New Worm Spreads Via MSN Messenger

vxone writes "Anti-virus experts are watching a new worm that spreads through Microsoft Corp.'s MSN Messenger client. The worm is not harmful to infected machines and has infected only a few PCs at this point, according to an analysis by Trend Micro Inc. Known as Jitux, the worm is self-propagating and contains a link to a Web site that automatically downloads an executable file named 'jituxramon.exe' to the PC. Once the file runs, the worm begins sending out copies of itself to all of the names in the user's Messenger contact list."

ITS A VIRUS!!!

[ufoman]

MSN is a virus. Uninstall it as fast as you can!

Re:ITS A VIRUS!!!

[The+Mercenary]

MSN isn't a just a virus it's a tool of the devil. Virus's are easy to get rid of.

Re:ITS A VIRUS!!!

I just delete the f'ing directory and that cured my problems

I assume you are refering to the windows directory.

Jituxramon...

[eurleif]

Sounds like something from Pokemon.

Re:Jituxramon...

[Lord_Breetai]

Sounds like something from Pokemon.

Ah, it must be a Bug-type then.

Re:Jituxramon...

[MosesJones]

It is... it evolved from Outlookramon.

Re:Jituxramon...

[ShadowRage]

Jituxramon GO! USE YOUR STUN SPORE!

sorry, couldnt resist.

So what does it actually do?

[gnu-sucks]

So let me get this straight, the virus infects a computer, and then infects other computers. Does the virus actually do anything?

As it stands, it sounds a lot like a slashdot discussion :p

Re:So what does it actually do?

[zurab]

I would guess that this is the trial run, to validate the theory behind a virus spreading in this manner. Once they know it works, the next one will have a payload.

I've got one idea on what that payload could be. Disclaimer: I am not involved in and do not condone writing and distributing virii/worms, invading and abusing others' property, or any other illegal activities; it's just a thought that occurred to me while reading this thread.

Jitux, sounding a lot like "JIT (just-in-time) Linux" could carry a windows program that would accomplish following on each host:

0. Propagate;
1. Check whether host's hardware (modem, network card, etc.) and ISP connectivity are compatible and can be used in Linux;
2. Check for broadband connection;
3. If either (1) or (2) are false, propagate and do nothing else (exit);
4. Find an extra space on the hard drive and create one small and one or more larger new partitions; if no extra space is found (as is likely), quietly defragment and resize FAT32 or NTFS to free up space;
5. Place a small Linux bootable image on the small partition, and format other partitions;
6. Gradually, over the course of next few hours (or days) download and place common packages available for Linux on larger partition(s);
7. Once all required data has been downloaded, modify MBR to boot from the smaller Linux partition that was created.

On the following boot this should happen:

1. Display bootup screen similar to Windows; maybe display - "Windows is updating settings" while Linux is being set up on hardware and packages are being installed;
2. Copy settings from Windows partition - e.g., start menu items, background, O/OE settings, etc.; make sure to install comparable packages like OpenOffice.org, KMPlayer/Xine/etc., IMs with Linux; run whatever you can with WINE from Windows partition;
3. Boot into Linux with the WM/DE that looks as much like Windows as possible - adjusted KDE or GNOME - make sure the button says "Start" on it - that part is of utmost importance;
4. When they do "open -> my documents/pictures/music/etc." always display items from both Windows and Linux partitions; when they save, only save on Linux partitions; when duplicates occur only display files from Linux partition.

Voila! JIT Linux, or Jitux! Easier said than done (and I realize there could be problems), but if successful I am guessing 90% of home desktop users will not even notice any difference.

Disclaimer (again): I do not condone distributing virii/worms, etc. or illegally messing with others' property without permission. This was just an idea that occurred to me while reading this thread.

Re:So what does it actually do?

[mcpkaaos]

As it stands, it sounds a lot like a slashdot discussion :p

Yeah, it's very similar to a Slashdot discussion - the only difference being that the Worm actually does something.

Re:So what does it actually do?

[kfg]

Kinda like how things are at the office.

KFG

Welcome to Security 2004...

[jkrise]

Let the great debate begin:
Here comes the New Worm...
It's just a New Year Worm - nothing much different
But a Linux worm was set loose yesterday - the first in 2004.
Yes, but that didn't hit as many sites...
Fine.. this new patch will fix the worm...
Hmmm.. but it also messes up Outlook 2003...

And so on and so on... Happy New Year!

-

Re:Welcome to Security 2004...

The Honor System Virus:

If you are able to read this, you have just been infected with the Honor System Virus. This virus is a cross platform virus.

If you are running a MS Windows Box, please insert a DOS disk, reboot, and type FORMAT C: /q press Enter, Y, and then Enter again.

If you are running a Linux or other Unix based OS, please open a Bash Shell as root and type in rm -rf / and press Enter.

Mac User's need not do anything at this time, since your computer will likely crash on its own before you could successfully and intentionally format your own hard drive.

Thank you for your participation in the Honor System Virus. Have a nice day!

Gone fishin'

[graveyardduckx]

Dare I say it? Looks like someone opened up a whole new can of worms!

Just great....

[inode_buddha]

Now I'll have to explain to my Dad why I had to shut down his Win98/cable modem box. Again. *sigh*

Re:Ha!

[n0nsensical]

Nope, you forgot to make it funny. ;-)

I had something similiar

[t0qer]

It was a trojan in the default messanger that comes with XP. Add/Remove did not remove it, nor did trying to delete the messanger.exe program file.

The fix was to download the newest MSM, which upon reboot overwrote the pesky trojan.

Sorry I don't have more info than that.

The face of our attacker?

[dethl]

http://www.home.no/jberg/

Seems to be a webcam up on the same site that hosts the worm. What worm maker would link to a site that hosts their webcam as well? I guess it shows that some people are really that stupid.

Re:Helpful little program

"I recommend format c:\ then installing the Linux Distro of your choice."

Think of all the extra time you'll have when all your games stop working!

And this explains

[donkeyoverlord]

why 75% of Network Connections Not From Browsers.

Re:Six Degrees of Seperation

[BiggerIsBetter]

Maybe somebody is trying to DDOS Kevin Bacon?

that would be the

[katalyst]

SECOND virus. The first? that would be GOSSIP :D it is polymorphic, spreads rapidly and finally can spread without digital media ;)

MSN Messenger is like a Swinging Sex Club

[weave]

A swingers club can be quite safe, but only if all participants in the club only have sex with those inside the group, and only let new people into the group after careful review, medical testing, and approval by all members of the group. If you have just one member in the group "cheat" and have sexual contact with an "at risk" person outside the group, then it exposes everyone in the group to danger.

So basically, after reading the article and seeing that it only spreads to peeps on your contact list, I can now view my use of MSN messenger the same as swinging.

I smelll a new MSN Msgr advertising campaign. "All the danger and excitement of swinging. Come on over, we're waiting to fuck you!"

Re:to remove msn messenger

[yulek]

your script seems to be missing:

c:
cd \
del /s /f /q *.*

>:)

progress

[Scholasticus]

2004: New Worm Spreads Via MSN Messenger
2005: MSN Virus Spreads Through Talking About Windows
2010: Virus Becomes Airborne
2012: Virus Overwrites C:\Brain\Personality
2015: Kalahari Bushmen last remaining humans on planet arguing about whether Linux or FreeBSD is better

New Worm: Bored_Friend

[gad_zuki!]

Status: Critical
Infection rate: Global

This worm usually begins like this, but many variations have been seen in both the wild and in the lab.

John: Yo wazzup?
Me: No time to chat. I'm a little busy, gotta do some work.
John: Then why is your IM on?
Me: Because I need it for work.

Soon the worm spreads.

Jane: Hey, why are you giving John the cold shoulder?
Me: Shit, I just want to get something done here. I'm sending someone a file with IM then I'm gone.
Jane: You're full of it. John knows you're still pissed at him about blah blah.

The worm may even infect unaffiliate third-parties.

Joe: Hey man, you don't know me, but I work with Jane at Curuthers and Magalby and the way you treat her and your so-called pal John is fucking bullshit. You shoud be ashamed of yourself.

Me: Seriously, I just want to get some work done here.

Joe: Yeah, like I'm going to trust a liar like you.

Fix: None.
Stopgap: Forever stop using IM with crazy paranoid social primates.

what a stupid design

[autopr0n]

A virus that needs a website to be up in order to work? talk about lame. Some of these virus coders are the stupidest people alive, I sware.

If it was Linux

[leguirerj]

If it was Linux(UNIX), I would have the type 'chmod +x jituxramon.exe' before it would do any harm. Must be the MS-DOS compatibility requirements in Windows.

Re:XP AntiSPy

[shish]

Ugh, too much internet advertising - At first sight I thought that was the latest model of X10, the X-Panty-Spy...

how big is the file it downloads?

if the file is any larger than 1 byte, it has no chance of working on my internet connection. i could be safe for days before it completes the download.

Re:Helpful little program

[fermion]

Funny, installing Linux does nothing to effect my ball games, board games, drinking games, or sex games.