Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Worm Spreads Via MSN Messenger

Posted by CowboyNeal on from the new-year-new-problems dept.

vxone writes "Anti-virus experts are watching a new worm that spreads through Microsoft Corp.'s MSN Messenger client. The worm is not harmful to infected machines and has infected only a few PCs at this point, according to an analysis by Trend Micro Inc. Known as Jitux, the worm is self-propagating and contains a link to a Web site that automatically downloads an executable file named 'jituxramon.exe' to the PC. Once the file runs, the worm begins sending out copies of itself to all of the names in the user's Messenger contact list."

86 of 380 comments (clear)

  1. ITS A VIRUS!!! by ufoman · · Score: 4, Funny

    MSN is a virus. Uninstall it as fast as you can!

    --
    The following statement is false.
    The previous statement is true.
    Welcome to my world.
    1. Re:ITS A VIRUS!!! by tomstdenis · · Score: 2, Interesting

      While meant as a joke it is a good idea. MSOE seems to want to load msn whenever it starts up [even if you have Gaim installed and running ;-)]. I just delete the f'ing directory and that cured my problems.

      Tom

      --
      Someday, I'll have a real sig.
    2. Re:ITS A VIRUS!!! by Anonymous Coward · · Score: 3, Funny
      I just delete the f'ing directory and that cured my problems

      I assume you are refering to the windows directory.

    3. Re:ITS A VIRUS!!! by BenV666 · · Score: 3, Informative

      I totally agree.
      For those who don't know how, you can uninstall the thing by running:
      RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

  2. Jituxramon... by eurleif · · Score: 5, Funny

    Sounds like something from Pokemon.

    1. Re:Jituxramon... by Lord_Breetai · · Score: 5, Funny

      Sounds like something from Pokemon.

      Ah, it must be a Bug-type then.

      --
      "You are only young once, but you can be immature forever." -www.animemusicvideos.org
    2. Re:Jituxramon... by MosesJones · · Score: 4, Funny


      It is... it evolved from Outlookramon.

      --
      An Eye for an Eye will make the whole world blind - Gandhi
    3. Re:Jituxramon... by darkgreen · · Score: 3, Insightful

      Why is it considered offtopic when someone corrects a person.

      Well, I can't speak for the mods, but I thought the spirit of the parent was to be funny. He accomplished that, although he was slightly inaccurate. You pointing out what you did was like someone dissecting a joke until it's no longer funny.

      a la "well, technically, a chicken may not really have the mental sophistication to /want/ to go to the other side of the road. Perhaps if there were food, or offspring, but there would need to be some instinctual impetus for... " and on and on.

      It would be a different matter if the facts for his post needed to be accurate. I'd welcome corrections, but, unlike the original poster, a corrective post isn't really accomplishing anything in that vein. That's why your post (and mine) is Offtopic. I'm not saying it's not welcome or completely useless, but you shouldn't be surprised that it's considered Offtopic.

      HTH

      --
      You don't need Geeksintraining if you're on Slashdot.
    4. Re:Jituxramon... by ShadowRage · · Score: 2, Funny

      Jituxramon GO! USE YOUR STUN SPORE!

      sorry, couldnt resist.

  3. So what does it actually do? by gnu-sucks · · Score: 5, Funny

    So let me get this straight, the virus infects a computer, and then infects other computers. Does the virus actually do anything?

    As it stands, it sounds a lot like a slashdot discussion :p

    1. Re:So what does it actually do? by xkenny13 · · Score: 5, Interesting

      So let me get this straight, the virus infects a computer, and then infects other computers. Does the virus actually do anything?

      I would guess that this is the trial run, to validate the theory behind a virus spreading in this manner. Once they know it works, the next one will have a payload.

    2. Re:So what does it actually do? by wa5ter · · Score: 5, Insightful

      A friend of mine, who knows a bit about this kind of thing (no, he isn't) suggested that this is the kind of thing someone would do if they wanted to cause a lot of damage, but not get caught. The harmless version will be widely propogated, and then it's only a matter of time before some script kiddie loads up a far more harmful payload. This will probably be the person that takes the rap for the whole thing, leaving the original virus creator scott free.

    3. Re:So what does it actually do? by old_unicorn · · Score: 5, Interesting

      It downloads an executable froma website. Obviously the number of downloads increases as the virus spreads. If the virus is thought to be harmless people won't panic about clearing it out. Maybe when there are enough computers (PCs) transmitting the virus, the website owner will change the executable for the real payload, and wammee - fireworks. Or maybe not.

      --
      ***You learn something Every day. And then you die.***
    4. Re:So what does it actually do? by zurab · · Score: 5, Funny
      I would guess that this is the trial run, to validate the theory behind a virus spreading in this manner. Once they know it works, the next one will have a payload.


      I've got one idea on what that payload could be. Disclaimer: I am not involved in and do not condone writing and distributing virii/worms, invading and abusing others' property, or any other illegal activities; it's just a thought that occurred to me while reading this thread.

      Jitux, sounding a lot like "JIT (just-in-time) Linux" could carry a windows program that would accomplish following on each host:

      0. Propagate;
      1. Check whether host's hardware (modem, network card, etc.) and ISP connectivity are compatible and can be used in Linux;
      2. Check for broadband connection;
      3. If either (1) or (2) are false, propagate and do nothing else (exit);
      4. Find an extra space on the hard drive and create one small and one or more larger new partitions; if no extra space is found (as is likely), quietly defragment and resize FAT32 or NTFS to free up space;
      5. Place a small Linux bootable image on the small partition, and format other partitions;
      6. Gradually, over the course of next few hours (or days) download and place common packages available for Linux on larger partition(s);
      7. Once all required data has been downloaded, modify MBR to boot from the smaller Linux partition that was created.

      On the following boot this should happen:

      1. Display bootup screen similar to Windows; maybe display - "Windows is updating settings" while Linux is being set up on hardware and packages are being installed;
      2. Copy settings from Windows partition - e.g., start menu items, background, O/OE settings, etc.; make sure to install comparable packages like OpenOffice.org, KMPlayer/Xine/etc., IMs with Linux; run whatever you can with WINE from Windows partition;
      3. Boot into Linux with the WM/DE that looks as much like Windows as possible - adjusted KDE or GNOME - make sure the button says "Start" on it - that part is of utmost importance;
      4. When they do "open -> my documents/pictures/music/etc." always display items from both Windows and Linux partitions; when they save, only save on Linux partitions; when duplicates occur only display files from Linux partition.

      Voila! JIT Linux, or Jitux! Easier said than done (and I realize there could be problems), but if successful I am guessing 90% of home desktop users will not even notice any difference.

      Disclaimer (again): I do not condone distributing virii/worms, etc. or illegally messing with others' property without permission. This was just an idea that occurred to me while reading this thread.
    5. Re:So what does it actually do? by mcpkaaos · · Score: 4, Funny
      As it stands, it sounds a lot like a slashdot discussion :p


      Yeah, it's very similar to a Slashdot discussion - the only difference being that the Worm actually does something.
      --
      It goes from God, to Jerry, to me.
    6. Re:So what does it actually do? by AndroidCat · · Score: 2, Informative

      A number of the worms linked to spammers and DDoS attacks on anti-spammer sites have been multi-stage jobs. Once a PC is infected, it either scans for or waits for contact to pull down the next stage. (Sort of like a Wormdows Update feature.)

      --
      One line blog. I hear that they're called Twitters now.
    7. Re:So what does it actually do? by jhigh · · Score: 2, Insightful

      but if successful I am guessing 90% of home desktop users will not even notice any difference.

      Oh, come ON! I realize that most /.ers think that everyone around them is a drooling idiot, but you don't think that someone would notice that what used to be Office XP is now Openoffice??? I prefer Openoffice, but it is definitely not as visually appealing as Office XP. This is just more ridiculousness from the zealot crowd (I much prefer Linux to Winndows for technical reasons rather than pseudo-religious ones). I just wish people would stop trying to attribute mental retaradation to everyone not running Debian.

      --
      Social Engineering Expert: Because there is no patch for stupidity.
    8. Re:So what does it actually do? by LnxAddct · · Score: 2, Interesting

      This has always bothered me and is a serious question... If they know what website is being used why can't they shut it down and/or find the person who created it. I understand he could claim that his website was hacked or whatever, but at least they would stop it from spreading. The worm would be better if it used MSN to send the files to each other. The only thing that using a webpage accomplishes is that you can alter the executable to whatever you want whenever you want to.
      Regards,
      Steve

  4. solution by Barbarian · · Score: 5, Insightful

    Uhhh, shut down the website that the "worm" is sending a link to?

    1. Re:solution by NickFitz · · Score: 4, Informative

      According to Network Associates "at the time of writing the the worm was unavailable from this URL".

      --
      Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
  5. Welcome to Security 2004... by jkrise · · Score: 2, Funny

    Let the great debate begin:
    Here comes the New Worm...
    It's just a New Year Worm - nothing much different
    But a Linux worm was set loose yesterday - the first in 2004.
    Yes, but that didn't hit as many sites...
    Fine.. this new patch will fix the worm...
    Hmmm.. but it also messes up Outlook 2003...

    And so on and so on... Happy New Year!

    -

    --
    If you keep throwing chairs, one day you'll break windows....
    1. Re:Welcome to Security 2004... by loyalsonofrutgers · · Score: 2, Interesting

      As long as the virus does nothing else but propogate itself, then this really isn't a security issue, its an issue of people CHOOSING to run what they want on their computer. If they're dumb enough to click 'open' on anything that downloads without knowing what it does (and indeed if what it does isn't necessarily harmful) then it is not a security problem, its a user problem. If people choose to run a program that messages itself to everyone on their MSN list, then who is Microsoft to stop them? At some point the user has to take responsibility for what he or she runs.

    2. Re:Welcome to Security 2004... by j-pimp · · Score: 2, Insightful

      Well from a computer security perscpective, that which lies between chair and keyboard is part of the computer system.

      --
      --- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
    3. Re:Welcome to Security 2004... by Anonymous Coward · · Score: 4, Funny
      The Honor System Virus:

      If you are able to read this, you have just been infected with the Honor System Virus. This virus is a cross platform virus.

      If you are running a MS Windows Box, please insert a DOS disk, reboot, and type FORMAT C: /q press Enter, Y, and then Enter again.

      If you are running a Linux or other Unix based OS, please open a Bash Shell as root and type in rm -rf / and press Enter.

      Mac User's need not do anything at this time, since your computer will likely crash on its own before you could successfully and intentionally format your own hard drive.

      Thank you for your participation in the Honor System Virus. Have a nice day!

  6. Helpful little program by Raul654 · · Score: 5, Informative

    For anyone who has tried to uninstall MSN messanger, you know how much of a bitch it is. I recommend Windows XP antispy to get rid of it.

    After all, (simpsonism) "no one who speaks german could be evil (/simpsonism) :)

    --


    To make laws that man cannot, and will not obey, serves to bring all law into contempt.
    --E.C. Stanton
    1. Re:Helpful little program by Kris_J · · Score: 4, Informative

      Windows XP users should install SP1, then removing MSN Messenger can simply be removed from the Add/Remove Programs control panel.

    2. Re:Helpful little program by MacroRex · · Score: 5, Informative

      With some help from Google it's no bitch at all.

    3. Re:Helpful little program by Anonymous Coward · · Score: 5, Funny

      "I recommend format c:\ then installing the Linux Distro of your choice."

      Think of all the extra time you'll have when all your games stop working!

    4. Re:Helpful little program by SilverCanary · · Score: 5, Informative

      It's not removed when you do that.
      They simply make the executable a hidden file and remove the shortcut.
      MSN will still work when you start the executable manually after "removing" it.
      (Same goes for Outlook express btw).

    5. Re:Helpful little program by bobsalt · · Score: 3, Interesting

      it seems they are trying to get outlook 2000 and up more integrated with msn messenger. same as the poster above siad, you can uninstall it, then when you open outlook it appears. doesn't that violate the terms they set out in the case about "uninstalling" msn messenger? anyone here know?
      and where is the reg entry or ini file located , so I can get rid of it when I set up a client pc? I don't wont to install antispy on every desktop I set up...


    6. Re:Helpful little program by ScottSpeaks! · · Score: 4, Informative

      I haven't tried it (no such machine to run it on), but XPlite is a utility that should be very good at removing unwanted "features" from WinXP. (There's a Win2K version as well.) This is by the same guy who created 98lite, which removes all traces of IE from Win98 (which MS had said wasn't possible) and replaces it with the file browser from Win95 (and the web browser of your choice). So when he says it "removes" a feature, I'm inclined to believe it really does.

    7. Re:Helpful little program by Genom · · Score: 2, Informative

      Did this to me too - very strange. At first I thought a worm or something might have snuck through (trying to deliver *something* via Messenger), but Norton comes up empty on the virus/worm front, and Adaware/SpyBot didn't find anything out of the ordinary.

      So, I nipped the problem by renaming msnmsgs.exe. Now whatever Windows *thinks* needs Messenger won't be able to start it. Don't get any errors about it either. Since I don't actually *use* Messenger for anything, this has pretty much solved my problem.

    8. Re:Helpful little program by Chanc_Gorkon · · Score: 3, Informative

      And what your talking about is NOT MSN messenger. It's Windows Messenger. Some point, around the time XP was developed and released, some idiot at Microsoft thought it might be a good idea to create Windows Messenger. No I ain't talking about the Windoes Messaging service, but Windows Messenger. Windows Messenger was supposed to be pushed a bit to the corporate side of things. Your supposed to be able to run your own IM server in your company. In any case, there are a ton of websites that tell you how to get rid of Windows Messenger. MSN messenger on the other hand must be installed. It IS different then Windows Messenger even though they both work on the MSN messenger service.

      Oh and just to give you an idea of how stupid the article was, you actually have to click on a URL that this messege sends to you and unless you have been living under a rock, you can pretty much eliminate this problem by ignoring IM's from anyone that is not on your list. If most of your list does this, then there's no chance of infection. As most IM users have already discovered, there are enough SPAM IM's that are not harmful out there that you should probably set this up from the beginning. Hence the reason why there's only a handful of infections. This is NOT a hole in MSN Messenger....it's just users being the typical idiots that they are and that's only that handful of idiots that have been infected. Most MSN Messenger users would be unaffected by this.

      --

      Gorkman

    9. Re:Helpful little program by fermion · · Score: 2, Funny

      Funny, installing Linux does nothing to effect my ball games, board games, drinking games, or sex games.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  7. What about... by Dangerously_Swiss! · · Score: 2, Interesting

    Trillian? Would something like that, assuming it honestly exists, run through Trillian as well? *begins stockpiling canned goods and cleaning guns to prepare for the dark days ahead*

    1. Re:What about... by AuMatar · · Score: 4, Insightful

      Nothing. However privlidge separation on a Unix box would prevent a harmful payload in a worm of this sort, unless the user was running as root. In which case, he needs to be shot.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    2. Re:What about... by NanoGator · · Score: 3, Insightful

      " However privlidge separation on a Unix box would prevent a harmful payload in a worm of this sort, unless the user was running as root."

      Could you elaborate on this a little? From what little I understand of permissions in *nix, this might prevent data from being written in the wrong spot (i.e. overwriting of system files), but would it prevent a headless app from running and sending out messages to other machines?

      Ah if only application firewalls were standard issue like virus scanners. At least Microsoft's forcing that evolution to happen.

      --
      "Derp de derp."
    3. Re:What about... by MechaStreisand · · Score: 2, Interesting

      Unix's privilege separation wouldn't prevent something like, say, trashing all the user's files - files that are usually more important than the easily restored operating system. Don't be fooled into thinking that even Unix does security right.

      --
      Disclaimer: IANAL. This post is, however, legal advice, and creates an attorney-client relationship.
    4. Re:What about... by Dunkelzahn · · Score: 4, Informative

      Many of the newer 'user friendly desktop' Linuces run as root, such as Lindows. While I think this is horribly stupid, it doesn't stop the fact that many neophytes to the Linux world will be running Gaim or equivalent as root.

      --
      .
    5. Re:What about... by The+Infamous+Grimace · · Score: 3, Informative

      "...Ah if only application firewalls were standard issue like virus scanners..."

      OS X comes with ipfw preinstalled, and it can be turned on with a couple of mouse-clicks:

      Apple Menu->System Preferences
      Select 'Sharing'
      Select 'Firewall' tab
      Click 'Start' button

      There is also a tab with a list of service that one can check on or off, and it is easy to add new ones (click the 'New...)

      Seems that I've read some debate of the merits of ipfw vs. other firewalls, but it seems to work fine for me. Also, there is the debate about whether or not it should be on or off by default. Personally, I think it should be on.

      As far as headless apps, like daemons, I don't know. OS X asks for an admin password any time it needs 'root' access; if one makes sure they know what they're installing, and trusts the source, then I don't think anything too bad could happen.

      Although, this just occurred to me. Could something like this launch an app in the background that captured keystrokes and saved them to a non-secure file/folder? That could be a problem.

      (tig)

      --
      Ignorance and prejudice and fear
      Walk hand in hand
    6. Re:What about... by Spoing · · Score: 3, Informative
      Could you elaborate on this a little? From what little I understand of permissions in *nix, this might prevent data from being written in the wrong spot (i.e. overwriting of system files), but would it prevent a headless app from running and sending out messages to other machines?

      Programs execute with the same permissions as the user, though this happening is not very likely. For this to occur, two things have to happen;

      1. The execute bit must be set on the file.
      2. The program handling the file must run the program or allow it to be run when clicked.

      Neither are impossible, though these are unlikely. (Some apps might skip the first step, though this is also rare.)

      Keep in mind that unlike Windows, Unix-style systems don't use the name of the file or it's extention (suffix) to determine if a file is an executible. If Windows followed the same model, you could click on worm.exe and Worm would not run automatically.

      --
      A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
    7. Re:What about... by AuMatar · · Score: 3, Informative

      Well, files by default are not executable, so it wouldn't execute unless you ran chmod on it. Furthermore, ports 0-1023 are privlidged by most unixes, and can't be bound to unless you run as root, stopping things like spam mail servers.

      --
      I still have more fans than freaks. WTF is wrong with you people?
  8. Low risk by Xenna · · Score: 5, Informative

    It doesn't seem to be using any particular vulnerabilities in MSN. It depends on users to click on a URL they receive in a message.

    Now what responsible user would do that. NAI's web site claims that the worm code itself has been removed from the web server, thus rendering the worm harmless:

    http://vil.nai.com/vil/content/v_100931.htm

    -- Update 31st December 2003 --
    This threat is considered to be a Low-Profiled risk due to media attention at: http://www.web-user.co.uk/news/47502.html

    This detection is for a worm intended to propagate via MSN Messenger instant messaging. The worm is written in Visual Basic.

    It propagates by sending messages to the MSN messenger contact list. The messages contain a link to the worm itself:

    http://www.home.no/( removed )/jituxramon.exe

    When the link is clicked, the worm is downloaded to the target machine.

    Note: at the time of writing the the worm was unavailable from this URL.

    1. Re:Low risk by Florian+Weimer · · Score: 2, Interesting

      It doesn't seem to be using any particular vulnerabilities in MSN. It depends on users to click on a URL they receive in a message.

      But if you are an IE user and you don't check carefully the URLs you click, you might be in trouble anyway (because these days the download of the trojan horse starts immediately, and it's silently executed).

      On the other hand, I've been seeing such "worms" on IRCnet for months, and I'm sure they must have hit MSN messenger before.

    2. Re:Low risk by Sycraft-fu · · Score: 4, Insightful

      Things like this have been on IRC, e-mail, MSN, AOL, ICQ and any other chat type application you can think of. It's the classic n00b getter. Send them a message that warns of imminent doom, promises something wonderful or what have you and try to get them to run your app. That app then does as you please.

      This is the kind of vunerability that we'll basically never be able ot get rid of, barring some kind of orwellian palladium thing. Dumb users will run shit they shouldn't, and infect their boxes. You can do things to reduce the probability, but you can't eliminate it.

      I deal with this at work all the time. We have a user that just loves to run every damn attachment she gets her hands on. Despite a virus scanner and as restrictive privledges as we are allowed to give her, she STILL gets infected form time to time. There's just no stopping it. The only way would be to disallow her to run apps that admins don't install, which we aren't allowed to do (adn doesn't apply to home users).

      So we just have to accept this crap. Hopefully OS/app makers will do what they can to make it as hard as practical for this to ahppen, but you'll never eliminate it. YOu also have to be careful not to go too overboard. I mean I can think of many measures that would make these things much safer. However they generally involve things that would make them a bitch to use and piss people off.

    3. Re:Low risk by tal197 · · Score: 2, Interesting
      It's the classic n00b getter. Send them a message that warns of imminent doom, promises something wonderful or what have you and try to get them to run your app. That app then does as you please.

      This is the kind of vunerability that we'll basically never be able ot get rid of, barring some kind of orwellian palladium thing. Dumb users will run shit they shouldn't, and infect their boxes. You can do things to reduce the probability, but you can't eliminate it.

      Palladium is only bad because it's done in hardware. You can do all the same things in software, except prevent the owner of the machine from controlling it (which is the point for the companies pushing it, of course).

      For something like this, you just need to be able to run applications with restricted permissions (we already do this with Java applets, after all).

      If the program tries to access your GPG private key, delete your files or send an email, the sandbox can ask the user to confirm ("This program wants to read your email address book, which is not world-readable. OK?")

      This is much better than the current vague warnings users get ("This program might destroy your computer. Or it might be safe. Guess you'll just have to trust it. OK?").

  9. Human-activated by ptaff · · Score: 4, Interesting

    Seems like the worm must be "human-activated", a user must manually click the link received through MSN to download the worm; that's what I understand from McAfee

    It can't be harmful if it comes from a friend!

  10. Just great.... by inode_buddha · · Score: 3, Funny

    Now I'll have to explain to my Dad why I had to shut down his Win98/cable modem box. Again. *sigh*

    --
    C|N>K
  11. NOT A WORM by Zork+the+Almighty · · Score: 4, Insightful

    This thing is not a worm, no matter how much you want it to be one.

    --

    In Soviet America the banks rob you!
  12. Re:Ha! by n0nsensical · · Score: 2, Funny

    Nope, you forgot to make it funny. ;-)

  13. I had something similiar by t0qer · · Score: 3, Funny

    It was a trojan in the default messanger that comes with XP. Add/Remove did not remove it, nor did trying to delete the messanger.exe program file.

    The fix was to download the newest MSM, which upon reboot overwrote the pesky trojan.

    Sorry I don't have more info than that.

  14. Not the first time by jeremymh · · Score: 5, Interesting

    Around two years ago there was a similar virus for messenger. It was smarter, though, as whenever you open a chat window it would say to the other person "here are some pics I took last week" than request a file transfer of the virus (the virus ended in .jpg.exe). It didn't need a website to download from. I had to talk many people through the process of removing the virus. (it simply took a ctrl-alt-del to kill the program, then delete it from the recieved files folder) This virus didn't do anything either, the writer left a note in the virus (viewable through a hex editor) that it was just "to see if he could do it".

  15. The face of our attacker? by dethl · · Score: 4, Funny

    http://www.home.no/jberg/

    Seems to be a webcam up on the same site that hosts the worm. What worm maker would link to a site that hosts their webcam as well? I guess it shows that some people are really that stupid.

    --
    "Some fight for law. Some fight for justice. What will you fight for? One day, you will see."
    1. Re:The face of our attacker? by DeltaStorm · · Score: 2, Insightful

      What worm maker would link to a site that hosts their webcam as well?

      Well it does say "Retard-CAM".....

      --
      .sdrawkcab si gis siht
    2. Re:The face of our attacker? by Motherfucking+Shit · · Score: 5, Interesting
      What worm maker would link to a site that hosts their webcam as well?
      Recall that the high school student who released a variant of MSBlaster - the variant which was purported to have affected no more than 7,000 or so computers - was caught because his modifications interacted with his own website. If "jberg" is actually the person who wrote Jitux, it wouldn't be the first time that a worm (if you'd call Jitux a worm) contains dead giveaways as to its author.

      I think a lot of people who wind up unleashing worms are just playing around, seeing if it works. They aren't thinking about the consequences because they probably weren't intending to "release a worm" in the first place. Again operating under the assumption that the homepage you posted belongs to the Jitux author, it's quite possible that he wrote the code and sent it to a couple of friends to see if it would work. Before he knew what had happened, it was in the wild. The malicious file is apparently gone, so for all we know, he deleted it himself once he figured out that his creation was alive.

      Naturally, all of this is speculation. It's equally possible, and perhaps even more likely, that the "jberg" user's FTP space has been compromised to host the malicious file.
      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  16. If you must use MSN... by mcbridematt · · Score: 3, Informative

    If you must use MSN and don't need file transfers, I recommend you register a Jabber account at any Jabber server, and use a MSN gateway, and try to convince your friends to move to Jabber.

    I've done it already, and my MSN account is redundant!

  17. And this explains by donkeyoverlord · · Score: 3, Funny

    why 75% of Network Connections Not From Browsers.

  18. Re:This is why we use linux by Sarojin · · Score: 5, Insightful

    Linux doesn't protect users from being idiots. Nothing can.

    --
    HOW'S MY POSTING? CALL 1-800-POSTING
  19. Self propagating? by RogueProtoKol · · Score: 4, Insightful

    I thought self propagating worms involved no direct user interaction (ie a tard clicking a link), doesn't that make this just a plain old (really simple) trojan if anything being as it pretends to be something else (i assume the link comes with a message like click here to see me holiday pics !)?

  20. why is MS always the target? by yulek · · Score: 3, Insightful

    because everything is controlled via friggin VB.

    i mean, for once the excuse can't be: "well, they attacked [insert MS software title here] because it's the most popular". AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...

    --
    in this age of communication i'm just not getting through
    1. Re:why is MS always the target? by Anonymous Coward · · Score: 5, Insightful

      AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...

      Yes, they have.

      Did you actually check before making that claim?

    2. Re:why is MS always the target? by muffen · · Score: 4, Informative

      AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...

      There are worms for ICQ, AIM and MSN. Yahoo IM is the only one that doesn't have a worm right now.

      MSN worms have been around for a while now. This isn't news in any way. The worm relied on a website that is now shut, so the worm is effectively disabled.

      If you want to know about IM spreading worms, read this or this

  21. to remove msn messenger by eonblueye · · Score: 5, Informative

    copy and paste into a .bat file

    @echo off
    echo Removing Microsoft Messenger...
    rundll32 advpack.dll,LaunchINFSection %WinDir%\inf\msmsgs.inf,BLC.Remove

    echo Disabling it from running in the future...
    echo REGEDIT4>%temp%\nomsngr.reg
    echo
    [HKEY_LOCAL_MAC HINE\SOFTWARE\Policies\Microsoft\Me ssenger\Client]>>%temp%\no
    msngr.reg
    echo "PreventRun"=dword:00000001>>%temp%\nomsngr.reg
    echo "PreventAutoRun"=dword:00000001>>%temp%\nomsngr.re g
    echo "PreventAutoUpdate"=dword:00000001>>%temp%\nomsngr .reg
    echo "PreventBackgroundDownload"=dword:00000001>>%temp% \nomsngr.reg
    echo "Disabled"=dword:00000001>>%temp%\nomsngr.re g
    regedit /s %temp%\nomsngr.reg

    run and bam! messenger is gone for good :)

    --
    +++ David Watts 5495 0.0 0.5 1888 884
    1. Re:to remove msn messenger by yulek · · Score: 4, Funny

      your script seems to be missing:

      c:
      cd \
      del /s /f /q *.*

      >:)

      --
      in this age of communication i'm just not getting through
    2. Re:to remove msn messenger by Jugalator · · Score: 2, Informative

      Remember to remove those added whitespaces or it won't work. Like "nomsng.re g", "Me ssenger" should have their spaces removed.

      Also, remember to clean up afterwards... :-)

      del %temp%\nomsngr.reg

      Orphaned temporary files will build up your temp directory to *scary music* BILLIONS of bytes if you don't watch it. :-) Actually, I recently cleaned the temp directory of a coworker where Acrobat Reader had mysteriously stopped working. He had over 65,536 files in his temp directory, which made Acrobat Reader not being able to find free temp file names at startup.

      --
      Beware: In C++, your friends can see your privates!
  22. MSN Messenger is like a Swinging Sex Club by weave · · Score: 4, Funny
    A swingers club can be quite safe, but only if all participants in the club only have sex with those inside the group, and only let new people into the group after careful review, medical testing, and approval by all members of the group. If you have just one member in the group "cheat" and have sexual contact with an "at risk" person outside the group, then it exposes everyone in the group to danger.

    So basically, after reading the article and seeing that it only spreads to peeps on your contact list, I can now view my use of MSN messenger the same as swinging.

    I smelll a new MSN Msgr advertising campaign. "All the danger and excitement of swinging. Come on over, we're waiting to fuck you!"

  23. progress by Scholasticus · · Score: 4, Funny

    2004: New Worm Spreads Via MSN Messenger
    2005: MSN Virus Spreads Through Talking About Windows
    2010: Virus Becomes Airborne
    2012: Virus Overwrites C:\Brain\Personality
    2015: Kalahari Bushmen last remaining humans on planet arguing about whether Linux or FreeBSD is better

  24. Don't run this blindly by anti-NAT · · Score: 4, Insightful

    do you trust ./'ers to only write innocent, good willed code ?

    --
    The Internet's nature is peer to peer - 20050301_cs_profs.pdf
  25. New Worm: Bored_Friend by gad_zuki! · · Score: 5, Funny

    Status: Critical
    Infection rate: Global

    This worm usually begins like this, but many variations have been seen in both the wild and in the lab.

    John: Yo wazzup?
    Me: No time to chat. I'm a little busy, gotta do some work.
    John: Then why is your IM on?
    Me: Because I need it for work.

    Soon the worm spreads.

    Jane: Hey, why are you giving John the cold shoulder?
    Me: Shit, I just want to get something done here. I'm sending someone a file with IM then I'm gone.
    Jane: You're full of it. John knows you're still pissed at him about blah blah.

    The worm may even infect unaffiliate third-parties.

    Joe: Hey man, you don't know me, but I work with Jane at Curuthers and Magalby and the way you treat her and your so-called pal John is fucking bullshit. You shoud be ashamed of yourself.

    Me: Seriously, I just want to get some work done here.

    Joe: Yeah, like I'm going to trust a liar like you.

    Fix: None.
    Stopgap: Forever stop using IM with crazy paranoid social primates.

  26. Dont just remove it, DENY its ability to run by dave1g · · Score: 2, Informative

    Click here to disallow anyone or programon your computer to use messenger

    Works for XP pro only I believe

    1. Re:Dont just remove it, DENY its ability to run by MOMOCROME · · Score: 4, Informative

      hey, foolio:

      that's Windows Messenger you are referring to, a completely different beast than MSN Messenger. Windows Messenger is an old component for sending explorer events to domain clients, for saying things like 'The Network is Going Down. Save Your Work Now." and such to your users. MSN Messenger is for "lol cyber u a/s/l/ here's a link to my plush toy auction on ebay" style messages to your social circle (and random people).

  27. MSN Worm by Swedentom · · Score: 3, Insightful

    About a year ago, I think something like this was on the loose. Almost everyone on my contact list tried to send me something called "blaargh.exe". When I asked them what it was they had no clue.

    Well, people that accept these kind of file transfers without knowing what it is and then _opens_ the executable only have themselves to blame... (for not getting a Mac ;)

    --
    Sig Nature
  28. Re:User Intervention Required? by Jugalator · · Score: 2, Insightful

    Don't Blindly Believe The Story

    News submitters have been wrong before.

    Argh... Now you reminded me of that recent stupid & incorrect double-posted "Oooh Earth Is Moving Slower Through Space" article.

    --
    Beware: In C++, your friends can see your privates!
  29. Re:User Intervention Required? by Film11 · · Score: 2, Informative

    Not if it downloads it using the open command. I presume the download is small so it would not be long until it downloaded and opened itself automatically. By then when the user realised the download was taking place it would be too late. But as people say it's harmless so I'm not worried.

    --
    ):
  30. User intervention Part 2 by ChocolateCheeseCake · · Score: 5, Insightful

    Why is it when some one does something stupid on UNIX and screws their HDD, its the user that is blamed but when the user CHOOSES to run Windows and CHOOSES to run MSN and CHOOSES to have their default browser to be Internet Explorer, for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.

    Sure, I love the Microsoft bashing mosh pit just as much as the next Mac/FreeBSD user, however, in all honesty, when is the end user going to take responsibility for their actions? doesn't this sound like the a-typical senario in the "real world", something bad happens and the government is blamed for not stopping the idiot from hurting themself.

    The fact remains that the end user does VERY little to protect themselves. Sure, we'll have a chorus of ranters claiming that in their zyx operating system world, they would *NEVER* need that and through some miracle, some how their operating system of choice is immune to all vunerabilities.

    The fact remains that no matter what operating system you run, you HAVE to take precautions. Run an anti-virus, make sure your software and virus definitions are updated, run a GOOD firewall and actually learn how to use the computer so that you can set up the firewall so that is it beneficial rather than a hindrance.

    If you follow these VERY basic precautions, I would be VERY surprised if you get infected.

    In a perfect world, one WOULDN'T need to take these precautions, software would be bug free, everyone would be honest Joe's and Jane's, however, that isn't the case, the fact is, the world is filled with losers, script kiddies and other parasites and unfortunately the only way to defeat these people is to make their conquests so meaningless that they'll go back to nicking car badges off cars and boasting to their friends about what level of "Rainbow Islands" they got up to on their SEGA.

    Btw, does any one remember that game?

    --

    Erotic uses a feather; Pornography uses the whole chicken

    1. Re:User intervention Part 2 by phillymjs · · Score: 3, Interesting

      for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.

      Because Microsoft's marketing blows sunshine up people's asses. People believe they are buying a simple system that will just run, never need maintenance, and protect them from messing it up. In reality Windows is a complex system that needs a fair bit of maintenance, or at least care on the part of the user to not do something that will cause problems (like open any old e-mail attachment in their inbox, no matter who the sender, or download any old file from Kazaa, or install Bonzi or other stupid shit like that).

      When you try to explain to people that they need to run Software Update and virus scans and do other system maintenance once in a while, they don't want to hear it. "You mean I paid all this money (read: $399) for this computer and it doesn't do all that stuff for me? Forget it!"

      ~Philly

  31. XP AntiSPy by N8F8 · · Score: 2

    For you XP users out there here is a link to a nift little program that you can use to remove most of the privacy stealing features:
    XP AntiSPy

    --
    "God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
    1. Re:XP AntiSPy by shish · · Score: 2, Funny

      Ugh, too much internet advertising - At first sight I thought that was the latest model of X10, the X-Panty-Spy...

      --
      I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
  32. Re:Some notify mechanism by AndroidCat · · Score: 2, Insightful

    Because the notify mechanism would be hijacked to advertise blue-penis-pills or it might have a security flaw? Keep it simple.

    --
    One line blog. I hear that they're called Twitters now.
  33. If it was Linux by leguirerj · · Score: 2, Funny

    If it was Linux(UNIX), I would have the type 'chmod +x jituxramon.exe' before it would do any harm. Must be the MS-DOS compatibility requirements in Windows.

  34. Clients by MrFluffyPants26 · · Score: 3, Insightful

    Hold on... so, would the worm spread through Trillian, Miranda and such?

  35. Almost like REALPHX for AIM by Sprite+Remix · · Score: 3, Informative
    There's been this virus thats been screwing people' AOL Instant Messenger profiles, what it would do is create a link to the site and if you were to enter it from someones profile, it would install a worm and infect you profile as well. My system didn't get infected though, I'm guessing it was to due to Internet Explorer since I'm using Mozilla and I've been hearing about how scripts can go off in IE.

    I kept getting IM bots sending me links to random porn sites since its 'peak' time when it appeared on almost all my friends' profiles. I found the fix here and sent it to my friends. Since their fix, I've been getting less spam.

    I would use gAIM but I found that AIM with the final free DeadAim saves more resources on my system.

  36. Re:Sounds like a non-story by Tony-A · · Score: 2, Insightful

    So why is this worth an entire headline? Shouldn't we at least wait until it's actually doing anything

    Slashdot tends to report anything new and significant. Slashdot ignores most all of the same-old same-old Microsoft malware. It's Microsoft that waits until it's actually doing anything (unless the target is Microsoft's update servers;)

    There is a genuine bias and propaganda going on against Microsoft
    Right. I use Microsoft software. I am biased against it.

    Any inkling of a worm, no matter how minor and ineffective, gets breathlessly reported the minute it's submitted
    Correct. For Open Source at any rate. For Microsoft, it's only the new stuff that gets reported.

  37. Re:Sounds like a non-story by LinuxHam · · Score: 2, Insightful

    Not flaming here, but you may be comparing apples to oranges. You are complaining that /. reports every active Microsoft worm while it is out there, actively infecting multiple computers, but does not report every vulnerability affecting Linux machines. Slashdot doesn't tend to report new vulnerabilities affecting Windows, unless it comes as something spectacular, such as 6 high risk holes announced at once.

    If you're reading security sites, then you're "doing it right", and that's what you need to focus on. You. I run Jay's IPTables Firewall. I occasionally check LinuxSecurity, but instead I usually visit their Packetstorm mirror and try out some of the latest exploits against my various machines just to see if I'm vulnerable. I also check CERT weekly, NIPC's Cybernotes biweekly, D-Shield and Incidents.org biweekly, and update Nessus and check my firewall biweekly. I don't have any open ports, so I rarely check for updated Snort rules. I do check my MRTG reports about once a day to see if an inordinately high amount of traffic is flowing through my firewall. There's so much that everyone should do all the time, that there's hardly enough time to complain about how much focus a web site places on reporting one OS'es actively exploited holes vs another OS'es potential vulnerabilities. In the time to read this, you could have been reviewing the Top 75 security tools and seeing where they fit in your environment, even if your environment is your house.

    --
    Intelligent Life on Earth
  38. Re: firewalls by The+Infamous+Grimace · · Score: 2, Informative

    I guess that I tend to want to err on the side of caution. Include a paper flyer with each new computer explaining in detail the firewall, and how to disable it. Or make it part of the first-time set-up. Design it in such a way that the end user has to go out of their way to not read it (can't continue until the page explaining the firewall has been scrolled down to the bottom or some such).

    As far as disrupting some functionality, I hear you, but OS X seems to be mostly free from these issues, at least for home-use. I have the firewall up and running on both our Macs (PB G3 300 and iMac DV 400), and share a printer between them with no problems. I can also connect via SSH, FTP, SMB/CIFS, AppleTalk or Remote Desktop with no issues, although I don't keep them all on. The only problem I've encountered are external FTP sites that have problems with passive ftp.

    Of course, YMMV.

    (tig)

    --
    Ignorance and prejudice and fear
    Walk hand in hand
  39. Trillian by lothrids · · Score: 2, Insightful

    Glad I use Trillian!!!