Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Dasher" Worm Brings Christmas Keylogger

Posted by CowboyNeal on from the sneaking-in-through-the-chimney dept.

An anonymous reader writes "A worm called 'Dasher' is exploiting a flaw in Windows that Microsoft issued a patch for in October, dropping keyloggers on infected machines, according to F-Secure. The SANS Internet Storm Center warned earlier this week about the weird traffic generated by the first version of this worm, which apparently was crippled by programming errors. Washingtonpost.com has some information that indicates the worm appears to have originated in China. It appears from the Microsoft advisory that Dasher is a threat mainly to Windows 2000 users, although it could impact Windows Server 2003 and Windows XP users who aren't running SP2." Update: 12/17 17:20 GMT by Z : Fixed link to SANS center.

8 of 114 comments (clear)

  1. It could always be worse... by Ruff_ilb · · Score: 3, Insightful

    Most of the desktops that I know that run Win2k are run by schools, universities, etc. I haven't seen someone's PC running win2k yet. Also, these desktops (the ones run by schools, at the library, etc) are usually either (A) very secure or (B) no one expects them to be secure. So this could be worse, I think.

    This could be a major problem if it infected SP2 computers.

    --
    http://www.TheGamerNation.com/Forums
  2. Re:Impractical amount of data? by tpgp · · Score: 2, Insightful

    Wouldn't sifting through data from potentially hundreds of thousands of machines (for popular viruses/worms) be difficult-to-impossible? Or maybe there's a way to determine which account are, e.g. admins on large IRC servers or otherwise useful.

    I think it would be trivial to write a script to go through the data looking for email addresses & credit card / bank account details.

    I'm sure thats what the author is after....

    --
    My pics.
  3. Another Scam? by nurb432 · · Score: 1, Insightful

    Just another scam to 'prove' you need to pony up the cash and upgrade?

    --
    ---- Booth was a patriot ----
  4. Of course... by Skiron · · Score: 2, Insightful

    ... the big question is why haven't people patched?

    Well I will tell you. They don't as Microsoft NEVER EVER release just a `fix' patch. It is bundled with other patches that break lots of things. So people either:

    a) Can't as it fubars their system.

    or

    b) Too scared what it breaks. [I still get very nervy at work when applying these patches to servers - you never know - nor guarantee - if it will ever come back up again or just get BSOD.]

    It is about time MS started to just issue a patch to fix ONE of their flaws instead of loading it with other `upgrades' the users doesn't want or need - or even just do 'one at a time'.

  5. What am I missing? by lip_spork · · Score: 2, Insightful

    The worm posts data collected to a specific server. Isn't that kind of evidence that could be used to determine who's responsible for it?

  6. Re:My answer to Key loggers by JackDW · · Score: 2, Insightful
    vi is the only surviving editor that has a protocol instead of a user interface. The datastream moving from your brain to the file on disk is about as compressed as it can be. All the commands are minimalist (most are single-key), you never need to use the mouse, there's built-in regex support... No wonder programmers like it: the editor doesn't require you to switch context.

    Unfortunately the datastream produced by vi is very easy to examine - just pipe it into another copy of vi, and there you go. Easier than examining the keystrokes of someone typing in a lesser editor, anyway, as their editing will be punctuated by mouse-clicks and menu events, making analysis tricky.

    Fortunately, if you're able to use vi, you are perfectly able to (a) patch your OS, or (b) use a sensible OS, or (c) both, so who cares?

    --
    You're an immobile computer, remember?
  7. Re:Impractical amount of data? by toadlife · · Score: 2, Insightful

    "The more people use it, the better it gets?" I don't get that train of thought. There are only so many people that can hack on Linux code, and most vulnerabilities in any platform are completely unrelated to the kernel anyway. If a bunch of ignorant people used Linux, it seems to me it would only make Linux what Windows is today - a platform with a huge bullseye on it.

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
  8. Re:Impractical amount of data? by iccaros · · Score: 1, Insightful

    Hmm. While I have to agree, that it would be easy to write, getting it installed is another matter. While you could make the package, the clueless who would just install anything will not use the command line, will not know how to install anything no in the package manager, (is that not why Linux is so hard.. to hard to install software;) so it would have to be included in the stable branch of what ever distribution (ubuntu, suse, mandrake), Fat chance on that.. or walk a person through the process to add your site to their package manager with .. probably not happening.. Stupid people fear the Command line.. as these users use Synaptic instead of apt. So what user could install this source, a knowledgeable user maybe? But not a new unknowing user.. now the better point.. this worm is not installed in windows , by the user, it seeks out random address and installs its self on unprotected systems, this could not happen on a *nix system, unless the person was running as root, on the Internet, reading email, randomly clicks ok to a package manager (even if they are not running it), or misses the big slowdown as software is compiled. So While you could make a keylogger for Linux... it would be really hard to get anyone to install it... even if it did say it could grab porn from the net.. too may steps for most to bother ..