A Worm's Worm 345
Carnildo writes "There's a new worm out, according to the Register, but one with a twist. This one, called 'Dabber', infects computers by exploiting a security hole in the Sasser worm."
Math is like love -- a simple idea but it can get complicated. -- R. Drabek
planned (Score:4, Interesting)
Spyware and others (Score:5, Interesting)
Antivirus! (Score:2, Interesting)
sounds like its doing some antivirus while its at it. Good!
Just be sure to block off 9898.
-Grump
Re:Antivirus! (Score:3, Interesting)
Re:Ugh... (Score:2, Interesting)
Re:This is why... (Score:3, Interesting)
Remind Anyone of Blaster (Score:5, Interesting)
I'm tech support for Tremendously Large ISP. From down here this looks just like Blaster did. Customers calling in complaining that their machine is restarting without their consent. And now someone has a follow up virus that attacks the virus - as some may recall there was a Blaster variant that patched systems AGAINST Blaster. This was terrible - if you got this variant inside a corporate network not only would your bandwidth use skyrocket, but since NAT tends to fubar Windows Update, the variant never managed to patch a system. God that was hell . .
It's almost enough to make you want to write a virus in revenge . . .
Re:Plug-in (Score:5, Interesting)
Quite a bit of modern worms in this or that way provide just a generic backdoor to the infected machine without performing any extra malice. Some of them just open oprts, some trick firewalls and actively "call home", which usually happens to be some random IRC server on some compromised machine (IRC seems to be preferred method for the virii writers for controlling worms, which just act as bots on the channel). Then the virii can upload a spamming software, a DDoS attack plugin, a keystroke logger, a file transfer thing, a tunneling/relay program to mask an attack, or whatever the twisted minds come up with.
It's amazing the harm one person can do... (Score:4, Interesting)
Actually sounds like somebody trying to fix things (Score:5, Interesting)
Actually, this sounds like somebody trying to make a disinfectant worm. Look at the description:
- It only infects infected systems, using a flaw in the previous infection.
- It cleans out the infection of the worm that it exploited, and several others.
It does open a new backdoor. But while that might be preparation for some future malicious action, it might also have been the author leaving himself a way to fix things if his initial worm got out with a destructive bug. (Of course it could be the worm cleaning up signs of previous infections in order to hide itself and thus head off other cleanups.)
I wouldn't be surprised to see, on further analysis, that it does other antimalware things (like fix the flaw the other worms used).
(Not to say that it IS somebody trying to fight virus with virus. But it might be interesting if it turns out that it is.)
I think everyone should go ultra secure, the best firewall ever... Disconnect from the net. It would make this all alot easier on us.
Which is exactly what the military does with some of its really secure stuff.
Now if we can just get the Microsoft users to emulate them. B-)
OS Popularity? (Score:5, Interesting)
Does this situation imply that the sum total of Sasser-infected machines outnumber Macs and Linux boxes?
Re:Ugh... (Score:3, Interesting)
My former high school offered a Visual Basic course in grade 10... but that's VB.
However, there's a lot one can learn by teaching themselves from a book, and I think that's where a lot of the talented young programmers get their starts. It may be that writing annoying viruses and worms are just some kid's way of testing and/or proving the knowledge s/he's gained. But I'd like to think that usually the smarter ones find more meaningful applications of their skills.
Re:Ugh... (Score:2, Interesting)
But still... it is just getting younger and younger. During the summer my University hosts several computer camps, and I see 7,8, 9 and 10 year old kids programming in C ++ and other OO programming languages.
Crazy indeed
Re:Remind Anyone of Blaster (Score:2, Interesting)
Re:Ugh... (Score:2, Interesting)
Re:This is *almost* a wonderful thing (Score:4, Interesting)
Then again it should be easy to release this new work without the code that opens the backdoor so that it only does the removal part?
Re:DMCA violation? (Score:3, Interesting)
Both are illegal, both are prosecutable, but the "victim" burglar can't sue for loss of property from the 2nd burglar because the property belongs to the original owner.
Fun! (Score:5, Interesting)
It sat and watched a users inbox for the big bug at the time and pretty much acted like a counteragent, the instant they showed up, it nuked them off the machine (inbox and all) and undid whatver they managed to do.
Send one copy to everybody in the office, and instantly watch outgoing network mail traffic DROP back down to normal levels and my phone stop ringing.
I seem to recall distinctly 'forgetting' to mail it to key people, however.. *cough*
Would be a real shame if some of the geek-prowess around the OSS world were to start doing such counter-bugs. Alot of these backdoors, trojans, and whatnot, have gaping flaws in them because..well, guess.
Just think:
Infect > Disinfect > Patch > Scan nearby machines (proceed life cycle)> Local Self-remove
Could be the next revolution. Don't bother patching or downloading, we bring the cure to YOU..
Re:Ugh... (Score:5, Interesting)
Given that it's a GPL project, I can't imagine that it would be too hard to find a few dedicated coders who would be willing to work on such a fork.
Re:Ugh... (Score:5, Interesting)
Yay for Free Software! (Achoo!)
creativity foo (Score:2, Interesting)
This was a unique idea at the time, and spawned not only the modern worms that copy that model, but also formed the basis for many science fiction stories, including well known ones like SkyNet in the Terminator, and the rampant AI in Bungie's Marathon.
Is this a beginning of a new virus era....? (Score:3, Interesting)
Re:I'm not "apologist" anything (Score:2, Interesting)
Re:Ugh... (Score:4, Interesting)
Copyright (c) yyyy, The Author and Contributors. All rights reserved until yyyy when this work will enter the Public Domain.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Re:Ugh... (Score:3, Interesting)
I ran into Welchia.B the other day which went after MyDoom (SCO) and downloaded 5 patches or so from MS and installed them on the system. Trouble is, that it's still a worm - nobody wants it on their system - it took me a couple hours to identify and remove it then get Windows running again.
Welchia.B was trying to run four different exploits on remote IPs - I sniffed all the traffic it was generating - trying to exploit up to a hundred IPs a second at one point. Max of 10 times to conserve bandwidth...? It has to find the other PCs first.
The patches it downloaded screwed up the XP installation badly, so a reinstall over the top brought it back. I don't want worms that try and fix other worms (get Avast or AVG etc instead).
Re:Spyware and others (Score:3, Interesting)
In fact.. thinking about it what's to stop me capturing requests for this crap on my proxies and redirecting them to an exe that removes gator? Hmm...
Re:Ugh... (Score:2, Interesting)
Re:Ugh... (Score:4, Interesting)
Re:Ugh... (Score:3, Interesting)