Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Worm Spreads Via MSN Messenger

Posted by CowboyNeal on from the new-year-new-problems dept.

vxone writes "Anti-virus experts are watching a new worm that spreads through Microsoft Corp.'s MSN Messenger client. The worm is not harmful to infected machines and has infected only a few PCs at this point, according to an analysis by Trend Micro Inc. Known as Jitux, the worm is self-propagating and contains a link to a Web site that automatically downloads an executable file named 'jituxramon.exe' to the PC. Once the file runs, the worm begins sending out copies of itself to all of the names in the user's Messenger contact list."

5 of 380 comments (clear)

  1. Helpful little program by Raul654 · · Score: 5, Informative

    For anyone who has tried to uninstall MSN messanger, you know how much of a bitch it is. I recommend Windows XP antispy to get rid of it.

    After all, (simpsonism) "no one who speaks german could be evil (/simpsonism) :)

    --


    To make laws that man cannot, and will not obey, serves to bring all law into contempt.
    --E.C. Stanton
    1. Re:Helpful little program by MacroRex · · Score: 5, Informative

      With some help from Google it's no bitch at all.

    2. Re:Helpful little program by SilverCanary · · Score: 5, Informative

      It's not removed when you do that.
      They simply make the executable a hidden file and remove the shortcut.
      MSN will still work when you start the executable manually after "removing" it.
      (Same goes for Outlook express btw).

  2. Low risk by Xenna · · Score: 5, Informative

    It doesn't seem to be using any particular vulnerabilities in MSN. It depends on users to click on a URL they receive in a message.

    Now what responsible user would do that. NAI's web site claims that the worm code itself has been removed from the web server, thus rendering the worm harmless:

    http://vil.nai.com/vil/content/v_100931.htm

    -- Update 31st December 2003 --
    This threat is considered to be a Low-Profiled risk due to media attention at: http://www.web-user.co.uk/news/47502.html

    This detection is for a worm intended to propagate via MSN Messenger instant messaging. The worm is written in Visual Basic.

    It propagates by sending messages to the MSN messenger contact list. The messages contain a link to the worm itself:

    http://www.home.no/( removed )/jituxramon.exe

    When the link is clicked, the worm is downloaded to the target machine.

    Note: at the time of writing the the worm was unavailable from this URL.

  3. to remove msn messenger by eonblueye · · Score: 5, Informative

    copy and paste into a .bat file

    @echo off
    echo Removing Microsoft Messenger...
    rundll32 advpack.dll,LaunchINFSection %WinDir%\inf\msmsgs.inf,BLC.Remove

    echo Disabling it from running in the future...
    echo REGEDIT4>%temp%\nomsngr.reg
    echo
    [HKEY_LOCAL_MAC HINE\SOFTWARE\Policies\Microsoft\Me ssenger\Client]>>%temp%\no
    msngr.reg
    echo "PreventRun"=dword:00000001>>%temp%\nomsngr.reg
    echo "PreventAutoRun"=dword:00000001>>%temp%\nomsngr.re g
    echo "PreventAutoUpdate"=dword:00000001>>%temp%\nomsngr .reg
    echo "PreventBackgroundDownload"=dword:00000001>>%temp% \nomsngr.reg
    echo "Disabled"=dword:00000001>>%temp%\nomsngr.re g
    regedit /s %temp%\nomsngr.reg

    run and bam! messenger is gone for good :)

    --
    +++ David Watts 5495 0.0 0.5 1888 884