Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Worm Spreads Via MSN Messenger

Posted by CowboyNeal on from the new-year-new-problems dept.

vxone writes "Anti-virus experts are watching a new worm that spreads through Microsoft Corp.'s MSN Messenger client. The worm is not harmful to infected machines and has infected only a few PCs at this point, according to an analysis by Trend Micro Inc. Known as Jitux, the worm is self-propagating and contains a link to a Web site that automatically downloads an executable file named 'jituxramon.exe' to the PC. Once the file runs, the worm begins sending out copies of itself to all of the names in the user's Messenger contact list."

7 of 380 comments (clear)

  1. Re:So what does it actually do? by xkenny13 · · Score: 5, Interesting

    So let me get this straight, the virus infects a computer, and then infects other computers. Does the virus actually do anything?

    I would guess that this is the trial run, to validate the theory behind a virus spreading in this manner. Once they know it works, the next one will have a payload.

  2. Human-activated by ptaff · · Score: 4, Interesting

    Seems like the worm must be "human-activated", a user must manually click the link received through MSN to download the worm; that's what I understand from McAfee

    It can't be harmful if it comes from a friend!

  3. Not the first time by jeremymh · · Score: 5, Interesting

    Around two years ago there was a similar virus for messenger. It was smarter, though, as whenever you open a chat window it would say to the other person "here are some pics I took last week" than request a file transfer of the virus (the virus ended in .jpg.exe). It didn't need a website to download from. I had to talk many people through the process of removing the virus. (it simply took a ctrl-alt-del to kill the program, then delete it from the recieved files folder) This virus didn't do anything either, the writer left a note in the virus (viewable through a hex editor) that it was just "to see if he could do it".

  4. Re:So what does it actually do? by old_unicorn · · Score: 5, Interesting

    It downloads an executable froma website. Obviously the number of downloads increases as the virus spreads. If the virus is thought to be harmless people won't panic about clearing it out. Maybe when there are enough computers (PCs) transmitting the virus, the website owner will change the executable for the real payload, and wammee - fireworks. Or maybe not.

    --
    ***You learn something Every day. And then you die.***
  5. Re:Helpful little program by bobsalt · · Score: 3, Interesting

    it seems they are trying to get outlook 2000 and up more integrated with msn messenger. same as the poster above siad, you can uninstall it, then when you open outlook it appears. doesn't that violate the terms they set out in the case about "uninstalling" msn messenger? anyone here know?
    and where is the reg entry or ini file located , so I can get rid of it when I set up a client pc? I don't wont to install antispy on every desktop I set up...


  6. Re:The face of our attacker? by Motherfucking+Shit · · Score: 5, Interesting
    What worm maker would link to a site that hosts their webcam as well?
    Recall that the high school student who released a variant of MSBlaster - the variant which was purported to have affected no more than 7,000 or so computers - was caught because his modifications interacted with his own website. If "jberg" is actually the person who wrote Jitux, it wouldn't be the first time that a worm (if you'd call Jitux a worm) contains dead giveaways as to its author.

    I think a lot of people who wind up unleashing worms are just playing around, seeing if it works. They aren't thinking about the consequences because they probably weren't intending to "release a worm" in the first place. Again operating under the assumption that the homepage you posted belongs to the Jitux author, it's quite possible that he wrote the code and sent it to a couple of friends to see if it would work. Before he knew what had happened, it was in the wild. The malicious file is apparently gone, so for all we know, he deleted it himself once he figured out that his creation was alive.

    Naturally, all of this is speculation. It's equally possible, and perhaps even more likely, that the "jberg" user's FTP space has been compromised to host the malicious file.
    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  7. Re:User intervention Part 2 by phillymjs · · Score: 3, Interesting

    for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.

    Because Microsoft's marketing blows sunshine up people's asses. People believe they are buying a simple system that will just run, never need maintenance, and protect them from messing it up. In reality Windows is a complex system that needs a fair bit of maintenance, or at least care on the part of the user to not do something that will cause problems (like open any old e-mail attachment in their inbox, no matter who the sender, or download any old file from Kazaa, or install Bonzi or other stupid shit like that).

    When you try to explain to people that they need to run Software Update and virus scans and do other system maintenance once in a while, they don't want to hear it. "You mean I paid all this money (read: $399) for this computer and it doesn't do all that stuff for me? Forget it!"

    ~Philly