• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

HiJackThis Log Experts - At your service!

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Fri Mar 04, 2005 2:09 am    Post subject: HiJackThis Log Experts - At your service! Reply with quote

HiJackThis Log Experts – At your service! is a wonderful short article highlighting our very own S.M.A.R.T. team's efforts to assist the community in fighting malware.

However, I'm certain that not very many members of SFDC actually realize just what type of training these people go through to become members of S.M.A.R.T..

Is it really difficult to learn how to rid one's PC of malware?
Back to top
View user's profile Send private message Visit poster's website
Sid
New Member
New Member


Joined: 04 Jun 2004
Posts: 28
Location: Kansas

Offline

PostPosted: Fri Mar 04, 2005 2:14 am    Post subject: Re: HiJackThis Log Experts - At your service! Reply with quote

PCWriter wrote:
Is it really difficult to learn how to rid one's PC of malware?


No, I have been a SMART Trainee for a while now, and let me be the first to say that it is anything but hard. You work at your own pace, there are practice logs for you to work through, and if you are ever in doubt, you can PM a fellow SMART Member and get thee required assistance. It does however take patience and dedication, as sometimes you get those logs that just dont wanna be fixed Laughing
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Fri Mar 04, 2005 3:12 am    Post subject: Reply with quote

Hmmm...I would agree that it is not too difficult, at least once you get a feel for what to look for. That usually comes after a few hundred logs. The intriguing part is that you rarely have the same situation twice, and until you have a body of experience to draw from, it can be a little daunting. Then there are the times that you are faced with a new piece of malware (malicious software) that resists everything you throw at it. That's where the rest of the malware fighting community comes together, with experts from every walk of life getting together and trying to find a solution that is easy enough for a novice user to follow.

The biggest surprise to most trainees, I think, is the amount of time it takes to get a handle on things. The learning curve is pretty fair, and with the amount of sophistication that malware is starting to show, the learning curve for new trainees is getting steeper. Generally though, if one is diligent, inquisative, and patient, you will eventually develop a feel for what is going on. Even then, we all get stumped from time to time.

It is also something that you have to keep up with, or you quickly become lost. I know if I have to slack off on logs, it takes me a few weeks to really feel comfortable again. That's why many of us are members of other forums also, so we can share knowledge, and keep abreast of the latest developments.

It is very rewarding though, as hard work always is. I like helping people become comfortable with their systems, and I like the camraderie of the malware fighting community.
Back to top
View user's profile Send private message Visit poster's website
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Fri Mar 04, 2005 4:50 am    Post subject: Reply with quote

I guess my perspective is a little different. I do not think it is easy to be a part of the S.M.A.R.T. team. You have to continually stay up to date with not only malware fighting techniques but also the malware itself which is difficult becasue we do everything we can to keep it off our systems. In addition to that we have to learn how to use multiple pieces of software not just on a basic level but we need to know the advanced features as well.

In regards to the logs we analyse... Two days ago I printed out a log and spent about two hours just researching all the proccess running and registry keys. After doing that I highlighted questionable lines and did further research for removal instructions. I sometimes spend multiple days researching a log trying to figure out what is infected.

So after reading that I guess most people would be asking why the heck do we do it? I think Groovicus sets the best example in why we do what we do. We like to help people, we like to stay on top the latest malware information & we think the S.M.A.R.T. tag on our names looks pretty neat. Also on a personal note, I have been thrilled to be able to help friends and family rid their PC's of malware. Working in IT I have found it to be a useful skill on the job as well.
Back to top
View user's profile Send private message
Kaosu
Just Arrived
Just Arrived


Joined: 03 Oct 2004
Posts: 0
Location: United States

Offline

PostPosted: Fri Mar 04, 2005 3:06 pm    Post subject: Reply with quote

The training process is really what the trainee makes of it. Learning to combat malware is something that requires determination, intelligence and a positive attitude. As Groovicus said, hostile software is only getting smarter and becoming more problematic than ever. However, I personally feel that the knowledge I am earning here will allow me to combat even the toughest malware in the future.

A big part of our training is learning how to properly research a topic and gain a deep understanding of what we are attempting to do. Although the mentors will help us in any way possible, they will not hold our hands. So I guess you can say the most important thing we learn is how to rely on ourselves and when to ask for help.

If someone asked me the question: "Is the training hard?", I would probably simply reply with: "It really depends on the person who is going through the training. Some learn quicker than others and some step into this game with an understanding of the technology that is used. So you may have a harder time than I did or not."

I hope my personal views on this topic helped answer some questions and give more insight to what the team is about. The most important thing to remember is that we do what we love, and we love what we do. So we are more than willing to welcome anyone with open arms and help those in need.
Back to top
View user's profile Send private message Send e-mail
meeeeeeeeee
Just Arrived
Just Arrived


Joined: 05 Feb 2004
Posts: 2
Location: CT, USA

Offline

PostPosted: Fri Mar 04, 2005 5:27 pm    Post subject: Reply with quote

Well for those of you who think this is easy (yes, you Sid!) I'm going to have to toughen up the training a bit. Twisted Evil

Seriously, the learning process isn't too tricky, if you have some basics down first. For someone new to computing, learning to analyze a log could be pretty daunting. You need to know how Operating Systems and browsers work. You need to understand what is a normal problem due to improper settings, hardware issues and/or user error and what problems are due to malware.

You also need to have some investigative skills & patience. People who come to us for help sometimes don't have any computing background. You need to read someone's problem description "The thing doesn't open the right way and I'm getting lots of extra internets" and know how to interpret that in light of what you see in the log. Sometimes understanding what the problem really is can be the toughest part, since we don't actually get to see the infected computer.

You also need to keep up on what's new. As soon as we (the collective anti-malware community) learn to fight a difficult infection, the malware authors will tweak it to make it tougher to fight. It's a constant learning process. It's important to belong to as many groups as you can in order to glean all the new information. This takes time - both to locate the groups and to read up on all the new info. I personally spend about an hour a day just reading up on new developments.

In conclusion I would say it's not a difficullt thing to learn, if you have the background, dedication and the time. Like so much in life, you get out of it what you put into it.

Very Happy
Back to top
View user's profile Send private message
CyberSorcerer
Just Arrived
Just Arrived


Joined: 10 Jul 2006
Posts: 0


Offline

PostPosted: Mon Jul 10, 2006 1:50 pm    Post subject: Reply with quote

Well after following a link in another forum I found this thread which I have to add to what everyone is saying here. Even though I just signed up at this forum I am not new to computers by any means. I myself am a member of a few spyware/malware forums some of which are very restrictive in their membership such as http://malware-research.co.uk/ where my main skills at this forum is in Reverse-Engineering malware.

It is nice to have forums that take on the task of training new spyware/malware fighters and adding to the volunteers out their to help people remove such software off their computers. So once you enroll in a program such as offered here try you best to stick with it. Things will get tough, but dealing with spyware/malware is tough anyway once it is on your computer, so you might as well learn how to take it off.

Well I guess I will take a look around the forum here to see what all is going on.

CyberSorcerer
Back to top
View user's profile Send private message Yahoo Messenger
wickerandvine
New Member
New Member


Joined: 20 Oct 2006
Posts: 25
Location: alang-alang Mandaue

Offline

PostPosted: Mon Nov 06, 2006 7:07 am    Post subject: Reply with quote

how can i become a SMART member or trainee? Where will i go? Who will i approach?
Back to top
View user's profile Send private message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Mon Nov 06, 2006 10:45 am    Post subject: Reply with quote

Send a Private Message to SifuMike stating your interest.
Back to top
View user's profile Send private message Visit poster's website
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Mon Nov 06, 2006 11:13 pm    Post subject: Reply with quote

In addition to messaging SifuMike please take a look at this thread for SMART member requirements:

http://www.security-forums.com/viewtopic.php?t=28880
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register