Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Worm Installs Sniffer

Posted by CmdrTaco on from the hope-you're-using-ssl-for-everything dept.

fmorgan writes "Netcraft just posted a note saying that a new worm installs a network sniffer in the infected computers." When I read these things it kind of makes me wonder why it took this long. Update: 09/13 22:47 GMT by T : More innovation: Ant writes "The Register has a story about a piece of malware that 'talks' to victims. The Amus email worm uses Windows Speech Engine (which is built-in to Windows XP) to deliver a curious message to infected users. The message reads: "How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule." ("Gule. Gule" is Turkish for "Bye. Bye". "Hamsi" is a small fish, like an anchovy, found in the Black Sea). F-Secure has a copy of the sound file generated by the message."

38 of 491 comments (clear)

  1. If only the worm installed a Swiffer by Anonymous Coward · · Score: 5, Funny

    Then dust free computers for all!

    1. Re:If only the worm installed a Swiffer by davidsyes · · Score: 2, Funny

      Is it "Amus" e-mail or "Anus" e-mail worm. Give a whole new flexible dimension to being rooted, cracked, backdoored, sniffed, packeted...

      Back orifice is trying hard to live up to it's namesake, or is windoze trying hard to reciprocate (that *9 number) with back orifice?

      David Syes

      --
      Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
  2. Oh no by antifoidulus · · Score: 3, Funny

    my password to asianthumbs.org may have been jepeordized!
    Oh no, I have said too much!
    Damn you autopr0n, why, why did you have to die!!!

    --
    Monstar L
    1. Re:Oh no by IthnkImParanoid · · Score: 3, Funny

      Finally! I've been looking everywhere for a thumbs-fetish site!

      Thank you antifoidulus! I no longer feel so alone!

      --
      It's nothing but crumpled porno and Ayn Rand.
  3. Easily avoided by Anonymous Coward · · Score: 3, Funny

    .. if your network smells bad.

  4. Is it just me.... by grolschie · · Score: 4, Funny

    ...or does the term "packet sniffer" remind anyone of someones pet dog?

    1. Re:Is it just me.... by Oxy+the+moron · · Score: 5, Funny

      I believe that would be "package sniffer" if I'm not mistaken. ;)

      --

      Proudly supporting the Libertarian Party.

  5. Hackers Vs RIAA by Skedoozy · · Score: 3, Funny

    We need someone to go after these people with the intensity that the RIAA goes after 13 year old girls who don't want to pay for Hoobastank songs. If only the hackers would start going after people like the RIAA instead of trying to screw the everyday person out of their information so they can buy more mods for their Xbox. Then we could air it on MTV as Celebrity Geek Match!

  6. I don't know about you.... by soulsteal · · Score: 4, Funny

    ..but I, for one, don't care about our network-sniffing overlords.

    1. Re:I don't know about you.... by soulsteal · · Score: 2, Funny

      Me neither.

  7. I installed my sniffer on a computer once... by rwven · · Score: 4, Funny

    ...Afterwards it took me over an hour to unscrew the side of my case to get my nose out...

  8. Re:More technical details by terraformer · · Score: 2, Funny
    But notice that they report that the worm as not in the wild. So... where is it? Did they get a prerelease?
    At least the crackers won't be getting a vaporware award this year. How long have people been waiting for DNF??? Maybe 3dRealms can hire some of these coders and put them to marginally better use...
    --
    Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
  9. Re:More technical details by baadfood · · Score: 4, Funny

    Duh! They made it themselves of course!

  10. Passwords!?! by vijaya_chandra · · Score: 2, Funny

    The article says

    "This in turn enables the attacker to capture unencrypted usernames and passwords, which can be used to compromise additional machines on the network. "

    What would one gain looking at unencrypted passwords!?!
    They would anyway be strings of *s only. right!?!?

    Or can someone look through these *s as they look through the matrix code!!

  11. oh no by teamhasnoi · · Score: 3, Funny
    Please don't forward this link to any virus authors!

    We could all be doooooooomed!

  12. Need one that does some damage by bdigit · · Score: 5, Funny

    Dear Worm Writers,

    Please create a worm that will actually destroy the users harddrive that way at work when they call up I can tell them its a hardware problem and we do not support that. Also it will teach everyone a valuable lesson in running windows update and enabling their firewalls.

    Thank you
    Student worker @ University Helpdesk

    1. Re:Need one that does some damage by Dr.Dubious+DDQ · · Score: 3, Funny

      Heck, I'm still waiting for the one that uses the infected PC's existing saved emails to attach itself to and forward itself with. It'll be "funny" when major corporate executives start having their private, confidential, Microsoft(r) Outlook(tm) corporate emails spewed out to random people on the internet along with the virus...corporate budget planning emails, deal negotiations...it's all there...

      --
      Hacker Public Radio is our Friend
  13. Re:A few points by ricotest · · Score: 5, Funny

    As soon as your comment was posted, a dozen hackers got to work on a virus that does exactly what you describe. Thanks for helping fuck up my reports, asshole.

  14. A sniffer would still be helpful... by raehl · · Score: 4, Funny

    Especially if it gives warning messages, like:

    "It is time to empty the litter box."

    or

    "Please do your laundry."

    or

    "Are you really sure you want to eat that leftover pizza?"

    or

    "For the love of god, please try deodorant. Any deodorant."

    Of course, there are also downsides, like your stash of coke always vanishing.

    --
    paintball
    1. Re:A sniffer would still be helpful... by YetAnotherDave · · Score: 4, Funny

      >> "For the love of god, please try deodorant. Any deodorant."

      we could use this one at my work... :(

    2. Re:A sniffer would still be helpful... by 0racle · · Score: 2, Funny

      net send ....
      The tools are there, use them.

      --
      "I use a Mac because I'm just better than you are."
  15. Re:A few points by randomiam · · Score: 4, Funny
    "inusable"?

    That's unpossible, isn't it?

  16. Re:A machine on one of our networks.... by ESqVIP · · Score: 1, Funny

    Looks like you've found where the author was working on it!

  17. Re:Worms are just like any other software by evn · · Score: 3, Funny

    drip-drip-drip method of torture

    So all I have to do is wait a couple more years! Then I will buy a naked machine, connect it to the internet, and in minutes a full OS will be installed by a worm! The best part is that it will probably be more up to date than the Windows machines spreading this garbage.

    Maybe I should patch emacs to propagate itself and get the jump on the script kiddies ;)

  18. Re:Scary by archivis · · Score: 2, Funny

    Make up a word, if in your using it you transfer the idea you wanted to convey...congratulations!

    You just participated in a living language. Screw the pedants and their rules.

    --
    In July O7, I got a mac pro. There's no punchline. Just endless joy and wonder.
  19. Introducing MS Virus COM by krbvroc1 · · Score: 2, Funny

    We need a MS platform for interoperable virii. What if a machine is infected with multiple competing virii - there needs to be a middleware to arbitrate the flood requests, the MAPI calls, and the registry accesses. And what if the virii authors try to use the same registry locations to get their exploits to run at bootup.

    I think a new Virus API - VAPI32 is required. Maybe introduced into the .IOWNYOUR.NET technologies.

  20. Re:Scary by TiggertheMad · · Score: 2, Funny

    Yeah it's flonrky and sometimes kjimpul to mnaku the skroojules for all the walliwallis in the tumbputu.

    Don't you agree?

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
  21. "This worm uses carnivore network..." by Anonymous Coward · · Score: 1, Funny

    ...and counts how many times you type the word "Playboy", "Osama", and sends the info off to the illuminated ones.

    Haven't they had this for a few years now?

  22. Request for virus writers: by Anonymous Coward · · Score: 0, Funny

    I'm still waiting for a worm that installs Linux on the infected computer.

    Propogation:
    Scan random IP addresses, use multiple Windows exploits, etc. This part has been done a thousand times before, no need to reinvent the wheel.

    Payload:
    1. The worm itself
    2. Grub for Dos
    3. The contents of a network install disk

    Behavior:
    1. Upon infection, the worm will install Grub for Dos, and copy the contents of the network boot disk into c:\boot, but will not modify the boot.ini file.
    2. The worm process will run in the background, and attempt to propogate itself.
    3. At a predefined interval, the worm will pop up a window that says: "Your computer has been infected by the so-and-so worm. To install Linux and prevent this from ever happening again, click OK." (This worm should be socially responsible. We don't want to force Linux on the masses, just gently persuade them using Windows lack of security as a tool.)
    4. Continue to propogate as long as the user clicks "Cancel".
    5. When the user clicks "OK":
    5a. ping a mirror list to find the fastest mirror
    5b. write a kickstart to the boot directory to use that mirror.
    5c. modify the boot.ini file to boot Grub.
    5d. reboot the machine, and it shall be cleansed!

  23. Re:yep! by MarsDefenseMinister · · Score: 1, Funny

    It's virusen, not virii.

    --
    No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
  24. Request for virus writers: by daemonc · · Score: 2, Funny

    I'm still waiting for a worm that installs Linux on the infected computer.

    Propogation:
    Scan random IP addresses, use multiple Windows exploits, etc. This part has been done a thousand times before, no need to reinvent the wheel.

    Payload:
    1. The worm itself
    2. Grub for Dos
    3. The contents of a network install disk

    Behavior:
    1. Upon infection, the worm will install Grub for Dos, and copy the contents of the network boot disk into c:\boot, but will not modify the boot.ini file.
    2. The worm process will run in the background, and attempt to propogate itself.
    3. At a predefined interval, the worm will pop up a window that says: "Your computer has been infected by the so-and-so worm. To install Linux and prevent this from ever happening again, click OK." (This worm should be socially responsible. We don't want to force Linux on the masses, just gently persuade them using Windows lack of security as a tool.)
    4. Continue to propogate as long as the user clicks "Cancel".
    5. When the user clicks "OK":
    5a. ping a mirror list to find the fastest mirror
    5b. write a kickstart to the boot directory to use that mirror.
    5c. modify the boot.ini file to boot Grub.
    5d. Reboot the machine, and it shall be cleansed!

    --
    All that we see or seem is but a dream within a dream.
  25. Re:A few points by EngMedic · · Score: 4, Funny

    I still think the best (worst?) virus would delete one card at random from solitare....

    --
    filter: +3. Hey, look! all the trolls went away!
  26. Re:A machine on one of our networks.... by Mathness · · Score: 3, Funny

    I think I must have got hit by an early-adopter version.

    *envy*

    You got selected to be a beta tester of a virus! That is so 1337 man :)

    --
    Carbon based humanoid in training.
  27. Re:More technical details by Anonymous Coward · · Score: 1, Funny

    What is a virii? Is that like a fuckuu?

  28. Re:Beating keystroke loggers by xedx · · Score: 2, Funny

    "I don't think there's a keystroke logger that is able to work out where you clicked in the password entry box."
    I'm sure keylogger/virus writers are scrambling to add that particular feature after reading your very informative comment. thanks

  29. The Lobotomy Virus! by Mulletproof · · Score: 3, Funny

    "How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule." ("Gule. Gule" is Turkish for "Bye. Bye"

    AMAZING. The first virus that has the capacity to destroy not only the victim's computer, but his BRAIN as well. I swear, these guys need to start hiring professional comedians to do their dirty work, or we're all screwed.

    --
    You need a FREE iPod Nano
  30. Re:More technical details by rkrabath · · Score: 2, Funny

    EVERY ONE GET THEIR FREE COPY OF SP2!!!!


    Do your part to bleed the evil empire dry!

    --
    Who do I have to blackmail to get some representation around here!?!?!?!?
  31. Re:yep! by parnasus · · Score: 2, Funny
    it's a Wonder of the World

    And a nice one at that. +1 Happiness in every city, IIRC! :)

    --
    --If you code for the exceptions, the rules fall into place