This variant was discovered yesterday (July 2nd) and looks like it's bound to cause trouble. It spreads through a Windows vulnerability on TCP port 445. It only affects WinXP and Win2k. I 'spect we'll see someone with one of those OS's asking what's up with their box, so I figured I'd give a heads up so everyone can watch out for it and we can know what to look for if somebody gets infected and comes here asking about it. This bug also edits the registry (meaning to completely restore your computer back to normal after removal - you have to edit the registry. This makes the bug much more of a pain....) and will attempt to make itself invisible on the list of processes if you bring up the task manager. It spreads through TCP by scanning random IP addresses and finding a vulnerable target. The damage it causes is mostly indirect - it functions as a backdoor and will also drain network resources. Sounds pretty nasty. Symantec has an article on it and has updated it's virus definitions to include this worm. (Btw, yes it's classified as a "worm"). So...same old drill - update your virus definitons and get all the patches for Windows.
Source (Symantec)
-Please lemme know if somebody already gave a heads up for this one.
*edit*
Should've named this thread "new worm" instead of "new virus"....my bad.
Reply With Quote