Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Worm Installs Sniffer

Posted by CmdrTaco on from the hope-you're-using-ssl-for-everything dept.

fmorgan writes "Netcraft just posted a note saying that a new worm installs a network sniffer in the infected computers." When I read these things it kind of makes me wonder why it took this long. Update: 09/13 22:47 GMT by T : More innovation: Ant writes "The Register has a story about a piece of malware that 'talks' to victims. The Amus email worm uses Windows Speech Engine (which is built-in to Windows XP) to deliver a curious message to infected users. The message reads: "How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule." ("Gule. Gule" is Turkish for "Bye. Bye". "Hamsi" is a small fish, like an anchovy, found in the Black Sea). F-Secure has a copy of the sound file generated by the message."

14 of 491 comments (clear)

  1. Non-malicious worms by MisterP · · Score: 4, Insightful

    "When I read these things it kind of makes me wonder why it took this long."

    I often wonder the same thing. With all the different worms that infect unpatced Windows machines, why hasn't someone wrote one that effectively deletes everything on the machine just short of rendering itself unable to propogate?

  2. Scary by StevenHenderson · · Score: 3, Insightful

    Personally, I find this scary as shit. I think virii like this are going to be the reasons to compel a lot of middle-ability users to switch to Linux. Hell, I might cast off Windows now once and for all...

    1. Re:Scary by DogDude · · Score: 3, Insightful

      Personally, I find this scary as shit. I think virii like this are going to be the reasons to compel a lot of middle-ability users to switch to Linux.

      The only thing that Linux has got going for itself right now is security through obscurity. If Linux ever becomes popular as a desktop platform, I'm willing to bet my life that we'll start seeing worms targeting it, too.

      --
      I don't respond to AC's.
    2. Re:Scary by Greyfox · · Score: 3, Insightful
      Yeah, but the average user doesn't care about security. If they did, they'd have actually run Windows update and patched their systems against the vulnerabilities that this worm exploits. Same said users would move over to Linux, never patch their systems and have their systems taken over the next time a remote exploit is found.

      In fact, the average user either got a copy of Windows with their computer and never upgraded it, or they pirated a version of Windows and are not able to download updates. They always say the same thing too. "Oh, I'm just one computer out on the net! They'd never notice my computer out there!"

      That's why I think Internet usage should require a license. If you connect to it without knowing what you're doing, you're putting everyone in danger. Potentially at least as much danger as broadcasting on a ham radio without knowing what you're doing.

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  3. Re:How much longer? by einhverfr · · Score: 3, Insightful

    I think it took this long because it took this long for viruses to become a tool of organized computer crime. Stay tuned for more.....

    --

    LedgerSMB: Open source Accounting/ERP
  4. the bad one by Clover_Kicker · · Score: 5, Insightful

    I'm waiting for a virus that greps all your documents for each name in your address book.

    If a document contains a person's name, email it to them.

    I can see it now, salary spreadsheets and confidential memos flying around to the very people who are not allowed to see them...

  5. As usual these useless virus alerts lack info. by zaqattack911 · · Score: 5, Insightful

    How does it Normally spread?
    What windows vulnerabilities is it using?
    is it an email attachment? what is the attachement called .. or its variants??

    For christ sake...

    Love, Zaq

  6. Why did it take this long? by rjamestaylor · · Score: 5, Insightful

    Perhaps it took this long because the bad guys were busy installing keystroke recorders so that they could defeat encrypted network traffic. Also, switched networks help keep the impact of the sniffing to the infected computer -- unless the network terminates at an infected computer -- thus making this less as threat to large organization using 100% switched networks...

    --
    -- @rjamestaylor on Ello
  7. Re:What if someone made a worm that just........ by still_sick · · Score: 4, Insightful

    ......ran windows update on all infected machines? Would people get pissed?

    Would people get pissed? HELL YES.

    I recall one particularly annoying weekend when my computer DVD player stopped working. Something screwed up or something - whatever it was, the damn video was not being decoded properly.

    Tried everything I could think of. New Drive, New Drivers, endless newsgroup searching, blah blah blah to no avail.

    Then it occured to me that between the time that my DVD player last worked and then did not, I had installed Win2k SP4.

    So just as a test I went and uninstalled the bastard, everything worked FINE after that - with the original HW/SW configuration.

    So now I'm not installing SP4 because it BREAKS MY SYSTEM - not because I'm unaware of it, or too stupid to install it.

    I don't need nor want some dumbass "I'm smarter than you, and doing this for your own good" 1337 prick trying to install SP4 for me.

    --
    ...Also, I didn't know Buggalo could fly.
  8. Re:One reason I quit fixing Windows by selderrr · · Score: 3, Insightful

    Personally, no OS is secure. Period.

    Your argument against OSX hold against linux/BSD/whatever open source OS. As soon as the number of users reaches critical mass, it becomes "profitable" for virus writes. More so as zombie macines are being used as bulk mailers. And you can bet the farm that in a few years, those zombies will be used for much more stuff than simple spamming. How about al-qaeda brute-forcing entry to a big bank by using 100.000 PCs to crack the password, and then simply start transfering tiny amounts of cash around. It would take days before someone noticed, and by then practically impossible to restore from backup.

    IMHO, the real evil on the net still has to rise. The virii and script kddies you see today are just the scouts of the first reconaissance divisions of the army of the black lord.

    --
    When will I end this grieving ? When will my future begin ?
  9. Re:Encrypt! by Anonymous Coward · · Score: 3, Insightful

    Yes, if you're running Windows you can get infected with this or any of the myriad other worms, some of which install keyloggers. The unique thing about this is that it installs a NETWORK SNIFFER and not a keylogger on the box, meaning that other machines on the same network can get "sniffed" even if they're not infected.

    The upshot is that all of those people who normally ignore virus alerts because they run Linux [Slashdot audience] need to confirm they encrypt everything and then go about ignoring these alerts again. ...either that or convert that one last "compatibility" machine from Windows to Linux.

  10. Re:What if someone made a worm that just........ by mikeg22 · · Score: 3, Insightful
    I don't need nor want some dumbass "I'm smarter than you, and doing this for your own good" 1337 prick trying to install SP4 for me
    A worm like this would only be able to get into computers that are unprotected, so assuming you're a security concious fellow, you wouldn't have to worry about it. Now, if your computer was vulnerable, wouldn't it be better that your computer gets patched (and possibly screws up your dvd player) than having an unprotected machine waiting to get hosed by some hacker?

    I'm actually sypathetic to the belief that a vulnerable computer connected to the internet is a hazard to the internet as a whole, as it can easily become a DDOS/Spam zombie, and therefore somebody is in the right to patch the hole, through nefarious means if necessary.
  11. Re:A few points by Guido+von+Guido · · Score: 3, Insightful
    I have a friend who just got her M.A. My advice to her was to print her thesis (or the new portions of it) at least once a week until she was done with it.

    Yeah, it would have been hell to type it all over again, but it would have beat having to rewrite it from scratch.

  12. Re:Beating keystroke loggers by anti-trojan · · Score: 4, Insightful

    Once you know the characters that the password consists of, the possible combinations are very limited. You can try every combination in a few seconds.

    --
    Virus infects both Windows and Linux!