Yet Another Windows Worm
kraksmoka writes "MSNBC is reporting that yet another active worm is taking over computers in 115 countries today. 'Antivirus companies were on high alert Thursday after the rapid spread of a new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computersâ(TM) modems. Some of the wormâ(TM)s functions are designed to specially target financial institutions.' Yummy!"
I've already run into this with one of our banking customers... now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension (why the hell any half-way reasonable person would double-click on a .pif file in their email is beyond me). If I'd only known 10 years ago (before I was legally an adult) the kind of security that existed at some of the small to medium sized banks, I probably I've already run into this with one of our banking customers... now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension. If I'd only known 10 years ago (before I was legally an adult) the kind of security that existed at some of the small to medium sized banks, I probably would have made some very different career choices--I suppose it's better this way... (Posted anonymously for obvious reasons)
This one spread through my university like wildfire today! It even seems to fake Norton virus definition updating, such that the computer appears to be updating it's virus definitions but isn't. It seemed to spread via hijacked messages that it attached itself to.
This virus has been hitting a bunch of people over here at Stanford since sometime yesterday. It takes random messages from your inbox and forwards them to random people in your contact list and spoofs the sender. I've recieved a lot of weird emails lately, but some of my neighbors have seen some pretty personal emails sent or recieved by their friends and acquaintences. People hitting on people, people asking their parents for money, rejection letters from companies... the whole works. Our SMTP server has been completely shut down to stop the spread!
Seems to me that would be the way to get these things fixed permanantly. Make a worm that would call MS tech support on peoples modems. Or any other MS 800 number. Untill something costs them a LOT of money, these will continue to show up.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
On a related note, anti-virus programs is one place where I can actually see a potential useful application of "trusted computing" (no, not necessarily Palladium). If there could be some way to to tell the OS "Look, I don't care if you're the administrator or not: the only programs that are allowed to terminate the anti-virus scanner process are the scanner itself, and, say, Task Manager". By using keys to prove their identity, it _might_ make it a lot harder for virii to terminate anti-virus programs. (Note to slashbots: I'm not saying Palladium is good because it will do this (I don't even know if it does). I'm saying this is one potential application of some as-yet-undeveloped implemenation of "trusted computing".
There is no sig, there is only Zuul.
Any readers in the UK with Sky Digital, switch to channel 268.
Overnight, the channel plays a Flash-based word game, where viewers SMS in answers. It's running on a Windows PC, and the screen currently being broadcast to 7 million homes is....
McAfee dialog box: 'bugbear.b High Virus Advisory....'
Hmmm.
(wandering OT - the channel, 'Friendly TV' is apparently being run by students on work experience. A nightly live-broadcast show is 'Girl Talk', where... girls... talk... about... things. Whatever comes into their heads. Oh, and they get progressively more drunk as the evening progresses, which no doubt helps.)
What's the frequency, Kenneth?
This worm does try hard to get on the 'net. Copied from Symantec.
Looks like they're trying to obtain passwords to bank specific systems.You can fix the OS, but you can't fix the users. People who get hit by this have nobody to blame but themselves (or their Windows administrator).
Microsoft fixed this vulnerability more then 2 years ago. Why do people not update their software?
According to Symantec, Bugbear.B "uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability".
"Can of worms? The can is open... the worms are everywhere."
One interesting thing is it opens port 1080, which is normally used by MSN messenger
Sounds like you're using a Socks server to connect to MSN - 1080 is the default Socks proxy port, not MSN messenger.
The entire physics department here got an email with the subject line "Re: hep-lat 020711 daily received" with the pif attachement.
.pif file)
hep-lat is the Los Alamos eprint Archive subject code for high energy physics on lattice models. The email refers to a paper on "A new proposal for the fermion doubling problem" which is supposedly attached (instead you get the
The subject line is matched amazingly well to the recipient list. I thought "that looks interesting, I might have a look even though I probably wasn't supposed to get it."
:wq
Sorry but enterprise level and MS do not belong anywhere near each other despite what MS wants you to believe. I'm an MCSE and I can't imagine running critical services on the MS platform, user authentications, file sharing, and printing sure, but as an application platform windows server is just too bug ridden.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Strangely, our business can continue to operate without problems or delays even if the staff can't email screensavers to their friends.
In contrast, right now my XP laptop is running login.scr as SYSTEM. Yup, a screen saver with system level privs.
What's your point? The login screen saver logs users in, so it makes sense that it has some sort of advanced privileges. (Maybe it doesn't need all of SYSTEM, true...)
And the screen saver is well protected in winnt, believe it or not. It runs in a separate secure desktop, just like the ctrl-alt-del desktop does.
Now I agree that the security architecture of windows has flaws, but c'mon, there's got to be a better example than login.scr...
The following sentence is true. The preceding sentence was false.