LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 01-26-2004, 11:10 PM   #1
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
Thumbs down new worm KEYSTROKE LOGGER


Tricky 'MyDoom' e-mail worm spreading quickly
Worm launches attack on site for Unix-owner SCO Group
it has a keystroke logger!
 
Old 01-26-2004, 11:37 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Definitely a fast spreader.

Here's Symantecs description of the worm:
http://securityresponse.symantec.com...varg.a@mm.html

Not a Linux-Security issue; Moved to General
 
Old 01-26-2004, 11:53 PM   #3
green_dragon37
Member
 
Registered: Oct 2002
Location: Lower Alabama
Distribution: Slackware, OpenBSD 3.9
Posts: 344

Rep: Reputation: 31
Wow! I went to work today, and when I came back, I had blocked 6 of these, and had reports in my mail! I'm glad I installed that virus scanner in my mail server now!

Ian
 
Old 01-27-2004, 08:48 AM   #4
natalinasmpf
Member
 
Registered: Dec 2003
Distribution: Slackware 9.1
Posts: 309

Rep: Reputation: 30
Wow, I feel like getting myself a .edu email address.
 
Old 01-27-2004, 06:29 PM   #5
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
They stole the keystroke logging code from the FBI's Magic Lantern. Norton and McAfee said they wouldn't alert customers to the presence of this trojan, so that was the only way to get them to do their jobs.

http://www.sophos.com/virusinfo/arti...iclantern.html
http://abcnews.go.com/sections/scite...dge011221.html
http://www.techtv.com/cybercrime/pri...386018,00.html
http://cc.uoregon.edu/cnews/winter20...iclantern.html
http://msnbc.com/news/660096.asp
http://www.worldnetdaily.com/news/ar...TICLE_ID=25471
 
Old 01-27-2004, 06:47 PM   #6
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
Quote:
Originally posted by natalinasmpf
Wow, I feel like getting myself a .edu email address.
yeah, i guess the virus writer had SOME heart. I don't know why people open these emails anyway, they're just asking for a virus.
 
Old 01-28-2004, 10:59 AM   #7
apache363
Member
 
Registered: Jan 2004
Distribution: OS X; FreeBSD; Debian
Posts: 172

Rep: Reputation: 30
MyDoom originated in Russia!

Hehe, another Windows virus...
But why does everybody blame it on the Linux community?
MessageLabs says it originated in Russia
where nobody would care about a US lawsuit.
www.groklaw.com
 
Old 01-28-2004, 11:43 AM   #8
williamwbishop
Member
 
Registered: Feb 2003
Location: god's judge
Posts: 376

Rep: Reputation: 30
contemplating getting it on purpose...
 
Old 01-28-2004, 12:48 PM   #9
apache363
Member
 
Registered: Jan 2004
Distribution: OS X; FreeBSD; Debian
Posts: 172

Rep: Reputation: 30
Uh, williamwbishop, you might not want to do that. It takes over your internet connection by using all its bandwith.
 
Old 01-28-2004, 01:11 PM   #10
williamwbishop
Member
 
Registered: Feb 2003
Location: god's judge
Posts: 376

Rep: Reputation: 30
It's for a good cause, and I can always clean it tomorrow....
 
Old 01-28-2004, 06:14 PM   #11
natalinasmpf
Member
 
Registered: Dec 2003
Distribution: Slackware 9.1
Posts: 309

Rep: Reputation: 30
Heck, I want a more friendly app. Ie. I could start it before I go to school and stop it when I need to use the net.
 
Old 01-28-2004, 09:06 PM   #12
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
You should not ever use wget to do anything like that.
 
Old 01-28-2004, 09:59 PM   #13
Bruce Hill
HCL Maintainer
 
Registered: Jun 2003
Location: Tupelo, MS
Distribution: Gentoo
Posts: 6,926

Rep: Reputation: 124Reputation: 124
Quote:
Originally posted by williamwbishop
contemplating getting it on purpose...
I opened it with Ark in a /tmp subdirectory when the first document.zip made it to my Inbox. Then looked at the document.exe file. If I am correct, it can't do anything to a Linux box because this is what it does...
Quote:
When W32.Novarg.A@mm is executed, it does the following:

1. Creates the following files:
* %System%\Shimgapi.dll: Shimgapi.dll acts as a proxy server, opening TCP listening ports in the range of 3127 to 3198. The backdoor also has the ability to download and execute arbitrary files.
* %Temp%\Message: This file contains random letters and is displayed using Notepad.
* %System%\Taskmon.exe:
I'm no Linux expert, but if I'm correct, this particular worm can't do anything to a Linux system. Is this correct?
 
Old 01-28-2004, 10:10 PM   #14
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Original Poster
Rep: Reputation: 30
Post

Quote:
Originally posted by Capt_Caveman
Definitely a fast spreader.

Here's Symantecs description of the worm:
http://securityresponse.symantec.com...varg.a@mm.html

Not a Linux-Security issue; Moved to General
apparently not any threat to Linux/Mac/Unix. even win3.1 seems unthreatened
 
Old 01-29-2004, 01:14 AM   #15
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
u think these worms would get smarts, a smart worm would srat and attack in like only hours after it was relaesed, long b4 anyone could alert the worl of a new worm, thus acutaly doing somthing that is meaningful, like dos attack sco and ms? (not realy meaningful, but it is to the virus wirters who are no doupt just out to hurt them)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
keystroke logger??? paugros Linux - Security 18 03-24-2005 01:06 PM
keystroke logging to file? musicman_ace Linux - Software 3 12-12-2004 07:49 AM
keystroke macros squip Programming 1 10-09-2003 01:46 PM
looking for program or way to get keystroke macros squip Linux - Software 0 10-07-2003 09:25 PM
emacs keystroke kev82 Programming 9 07-16-2003 11:15 AM


All times are GMT -5. The time now is 03:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration