Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: New M$ virus affects all versions of M$ Windows?!

  1. #1
    Senior Member
    Join Date
    Aug 2002

    Exclamation New M$ virus affects all versions of M$ Windows?!

    There seems to be a new "virus" propagating around out there that they say in not a worm or virus in source code nature. And the method of attack is unknown, all they say is that the attack is automated.
    Microsoft posted a mysterious alert on its product support services (PSS) page. The alert warns of a hack attack that locks out users, installs backdoor programs, and gives an attacker remote access via IRC.
    For some reason this doesn't suprise me. All you can do for now is scan your computer for the certain files that are showing up on "infected" systems.

    The PSS team says infected systems contain the following files:
    That is a pretty hefty list of files if you are doing a manual file scan. You can read the whole story here and basically the same article put out by microsoft here .

    I was wondering if this has hit anyone on here? All of our boxes are clean, and I have heard no talk of this anywhere.

    edit: If anyone has this "virus" on their system I would like to see the files, you know see how it works and try to implement a stronger security policy relating to this.
    Civilization. The death of dreams.

  2. #2
    Senior Member
    Join Date
    Aug 2002
    I haven't heard of anything of this as of yet. I am sure I will soon. I haven't read the article yet, but maybe our network will be a little safer than some since we don't allow irc to get through the firewall. Who knows? I will definitely have to read this article. Thanks for the info.
    Opinions are like holes - everybody\'s got\'em.


  3. #3
    Uh-oh.... If MS doesnt give lots of details its no good.... Is there any patch available or is it just Run a virus scan and see what happens

  4. #4

    Breakdown of files

    I found a post here where someone did an analysis on the files used in this attack. Specifically, go to the post on Sept 4.

    And the "warning" from Microsoft is terrible! Could it be any more cryptic?

  5. #5
    Junior Member
    Join Date
    Sep 2002

    Exclamation MS is always having problem

    Waz up, well you say of another MS problem. well if they have not fix it yet there is problem in the (SSL) THAT is letting peeps crack in and put in codes in to banks computers and when the custumers goes to make a transfer the codes that the hacker/Cracker has put in there will make transfers of it's on there was a post about this on antionline but i could not find it agin feel free to look for it.

    see ya

  6. #6
    AntiOnline Senior Member
    Join Date
    Oct 2001
    Well, I scanned my comp and I was clean of all files except gates.txt. It was full of IP addies and server listings... Idk what it means. Oh well.
    [shadow]uraloony, Founder of Loony Services[/shadow]
    Visit us at

  7. #7
    Senior Member
    Join Date
    Aug 2001
    I liked this quote as reported by: http://www.wired.com/news/technology...,54942,00.html

    In responding to the MS alert, Harlan Carvey, a security engineer with a financial services firm, said:

    "It's easily one of the most unprofessional pieces of crap I've ever read. Vague, indirect, doesn't say anything useful at all."

    Couldn't have put it better myself

    P.S. If the MS alert makes any sense at all, I think it is saying that this (whatever it might be) only affects Win2k/XP - not that this really helps much ...

  8. #8
    Senior Member
    Join Date
    Jun 2002
    MS have decided that what was originally an unknown form of attack is acutally a mIRC Trojan-Related Attack.


    UPDATE: As of September 6, 2002, reports of malicious activity that follow the particular pattern that is outlined in this article have lessened significantly. The Microsoft Product Support Services Security Team has modified this Microsoft Knowledge Base article to reflect this information and to refine suggestions for detection and repair criteria.
    Here is an article which investigates Microsoft's backflip on the 'vulnerability':


    So it really does sound like a remote compromise independent of user interaction. Naturally, MS steadfastly refuses to tell us anything useful, like how this is accomplished. 'Install your patches and quit asking impertinent questions' seems to be the subtext here. It's just that I can't quite noodle out how a remote compromise (i.e., one not requiring user interaction) is not a security issue. Perhaps the Redmond spin-meisters would like to walk me through that one.
    Anyone surprised?

  9. #9
    Senior Member
    Join Date
    Nov 2001
    how about the way they blame the people that become infected. blaming unpatched or misconfigured servers...damme bitch was asken for it.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Join Date
    Aug 2002
    Wonder what´s in Gates.txt... Bet it´s funny!
    I breathe, therefore I am!
    I type, therefore I live!
    [shadow]I love, therfore I die![/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts