May 20th, 2003, 04:21 PM
Fizzer virus secrets revealed
This weekend, the IRC/Unity group discovered that access to computers infected by the Fizzer worm is regulated by a three-letter nickname, which is generated by an algorithm that depends on the current date. A person who knows the nickname can issue commands to any computer that's compromised by the virus and listening to the current chat channel.
Several IRC operators have started using the information to command any PC infected with the virus that connects to their network to uninstall itself.
"A lot of networks are actively sending out the command to all IRC Fizzer clients," said McGarrigle. "When they send the uninstall command, it leaves no trace of the bot."
Full article here
Using the bot itself do uninstall it, what a smart idea ....
[shadow] SHARING KNOWLEDGE[/shadow]
May 23rd, 2003, 07:04 PM
what a great day we live in, we can now delete the virus using the same backdoors someone else puts on, might have been easyer for them to use a password =p
The Hack Back Revolution
May 24th, 2003, 01:30 AM
The scary angle on this is that next time, it may not be so easy. Whoever release Fizzer probably now knows what the weaknesses are, and will make the necessary modifications to more tighly secure the infections once done. Yeah, we have a nifty way to nail the infections now.
We were able to avoid infection by this primarily because of vigilance and keeping systems current and as secure as possible. A new zero-day infection that gets in under the anti-virus screen, and is better armored, would be a real challenge.