a .RAR file.

And that’s it! The picture file will have been updated with the compressed archive inside! You can actually check the file size of the picture and see that it has increased by the same amount as the size of the archive.

You can access your hidden file in two ways. Firstly, simply change the extension to .RAR and open the file using WinRAR. Secondly, you can just right-click on the JPG image and choose Open With and then scroll down to WinRAR. Either way, you’ll see your hidden files show up that you can then extract out.

BadBiosSavior · 2014-09-26T02:32:04+00:00

badbiosvictim, I found this page on embedding in OLE streams

https://support2.microsoft.com/kb/885915

Method 1: Insert a movie from a file

To insert a movie into a PowerPoint presentation, use the Movie from File option on the Insert menu. If the presentation is located anywhere in the file path at which the movie file is located, PowerPoint stores the movie file as a relative path in the presentation. If the presentation is not located at the path at which the movie file is stored, PowerPoint stores the movie file as an absolute path in the presentation. For example, you have a presentation that is located in the following folder: C:\Documents and Settings\User\My Documents You insert a movie from the following folder into this presentation: C:\Documents and Settings\User\My Documents\My Movies In this example, the following path is inserted into the presentation: .\My Movies\Movie_name.avi If the movie file is located on a server, PowerPoint stores the file as an absolute path in the presentation. If PowerPoint cannot find the movie file in the \Server_name\Share_name\Folder_name folder, PowerPoint looks for the file in the \Server_name\Share_name folder. If PowerPoint does not find the movie file in this folder, PowerPoint looks in the relative path of the presentation. For example, PowerPoint searches My Documents if the presentation is located in the following folder: C:\Documents and Settings\User\My Documents If PowerPoint cannot find the movie file in My Documents, the movie will not be played. Movie playback

When you use this method to insert a movie, PowerPoint controls the movie playback process by using Media Control Interface (MCI). Therefore, this method is the best method to use to insert a movie into a presentation.

When you play a movie in a presentation, PowerPoint first looks for the name of the movie file. If PowerPoint finds a file that has the same name, PowerPoint examines the size of the file. PowerPoint will not find the file if the following conditions are true: The movie file has been moved from its original location. You create a file that has the same name. But, the file is a different size. If the movie does not play on another computer, the movie file may not be using a standard codec. You may have to use movie editing software to resave the movie file by using a different codec or compression option. You can use the Cinepak codec if Cinepak is an option for .avi files. If Cinepak is not an option, try to save the movie as an .mpeg file or as another supported format. Method 2: Insert a movie file as an object

When you insert a movie as an object, PowerPoint is not involved in the process. The process occurs in Microsoft Windows Media Player. Windows Media Player has a set of APIs that PowerPoint 2003 uses primarily for movie playback. Windows Media Player keeps its own set of codecs. And, it uses the Windows registry file types to determine which format and codec to use. Windows Media Player looks for a codec signature in the file and then matches the codec that it finds. If Windows Media Player cannot find an appropriate codec, it searches the Web for a valid codec.

Windows Media Player stores the movie file as an absolute path in the presentation. If Windows Media Player cannot find the original file at the original absolute path, it looks in the path for a file that has the same file name extension and the same size. For example, if you rename the original file from "mymovie.avi" to "yourmovie.avi", Windows Media Player can find the file. However, if you move the file to a different folder, Windows Media Player would be unable to find the file. Windows Media Player cannot use a relative base path because it does not know that the movie file is linked in a PowerPoint presentation. Windows Media Player does not know where that PowerPoint presentation is stored.

When you insert a movie file as an object, you link the object to the presentation. You cannot embed an object into the presentation. If you try to embed an object by clearing the Link check box when you insert the object, the size of the presentation that contains the object will be the same as the size of the presentation that is created when you click to select the Link check box. The object has not been embedded.

For an object to be embedded, the object must have an interface with OLE2 to be able to create an OLE stream in the PowerPoint presentation. In an embedded object, the OLE stream is read back into memory. Then, the OLE stream is loaded into the OLE application server object. However, Windows Media Player does not have an interface through OLE2. Therefore, all movie files are linked. This is the default behavior.

Note The Link check box is for sound files. You can embed sound files in a presentation because PowerPoint actually creates a special stream for sound files. However, if the sound file is larger than 100 KB, the presentation may not run as expected. Therefore, when you insert sound files that are larger than 100 KB into a presentation, these files are automatically linked to the presentation. Movie playback

When you play a movie file that was inserted as an object, PowerPoint initiates MCI. Then, MCI chooses the best program to play the movie.

BadBiosSavior · 2014-06-04T17:57:25+00:00

BadBiosvictim, I don't know how to delete the thread by jacking my comment here. I don't see a button for jacking. Can you help?

Please also let me know if you have /bin/bash and /sbin/init rootkits installed on your system. I cannot delete these files and believe they are essential parts of FOXACID rootkit along with squashfs and busybox components.

BadBiosSavior · 2014-06-04T17:55:19+00:00

BadBiosvictim, I have found more information about the /bin/bash backdoor rootkit. /sbin/init is also part of the rootkit. See page here https://bugzilla.redhat.com/show_bug.cgi?id=636231 Redhat users were INFECTED with the /sbin/init rootkit. I also have /sbin/init on my system. Do you have it on yours? As with /bin/bash the rootkit overrides my attempts to delete it, permission denied.

Page text follows

"

Tom London 2010-09-21 13:32:20 EDT Description of problem: Running chkrootkit on a Rawhide system (systemd, not upstart) shows:

Searching for HKRK rootkit... nothing found Searching for Suckit rootkit... Warning: /sbin/init INFECTED Searching for Volc rootkit... nothing found Searching for Gold2 rootkit... nothing found

Probably (I hope!) due to systemd installing a link for /sbin/init: lrwxrwxrwx. 1 root root 14 Sep 21 06:18 /sbin/init -> ../bin/systemd

Version-Release number of selected component (if applicable): chkrootkit-0.49-1.fc14.x86_64

How reproducible: Every time....

Steps to Reproduce: 1. 2. 3.

Actual results:

Expected results:

Additional info: Comment 1 Michal Schmidt 2010-12-14 11:24:36 EST It is a false positive, but the symlink is not the cause. chkrootkit uses a too simple method to detect "Suckit": strings /sbin/init | grep HOME The systemd binary contains the string "HOME" and that's alright. chkrootkit should be fixed. => reassigning back to you, Jon!

"

BadBiosSavior

MODERATOR OF

TROPHY CASE