Viruses & Malware

worm making the rounds on the Internet not only mass-mails itself to addresses it hijacks on infected machines, but spreads by replying to unread E-mail messages in the user's in-box, security experts said Wednesday.
The Lovegate worm, which was first discovered last week and reappeared in repackaged, copycat form Tuesday, uses an auto-responding technique as well as the traditional address book theft to propagate, said Alfred Huger, VP of engineering at Symantec Corp.'s virus watch group.

Axel G., 21-year-old programmer from Schoneau, Germany, was arrested (on the recommendation of U.S. authorities) for having created the Phatbot trojan. He was released on bail after just one week with the stipulation that he must check in with the police regularly; he also had his passport confiscated so he can't leave the country. Phatbot is a trojan which allows one person to control a network of computers, possibly to be used in a Distributed Denial of Service (DDoS) attack.

Symantec's DeepSight Threat network Monday detected a very high level of unusual traffic on TCP port 5000 that indicates a worm's at work.
The latest alert, which notes "extremely heavy activity" on port 5000, is "almost certainly a worm-related activity," said Alfred Huger, the vice president of engineering for Symantec's virus watch group.

A new Internet worm is spreading by exploiting a flaw in the Sasser worm, according to an alert issued this week.

The new worm is tentatively named Dabber. It takes advantage of a vulnerability in an FTP server component in the Sasser worm and may have infected thousands of computers infected with Sasser. Dabber is believed to be the first worm that spreads specifically by targeting a flaw in another worm's code, according to an advisory published by LURHQ, a Chicago-managed security services company.

Antivirus software companies issued warnings and software updates on Tuesday and Wednesday for a new worm, Wallon, that uses deceptive Web links to Yahoo.com to trick users into downloading malicious programs. Wallon first appeared last Friday and spreads in e-mail messages. However, antivirus companies reported increased instances of the worm on Tuesday and said users could be tricked by its e-mail messages, which do not contain virus-infected file attachments.

A new mass-mailing virus called Wallon, which destroys Windows media player and is activated when a user tries to play MP3 or video files from an infected PC, was discovered in Europe on Tuesday.

Traditionally, mass-mailing viruses such as Netsky and Bagle are spread as attachments. When an unsuspecting user opens the infected attachment, it executes a piece of code that usually attempts to steal the user's address book and often opens a back door to give hackers easy access to the system's resources.

The release of a new version of the Sasser worm calls into question claims by some German authorities that they have the sole author of the worm in custody, according to antivirus experts.A new version of the Sasser worm, dubbed Sasser-E, appeared late Friday, around the time police arrested an 18-year-old man they said was the author of all the Sasser variants and of the Netsky worm.

An 18-year-old German who confessed to creating the "Sasser" computer worm launched a new version meant to limit the damage just before his arrest last week, investigators said Monday.

Authorities who have questioned Sven Jaschan got the impression his motive was to gain fame as a programmer, prosecutor Detlev Dyballa said.

Dyballa labeled as speculation news reports that Jaschan may have created the disruptive program to drum up business for his mother's computer store, PC-Help, in the small town of Waffensen.

Will we ever see something like the Sasser worm for the Macintosh (news - web sites) or Linux (news - web sites)? It's an interesting question, and not just for academic reasons. Undoubtedly, many people who choose these platforms do so because they think it immunizes them from the sorts of attacks Windows users must deal with. This past week saw the announcement of several vulnerabilities in Mac OS X (news - web sites), some extremely serious.

Although the damage wrought by Sasser failed to reach the levels of MSBlast and other major infections, security experts are warning that there could still be more trouble to come from the worm.

One researcher said Thursday that the group of online vandals suspected of creating both the Sasser worm and several variations of the Netsky virus could combine the two threats. The resulting blended threat could dodge security inside corporate systems via e-mail messages and then spread quickly, once inside those networks.