LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (https://www.linuxquestions.org/questions/general-10/)
-   -   new worm KEYSTROKE LOGGER (https://www.linuxquestions.org/questions/general-10/new-worm-keystroke-logger-139066/)

witeshark 01-26-2004 11:10 PM

new worm KEYSTROKE LOGGER
 
Tricky 'MyDoom' e-mail worm spreading quickly
Worm launches attack on site for Unix-owner SCO Group
it has a keystroke logger!

Capt_Caveman 01-26-2004 11:37 PM

Definitely a fast spreader.

Here's Symantecs description of the worm:
http://securityresponse.symantec.com...varg.a@mm.html

Not a Linux-Security issue; Moved to General

green_dragon37 01-26-2004 11:53 PM

Wow! I went to work today, and when I came back, I had blocked 6 of these, and had reports in my mail! I'm glad I installed that virus scanner in my mail server now!

Ian

natalinasmpf 01-27-2004 08:48 AM

Wow, I feel like getting myself a .edu email address. ;)

Crito 01-27-2004 06:29 PM

They stole the keystroke logging code from the FBI's Magic Lantern. Norton and McAfee said they wouldn't alert customers to the presence of this trojan, so that was the only way to get them to do their jobs. :o

http://www.sophos.com/virusinfo/arti...iclantern.html
http://abcnews.go.com/sections/scite...dge011221.html
http://www.techtv.com/cybercrime/pri...386018,00.html
http://cc.uoregon.edu/cnews/winter20...iclantern.html
http://msnbc.com/news/660096.asp
http://www.worldnetdaily.com/news/ar...TICLE_ID=25471

Squall 01-27-2004 06:47 PM

Quote:

Originally posted by natalinasmpf
Wow, I feel like getting myself a .edu email address. ;)
yeah, i guess the virus writer had SOME heart. I don't know why people open these emails anyway, they're just asking for a virus.

apache363 01-28-2004 10:59 AM

MyDoom originated in Russia!
 
Hehe, another Windows virus...
But why does everybody blame it on the Linux community?
MessageLabs says it originated in Russia
where nobody would care about a US lawsuit.
www.groklaw.com

williamwbishop 01-28-2004 11:43 AM

contemplating getting it on purpose...

apache363 01-28-2004 12:48 PM

Uh, williamwbishop, you might not want to do that. It takes over your internet connection by using all its bandwith.

williamwbishop 01-28-2004 01:11 PM

It's for a good cause, and I can always clean it tomorrow....

natalinasmpf 01-28-2004 06:14 PM

Heck, I want a more friendly app. Ie. I could start it before I go to school and stop it when I need to use the net.

Capt_Caveman 01-28-2004 09:06 PM

You should not ever use wget to do anything like that.

Bruce Hill 01-28-2004 09:59 PM

Quote:

Originally posted by williamwbishop
contemplating getting it on purpose...
I opened it with Ark in a /tmp subdirectory when the first document.zip made it to my Inbox. Then looked at the document.exe file. If I am correct, it can't do anything to a Linux box because this is what it does...
Quote:

When W32.Novarg.A@mm is executed, it does the following:

1. Creates the following files:
* %System%\Shimgapi.dll: Shimgapi.dll acts as a proxy server, opening TCP listening ports in the range of 3127 to 3198. The backdoor also has the ability to download and execute arbitrary files.
* %Temp%\Message: This file contains random letters and is displayed using Notepad.
* %System%\Taskmon.exe:
I'm no Linux expert, but if I'm correct, this particular worm can't do anything to a Linux system. Is this correct?

witeshark 01-28-2004 10:10 PM

Quote:

Originally posted by Capt_Caveman
Definitely a fast spreader.

Here's Symantecs description of the worm:
http://securityresponse.symantec.com...varg.a@mm.html

Not a Linux-Security issue; Moved to General

apparently not any threat to Linux/Mac/Unix. even win3.1 seems unthreatened :study:

SciYro 01-29-2004 01:14 AM

u think these worms would get smarts, a smart worm would srat and attack in like only hours after it was relaesed, long b4 anyone could alert the worl of a new worm, thus acutaly doing somthing that is meaningful, like dos attack sco and ms? (not realy meaningful, but it is to the virus wirters who are no doupt just out to hurt them)


All times are GMT -5. The time now is 01:30 PM.