September 7th, 2002, 03:01 AM
New M$ virus affects all versions of M$ Windows?!
There seems to be a new "virus" propagating around out there that they say in not a worm or virus in source code nature. And the method of attack is unknown, all they say is that the attack is automated.
For some reason this doesn't suprise me. All you can do for now is scan your computer for the certain files that are showing up on "infected" systems.
Microsoft posted a mysterious alert
on its product support services (PSS) page. The alert warns of a hack attack that locks out users, installs backdoor programs, and gives an attacker remote access via IRC.
That is a pretty hefty list of files if you are doing a manual file scan. You can read the whole story here and basically the same article put out by microsoft here .
The PSS team says infected systems contain the following files:
I was wondering if this has hit anyone on here? All of our boxes are clean, and I have heard no talk of this anywhere.
edit: If anyone has this "virus" on their system I would like to see the files, you know see how it works and try to implement a stronger security policy relating to this.
Civilization. The death of dreams.
September 7th, 2002, 03:21 AM
I haven't heard of anything of this as of yet. I am sure I will soon. I haven't read the article yet, but maybe our network will be a little safer than some since we don't allow irc to get through the firewall. Who knows? I will definitely have to read this article. Thanks for the info.
Opinions are like
holes - everybody\'s got\'em.
September 7th, 2002, 03:39 AM
Uh-oh.... If MS doesnt give lots of details its no good.... Is there any patch available or is it just Run a virus scan and see what happens
September 7th, 2002, 05:04 PM
Breakdown of files
I found a post here where someone did an analysis on the files used in this attack. Specifically, go to the post on Sept 4.
And the "warning" from Microsoft is terrible! Could it be any more cryptic?
September 7th, 2002, 05:23 PM
MS is always having problem
Waz up, well you say of another MS problem. well if they have not fix it yet there is problem in the (SSL) THAT is letting peeps crack in and put in codes in to banks computers and when the custumers goes to make a transfer the codes that the hacker/Cracker has put in there will make transfers of it's on there was a post about this on antionline but i could not find it agin feel free to look for it.
September 8th, 2002, 01:03 AM
Well, I scanned my comp and I was clean of all files except gates.txt. It was full of IP addies and server listings... Idk what it means. Oh well.
[shadow]uraloony, Founder of Loony Services[/shadow]
Visit us at
September 8th, 2002, 01:47 AM
I liked this quote as reported by: http://www.wired.com/news/technology...,54942,00.html
In responding to the MS alert, Harlan Carvey, a security engineer with a financial services firm, said:
"It's easily one of the most unprofessional pieces of crap I've ever read. Vague, indirect, doesn't say anything useful at all."
Couldn't have put it better myself
P.S. If the MS alert makes any sense at all, I think it is saying that this (whatever it might be) only affects Win2k/XP - not that this really helps much ...
September 9th, 2002, 05:34 AM
MS have decided that what was originally an unknown form of attack is acutally a mIRC Trojan-Related Attack.
Here is an article which investigates Microsoft's backflip on the 'vulnerability':
UPDATE: As of September 6, 2002, reports of malicious activity that follow the particular pattern that is outlined in this article have lessened significantly. The Microsoft Product Support Services Security Team has modified this Microsoft Knowledge Base article to reflect this information and to refine suggestions for detection and repair criteria.
So it really does sound like a remote compromise independent of user interaction. Naturally, MS steadfastly refuses to tell us anything useful, like how this is accomplished. 'Install your patches and quit asking impertinent questions' seems to be the subtext here. It's just that I can't quite noodle out how a remote compromise (i.e., one not requiring user interaction) is not a security issue. Perhaps the Redmond spin-meisters would like to walk me through that one.
September 9th, 2002, 06:34 AM
how about the way they blame the people that become infected. blaming unpatched or misconfigured servers...damme bitch was asken for it.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
September 9th, 2002, 07:23 AM
Wonder what´s in Gates.txt... Bet it´s funny!
I breathe, therefore I am!
I type, therefore I live!
[shadow]I love, therfore I die![/shadow]