Re: [Full-disclosure] Is this a Virus?

From: "Geo." <geoincidents@xxxxxxx>
Date: Sat, 31 Dec 2005 11:31:47 -0500

>> I doubt it's a virus. Filling up a hard-disk is counter productive to
propagation.

Actually not. If you fill an NTFS disk with files that are 1K or smaller it
forces the MFT to suck up the whole disk, small files are stored entirely in
the MFT instead of like larger files which have an MFT entry and a data
segment for storage area. Once that happens it's not possible to shrink the
MFT so the disk becomes useless for storing files larger than 1K even though
it shows as 90% empty and at the same time it allows the system to continue
running and spreading the virus.

A format is the only way to fix it. For virus writers, it's the perfect way
to trash windows machines without slowing virus propogation.

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- NTFS, broken by design? (was Re: [Full-disclosure] Is this a Virus?)
  - From: Bruce Ediger

References:
- [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken.
  - From: Leif Ericksen
- Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken.
  - From: Michael Holstein
- Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken.
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken.
  - From: Georgi Guninski
- Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken.
  - From: Leif Ericksen
- [Full-disclosure] Is this a Virus?
  - From: Hochin Chen
- Re: [Full-disclosure] Is this a Virus?
  - From: Shawn Cox
- Re: [Full-disclosure] Is this a Virus?
  - From: wac

Prev by Date: Re: [Full-disclosure] Good proxy chaining applications
Next by Date: NTFS, broken by design? (was Re: [Full-disclosure] Is this a Virus?)
Previous by thread: Re: [Full-disclosure] Is this a Virus?
Next by thread: NTFS, broken by design? (was Re: [Full-disclosure] Is this a Virus?)
Index(es):
- Date
- Thread

Relevant Pages

Re: Virus Attack
... I clicked on an executable file that I downloaded without realizing ... I tried running Avira, ... and wouldn't even recognize that I had a hard disk. ... (This virus only infected my XP computer, ...
(soc.retirement)
Re: Virus Attack
... that the factory installation diskette for my computer wouldn't do it, ... and wouldn't even recognize that I had a hard disk. ... (This virus only infected my XP computer, ... Then I ran a program I found on the web by Avira called ...
(soc.retirement)
Re: Virus Attack
... that the factory installation diskette for my computer wouldn't do it, ... and wouldn't even recognize that I had a hard disk. ... (This virus only infected my XP computer, ... Then I ran a program I found on the web by Avira called ...
(soc.retirement)
Re: Virus Attack
... that the factory installation diskette for my computer wouldn't do it, ... and wouldn't even recognize that I had a hard disk. ... (This virus only infected my XP computer, ... Then I ran a program I found on the web by Avira called ...
(soc.retirement)
Re: Virus Attack
... I clicked on an executable file that I downloaded without realizing ... I tried running Avira, ... and wouldn't even recognize that I had a hard disk. ... (This virus only infected my XP computer, ...
(soc.retirement)