Worm feeds on Sasser-infected computers
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Worm feeds on Sasser-infected computers

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Worm feeds on Sasser-infected computers

    Computers compromised by the Sasser worm may be vulnerable to a scavenging program that exploits a flaw in the software left behind by the worm, a security researcher said Thursday.
    The worm--dubbed Dabber--has started spreading to Microsoft Windows systems, but likely won't have a large impact, said Joe Stewart, senior security researcher with network protection firm Lurhq.

    "It is not going to be a big problem for anyone that is paying any attention at all to computer security," he said. "If somebody does get it, they probably already have Sasser and, most likely, Agobot as well."

    Dabber is not the first worm to exploit back doors into compromised systems left behind by previous attackers. Two worms, Doomjuice and Deadhat, infected systems already compromised with the MyDoom virus.

    However, Dabber may be the first worm to attack systems using a flaw in a previous malicious program. In this case, the file transfer protocol (FTP) server installed by Sasser to enable the worm to transfer itself to new hosts has a buffer-overflow vulnerability. Dabber uses that security flaw to spread to the new machine.

    Once it copies itself to a new host, the worm will change the system settings so that operating system runs the malicious program every time it starts up. Dabber will also attempt to block other worms, which may have infected the machine, from running.

    Finally, the worm will establish a back door into the software to allow knowledgeable attackers to take control of the system.

    The scavenging worm arrives as German police are investigating more leads in the Sasser case. Already, the suspected author has been arrested in that country, based on information leaked to Microsoft by informants interested in reward money.
    Source : http://zdnet.com.com/2100-1105_2-521...=zdfd.newsfeed
    -Simon \"SDK\"

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    In this case, the file transfer protocol (FTP) server installed by Sasser to enable the worm to transfer itself to new hosts has a buffer-overflow vulnerability.
    You gotta love it.... Even the worms have security vulnerabilities......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    That is great. LMAO!!!
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Junior Member
    Join Date
    Feb 2004
    Posts
    15
    i got the dabber backdoor open on my honeypot, port 9898, but i dont sem to be picking anything up other than port scans atm.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    open it on 1023 and 5554. those are the one thats being searched for
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    "It is not going to be a big problem for anyone that is paying any attention at all to computer security,"
    So anotherwards, it will in fact be a big problem for the general PC using population who could care less about security and have more of a click-and-go-gimmie-gimmie-gimmie mentality, that will inevitably cause the small percentage of people who are actually paying attention to security issues, to lose bandwidth and have thier firewalls bombarded by port scans of infected machines.
    go figure.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  7. #7
    Senior Member
    Join Date
    May 2004
    Posts
    206
    Lol, I almost died laughing!
    It is better to die on your feet than to live on your knees.

  8. #8
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    You gotta love it.... Even the worms have security vulnerabilities......
    Doesn't this prove a point? These things are only as smart as we allow them to be.
    Your heart was talking, not your mind.
    -Tiger Shark

  9. #9
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    hehe...yup dopeydadwarf...but ROFLMAO at the concept

  10. #10
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,002
    I love it just goes to show even virus writers aren't safe any more. Whats the world coming too.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides