Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Malware Attacks Malware

Posted by kdawson on from the internecine dept.

PetManimal writes "Researchers say that the Storm Trojan/Peacomm worm has been tweaked to spread via IM programs and attack rival malware. Symantec sounded the alarm, and says that the exploit launches in AOL, Google Talk, and Yahoo Messenger windows that are already open, making it appear to be a legitimate message from a known user. The worm has modified the code from last year's Nuwar worm, and when activated, enables a DDoS attack against any site, including antispam services and servers supporting rival malware: 'Systems hijacked by Peacomm have also conducted DDoS attacks against at least five domains used by the creators of the noted Warezov (or Stration) worm. After a busy September and October, Warezov was credited by some analysts as the genesis of 2006's massive fourth-quarter spike in spam volume.'"

1 of 135 comments (clear)

  1. Re:If they'd just fix each other... by kabocox · · Score: 5, Informative

    I've found somethings that you asked for, but not all. I did don't know how to string them all together. ClamWin, and SpyBot, both say that they'll run from a bootCD. I didn't find any easy to follow admin install instructions for them. Mainly everything else is some reg files. I didn't find anything on keyboard or mouse ports of earlier versions of windows. I also didn't find anything about how to shock users. In the spirit of open sourceness, I expect someone else to actually do the real work of building a self installing zip file of ClamWin & Spybot, setting your fav. reg. settings, and having all of them autorun after a shutdown -r. I know that "it should possible." I don't know enough windows scripting in order to do it.

    net stop wuauserv

    Start -> Run -> gpedit.msc -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Re-prompt for restart with scheduled installations. They hid it well but it's there :^)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi ndows\WindowsUpdate\AU]
    "RebootRelaunchTimeoutEnabled"=dword:00000000
    "NoAutoRebootWithLoggedOnUsers"=dword:00000001

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer
    NoDevMgrUpdate value to 0

    HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ WindowsFirewall

    Set these to "not configured"
    * Windows Firewall: Protect all network connections
    * Windows Firewall: Do not allow exceptions
    * Windows Firewall: Define program exceptions
    * Windows Firewall: Allow local program exceptions
    * Windows Firewall: Allow remote administration exception
    * Windows Firewall: Allow file and printer sharing exception
    * Windows Firewall: Allow ICMP exceptions
    * Windows Firewall: Allow Remote Desktop exception
    * Windows Firewall: Allow UPnP framework exception
    * Windows Firewall: Prohibit notifications
    * Windows Firewall: Allow logging
    * Windows Firewall: Prohibit unicast response to multicast or broadcast requests
    * Windows Firewall: Define port exceptions
    * Windows Firewall: Allow local port exceptions

    http://sourceforge.net/docman/display_doc.php?doci d=28367&group_id=105508

    Preparation

    Start by installing the latest version of ClamWin, and download the latest virus definitions. See the ClamWin manual for full details on how to do this. Note that, if you are going to create a CD, you will not be able to update the virus definitions without creating a new CD, since a CD is read-only.
    Copy Folders

    Create a working folder in a convenient location to hold the files that are to be copied onto CD/USB, eg C:\ClamWin-CD.
    In the working folder, create a folder named ClamWin.
    Copy the contents of the ClamWin program folder into C:\ClamWin-CD\ClamWin. By default, the ClamWin program folder is installed to C:\Program Files\ClamWin
    Create folders named log, db and quara