It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Windows worm hits 8.9 million PCs in past week

page: 4
2
<< 1  2  3   >>

log in

join
share:

posted on Jan, 18 2009 @ 04:46 PM
link   
Agreed, Funky Monk,

I serve a small community with IT skills and every time I find a slowed-down PC that is not infected, it's because Norton AV is running on it.

I have seen the IT industry grow from university use to home use, and the advent of the PC, From PC AT's onwards.

I remember a colleague telling me, in about 1983, about a Computer Science programming exercise which was to "Produce a program, that with the smallest amount of bytes, was able to reproduce itself".

Thus the birth of the computer virus.

So it is something that has always been with us, even though it may have seemed like a new phenomenon.

Norton was there in the early days, when we first used dial-up and ISDN, emails would be scanned by his (then) free antivirus solution.

It worked well, and the corporations who relied on it paid for everyone else's free service.

But then Norton started charges and registration, and things went downhill, as the downloads got more and more bloated, and we have arrived at the state we are in today, where running Norton AV is more of a pain than having a virus. Costing you money to slow your performance.

Fortunately there are geniuses all over the world who have good intentions (despite media hype that humans are rotten to the core), who every so often produce the new security solution, develop free solutions so we can all be safe for free. Currently AVG do a very reasonable AVG, which I recommend to my users, along with SuperAntiSpyWare to clean the rest.

I use windows because (nearly) every user I serve has a windows PC. I have 2 old macs, which are used to make music on. they are superb. I have crashed the macs on occasion, and I crash my windows pc often.

I think M$ have failed us with Vista, I have a high-end (when I bought it 18 months ago) Acer Laptop running Vista, and it is turgid and sluggish. not like the sprightly XP model that my girlfriend bought a couple of months earlier, though my spec should be far superior.

So I am disappointed with Bill Gates, Peter Norton and all those other teams that no longer care about US! The people who have contributed to their happy lifestyles. I guess thats why there is a war with "Hackers" or whoever it is that writes viruses for fun or profit. Perhaps they too are disappointed with M$ or Norton, and so vent their anger by poking holes in their armour.

I imagine there is sufficient hatred-to-code translation going on around the planet to create enough malware that AV companies need not pay anyone to write a virus so it can make more profit. Just in the fact of profit is enough to create a lot of resentment in people.

I don't know if there is a solution, but perhaps a low-cost, easily installed OS for basic use, DTP etc, that was available for most computers would be going part of the way. Over-complexity might not be the way forward. What about the $100 computer's OS?

But then you can't please everybody, all of the time...




posted on Jan, 18 2009 @ 06:05 PM
link   
reply to post by deadline527
 


wow... so basically it is just a self-replicating port hijacker? No damage? My crappiest IRC nukes did more than that (but they don't self-replicate... as far as I know that is the only difference between nuke and virus). I had a neat nuke that would do a complete port block... maybe wrong terminology, but basically it would scan and hijack all ports and lock the Win95/98 in from the outside world. My nastiest one would actually fill the local hard drive with useless data to the point that it couldn't be recovered (did recover one with a speaker magnet... think it was pure luck though).

deadline
what are the implications of leaving this virus on a system, besides that it replicates? Say I have an infected system and I'm not connected to anything but the AC outlet, does this worm just hog resources? Are there any telltale signs of it's presence besides a hijacked port? And, do you know the implications if, hypothetically, every windows system was infectedf in the world? System crash?

Has anyone with the know-how looked at the code? any ATS members... obviously SOMEONE has looked at the code, just not sure if someone from here has examined it. I'm not saying you are incompetent in any way, nor do I want to imply that, but you (deadline) said you've known about this for awhile... are you sure it's the same code? Is there a possibility that this could be an updated version of the one you knew about? Honestly, I wouldn't ask if I knew for myself.



posted on Jan, 18 2009 @ 09:59 PM
link   
reply to post by deadline527
 


Hi deadline, thats a very good post with quite an insight. I remember when I was working my regular nights around the time of 2003 I believe it was when we were saturated with calls on the Blaster and Sasser including varients, I was going home with a sore throat every day in the early hours of the morning. That was no fun and from what I remember it didnt do much damage other than comprimise the RPC service and the system would restart with a countdown between 60-30 seconds depending on the specific threat.

the Shutdown -a option was the quick solution (though didnt always work succesfully on some of the later sasser varients) to the problem but as I remember it though and as I recall majority of users were happily browsing the net at the time without a firewall. Looking back it certainly did the vast majority of users a favour and remind them of the importance of the Firewall.

As I recall several of the manufacturers we were supporting were at the time of pre-service pack 1 with windows xp so the trojan could indirectly cause the "Unmountable Boot volume" error on some of the systems, so because of lack of support provided by the OEM manufacturers (regarding repair) the users were left with nothing else to do but to re-install windows. That song "Screamer" sprung to mind quite often (. I have to say I became quite good at re-directing anger away from myself and aiming it in microsofts general direction. (I wasnt always allowed to point the blame in the general direction of the OEM manufacturs specially as they were paying our wages but that really depended on how subtle I could be)

It makes you wonder really that the person that wrote the virus like you said could have really done some damage but as it appears has not (to date) other than drawing attention to another weakness in the operating system.

Just have to see where it goes from here.

Morgs



posted on Jan, 18 2009 @ 09:59 PM
link   
Windows from the start sets you up as admin. Linux does not. You need to type in a password to install things in Linux. Windows can be set up something like this, but a normal user may be unaware of how to do this. So, Windows users are already set up to get messed up from the beginning.

I like Linux because of the simplicity. You will not get in trouble if you use the disk on another computer. No licensing problems with disks.

I think Macs are great, but the price makes them a little hard to get for some folks. From my limited experience, the OS is solid. They run and run. Not many problems with viruses.

For a usable and cheap, secure computer, go with Linux. If you have to have Windows for some things just set up a dual boot with Linux and Windows. Linux is more secure for an internet surfer OS.

Linux can allow you to use e-mail, play games, surf the web, create games (Blender and others), edit photos and create graphics (GIMP), play music, play videos, do word processing, and learn, all for the price of $0. Although, it is a good thing to donate, whether it be with time or money, when you can. People do devote a lot of time to the development of Linux.

Crossover Linux, and Crossover Mac may help simplify things if you want to use Windows software on Linux or Mac. Of course there is also using just WINE, which Crossover uses. www.codeweavers.com...

As far as the virus world. For Windows, I find AVG Free in combination with Malwarebytes Anti Spyware to be good.

If you find your computer to be inoperable because of a virus, you may also scan the drive as an external drive on another machine, through a USB adapter. The virus, to my knowledge, cannot become active in this way. Of course there comes a point, though, sometimes it may not be worth the time of trying to fix the OS, because it may be quicker, and produce a better result if you just back up your data and reformat. It depends on how messed up the system is. You might spend hours trying to repair a compromised system, and still have a system that doesn't function properly, and maybe even more vulnerable to attacks.

Troy



posted on Jan, 18 2009 @ 10:17 PM
link   
reply to post by Earthscum
 


I have not looked at the code for the worm but have seen the code for the exploit that its using to get into the systems in the first place. Once its in, its only my best guess as to what its doing. It seems to me though that it hasn't really been causing many problems, just spreading itself. If it was doing anything much more malicious it would have been noticed by the general population a long time ago. The security vulnerability has been around for quite a while. I first got a hold of some zero day code in September, and it was released to the public in late October.

Im sure I can get the source for the worm, and if you want it just let me know. I usually dont have much interest in viruses, worms, and the like but only noticed this one due to its method of replication.

Found a little about the worm by the way, does a bit more then I expected, which makes sense because someone who goes through the trouble of coding a worm isn't going to do it for no reason. Here you go.



Critical vulnerability in Server Service has only been patched by Microsoft (MS08-067), as a new worm called Gimmiv.A has found to be exploiting it in-the-wild.

Once executed, the worm will drop 3 files: winbase.dll, basesvc.dll and syicon.dll into the directory %System%\Wbem\basesvc.dll.

It will then install and start up a new service called BaseSvc with the display name "Windows NT Baseline". The service BaseSvc will force svchost.exe to load the DLL winbase.dll which is specified as a ServiceDll parameter for BaseSvc.

Once loaded, winbase.dll will load 2 additional DLLs into the address space of the system process services.exe: basesvc.dll and syicon.dll.

After dropping and loading the aforementioned DLLs, the worm will collect system information from the compromised computer, collect passwords from the Windows protected storage and Outlook Express passwords cache, and post collected details to a remote host. The details are posted in an encrypted form, by using AES (Rijndael) encryption.

blog.threatexpert.com...


So, while its not going to break your system, its definitely something you do not want on your network. There is a lot more information at that link that actually shows you how it spreads, and why systems are vulnerable. Very good read if you are into that sort of thing. Hopefully this will also help you notice if you have been infected or not. I would start by looking for them *.DLL files, and then proceed using the information provided to remove it to the best of your abilities.

Its things like this that make me glad to be a Linux user. Worms are much harder to code for a Linux based system due to the way permissions and access control is handled. And because its just better
Sadly, I am required to run Windows to play EVE Online though. One day I will be free from Microsoft forever! lol.

[edit on 1/18/2009 by deadline527]



posted on Jan, 19 2009 @ 09:58 AM
link   
Well thanks for the help, but I think I might need to do a complete re-install, When I put in the malwarebytes.org in the browser it redirects me to mywebsearch and lists all the searches for the malwarebytes.org, very strange as it does that in safe-mode too! I can't evan do a system restore, the computer does nothing.........I'm about to launch this thing into the river!



posted on Jan, 19 2009 @ 08:17 PM
link   
Sometimes, I think it's just better to reformat. It may seem time consuming, but in the end you could very well end up saving time, and you know your system is fresh and clean.

Troy



posted on Jan, 19 2009 @ 08:20 PM
link   
oh geez....another windowz trojan - when will people learn - USE A MAC - it does everything a cheap PC does and you never have to worry about viruses, trojans, malware, spyware or any of the crap that all pc users apparently have to worry about every day - I have been using a mac for over 15 years and NEVER EVER have I had anything closely resembling the doom that windowz users face....





posted on Jan, 19 2009 @ 08:21 PM
link   
What would be the purpose of running a scan with out including the compressed file? I got a message during a scan with Norton that diverted me to unchecking the box that automatically runs the compressed ones?

I know you guys are in the middle of some deeper stuff, but just come back when you get a chance.

Thx


IA



posted on Jan, 19 2009 @ 11:30 PM
link   
reply to post by 38181
 


The Mywebsearch is a hijacker. It hijacks your browser or site that you are trying to access. It can be removed fairly easily. The format and re-install will certainly get rid of it if thats the way you want to go.

you'll find it already executed during your bootup in your msconfig utility..
just do a start>run>msconfig then click on "Startup" you'll probably find at least two entries in there. Anything else that is blank and not pointing to anything should be removed. infact the only thing that should really be loaded in here is your anti-virus essentials, firewall software also and modem ISP software (if your not using a router)

its entirely your choice how you deal with this but if your going to go with removing it rather than the format then I would suggest you take a look at what addons you have running in your browser. Nip it in the bug so to speak.

Good luck

Morgs



posted on Jan, 19 2009 @ 11:41 PM
link   
reply to post by interestedalways
 


Nothing much more than actually speeding up the scan itself. One of the things its assuming is you may have several or many of these that are already compressed. If thats the case then this can radically reduce the time it takes to finish the scan. If a file is compressed and there's a threat stored inside it then the theory goes its less of a threat unless its being accessed.

Of course there are different ways of releasing an infected file but we could go on forever with that. Essentially its going to be down to the fewer type files it looks for the quicker the scan is going to be.

Hope that helps somewhat.

Morgs



posted on Jan, 21 2009 @ 12:26 AM
link   
sorry for my lae reply here.
mac isn't going anywhere.
there's an entire industry based on it.
(the clones didn't work out so well in the late 90's. maybe they'll rise again?)



Originally posted by sos37

Originally posted by zooplancton
17 years on a mac.
never once a malicious piece of software effecting my day to day living.
no viruses, no melted HD.

gotta love being the small guy.


Enjoy Apple while you can. Steve Jobs is no longer at Apple and probably has about 6 months to live due to his previous bout of pancreatic cancer. Of course, Apple insists he's coming back to work in June, but then they also told you that all he had was a rare "hormone disorder".



posted on Jan, 21 2009 @ 08:00 AM
link   
reply to post by zooplancton
 


Although off-topic, do you remember what was the problem with the clones?

Some were faster than the Apple machines (specially those from Umax) and they were cheaper, so Apple made the licensing unattractive for the clone makers.



posted on Jan, 21 2009 @ 08:04 AM
link   
reply to post by morg9000
 


Thanks Morg9000, but that did't work. This stupid computer can't even connect to any servers even to update the darn virus protection programs! but I can connect to the internet though. This thing is toast.



posted on Jan, 21 2009 @ 10:31 PM
link   

Originally posted by ArMaP
reply to post by zooplancton
 


Although off-topic, do you remember what was the problem with the clones?

Some were faster than the Apple machines (specially those from Umax) and they were cheaper, so Apple made the licensing unattractive for the clone makers.


thanks armap for the info. i never fully understood what happened to the clones. (power pc), but do remember seeing the bench marks on display. recently reading about "hackintosh" too, building a pc that's mac/intel based.

what about the monopoly thing? i remember when bill gates pumped a ton of cash into apple to keep it alive so there wouldn't be a monopoly.

sorry if i'm swaying this thread. just had to comment that i've never had a destructive ailment in my mac.



posted on Jan, 22 2009 @ 02:45 AM
link   

Originally posted by zooplancton
what about the monopoly thing? i remember when bill gates pumped a ton of cash into apple to keep it alive so there wouldn't be a monopoly.
You should also remember that Microsoft has a good market in the Mac camp with its Office products, as far as I know Microsoft has almost a monopoly on that type of products for the Mac OS.



posted on Jan, 22 2009 @ 10:28 PM
link   

Originally posted by ArMaP

Originally posted by zooplancton
what about the monopoly thing? i remember when bill gates pumped a ton of cash into apple to keep it alive so there wouldn't be a monopoly.
You should also remember that Microsoft has a good market in the Mac camp with its Office products, as far as I know Microsoft has almost a monopoly on that type of products for the Mac OS.


yes, yes. true. as well as adobe products.

long live the small guy!



posted on Jan, 26 2009 @ 03:42 AM
link   
reply to post by morg9000
 

You're welcome, morg.

I'm back just now, after my father-in-law had our tower all weekend,
de-bugging it! Works much faster now, with zero interruptions! YEEAAAHHH!
I don't posess the skill, or even the vocabulary of computer tech stuff. But I just saved a ton of money switching to Geico!


Seriously, though, thanks for reply, I always appreciate a fellow member who sticks with their thread, and acknowledges nearly every post the way you do.

Good example, keep it up!



posted on Feb, 13 2009 @ 04:50 AM
link   
Okay, I got a question to all you computer nerds.
Why does the Calculator in XP keep starting on it's own?
I'm serious, for some reason the calc pops up by itself, i.e. I'm not launching it.

I noticed it about a week ago, left the room to get a cup of coffee and when I got back the calc was running. Weird I thought but wasn't really bothered but since then it's happened more then a half-dozen time in the space of a week.

Got AV / malware and firewall protection, what's going on?
I know it's nothing to do with this worm, nor do I have any other problems so it's doubtful this thing is infected.



new topics

top topics



 
2
<< 1  2  3   >>

log in

join