Results 1 to 2 of 2

Thread: 2 Years Later Re: LSA Shell (Export Version)

  1. #1
    bisclavret Guest

    Default 2 Years Later Re: LSA Shell (Export Version)

    I know that it has been two years since the question was posed, but I am just now coming to this forum seeking answers of my own. I can, however, answer the question, "So why is a legitimate part of windows wanting to communicate with a chinese web site????"

    The reason a legitimate part of Windows wants to communicate with a Chinese Web site is because even viruses, Trojans, malware, and spyware use legitimate Windows components to gain Internet access. If they did not depend upon at least some Windows components to operate, then they could not gain access to the communication protocols necessary to transmit information or copies of themselves to other computers. All the nasties that infect computers do so by using and/or altering legitimate process for illegitimate purposes. Otherwise, they would not be a threat. If the Windows operating system has something introduced that is completely foreign to its environment or operating processes, then it simply does nothing. Viruses, Trojans, malware, and spyware have to be written so they will interact with and gain the trust of the operating system or portion of the operating system that they are designed to infect--and affect. If I wrote a virus based on the old Commodore's operating system (the first "personal computers" to go on the market), then it would not work on Windows, Mac, or Linux. Even if, by some miracle, the virus was accepted by any of the operating systems just mentioned, it would have little or no effect on it, because the operating systems are so dissimilar. Computer nasties have to communicate with and use legitimate Windows components in order to function. If it wants to communicate, phone home, or spread to other computers, it has to use the operating system's legitimate communication files that will enable it to do that.

    Another possibility is that it has overwritten legitimate Windows files with files that enable it to spoof those files in order to launch the processes necessary to accomplish its goal.

    It's like asking why a human terrorist is using legitimate transportation to get from his garage-turned-bomb-factory to his target. The short answer is necessity. In the last scenario I proposed, it's comparable to a terrorist taking an ordinary car or truck with legal license plates and filling it full of explosives and a triggering device. It looks like an ordinary--and legal--vehicle from the outside, and the license plate checks out as being legal; but the insides are illegal and are designed to wreak havoc once it reaches its destination. Again, the outward appearance of a legal vehicle with a legitimate purpose is necessary to the terrorist's purpose in order to fool security and appear to be that of a law abiding citizen.

    Whatever is using your computer to access the Chinese Web site is using what may or may not be a legitimate Windows process because it has to.

    While it is too late now to help BillOfPoway, perhaps this will help someone else who comes along to better understand why a seemingly legitimate Windows process would want to answer some off-the-wall Website in the middle of a foreign country.

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: 2 Years Later Re: LSA Shell (Export Version)

    You may find your answer here:

    http://forum.zonelabs.org/zonelabs/b...ssage.id=50594

    and some more background information here:

    http://forum.zonelabs.org/zonelabs/b...ssage.id=51318

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •