What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » worm detected today at symantec

1 votes - 5 average   worm detected today at symantec
Author: Message:
Full Member

I'm Ready I'm Ready I'm Ready I'm Re

Posts: 330
Reputation: 8
34 / Other / –
Joined: Jul 2004
O.P. Shocked  worm detected today at symantec
hi you guys i want to inform you about a worm called: W32.Spybot.OBB that contains" W32.Spybot.OBB is a worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities"

Viruses, Worms and Trojan Horses
A virus is a program or code that replicates itself onto other files with which it comes in contact; that is, a virus can infect another program, boot sector, partition sector, or a document that supports macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, though many can do damage to a computer system or a user's data as well.

A worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.

A Trojan Horse portrays itself as something other than what it is at the point of execution. While it may advertise its activity after launching, this information is not apparent to the user beforehand. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls.

Risks that do not meet the definitions of Viruses, Trojan horses, Worms, or other security risk categories, but which may present a risk to a computer and its data, an unwanted nuisance to the user, or exhibit other unexpected or unwanted results when the risk is present and functioning. This category includes programs that encrypt or otherwise attempt to obfuscate some of their functionality, making it difficult to determine whether they fall into one of the other categories.

more about it on http://securityresponse.symantec.com/avcenter/refa.html#worm

about his functions and all kind of worms

so plz be carefull

EDIT the worm koms from this link so if you get any links that looks like this one dont klick on it " http://xwar.org/MSN.exe "

This post was edited on 04-22-2005 at 04:53 PM by WDZ.
[Image: .jpg]
if you need help with unrealircd tell me and i will help ya out.
04-22-2005 04:20 PM
Profile E-Mail PM Web Find Quote Report
Community's Choice

Posts: 1407
Reputation: 92
Joined: Feb 2003
RE: worm detected today at symantec
[18:35:52] -woo.Net- *** Notice -- Maximum connections: 13700 (13699 clients)

There are 13,700 infected PCs which are currently connected to the botnet IRCd and this figure is going up by, on average, 1 per second.


Thank you.

Every 30 minutes the botnet runners get every infected client to download & execute msn.exe which causes that message to be sent to everyone one your contact list.

They just did it now.

[18:43:36] -woo.Net- *** Notice -- Maximum connections: 13870 (13869 clients)
[18:43:39] -woo.Net- *** Notice -- Maximum connections: 13880 (13879 clients)
[18:43:43] -woo.Net- *** Notice -- Maximum connections: 13890 (13889 clients)
[18:43:48] -woo.Net- *** Notice -- Maximum connections: 13900 (13899 clients)
[18:43:50] -woo.Net- *** Notice -- Maximum connections: 13910 (13909 clients)
[18:43:56] -woo.Net- *** Notice -- Maximum connections: 13920 (13919 clients)
[18:44:01] -woo.Net- *** Notice -- Maximum connections: 13930 (13929 clients)
[18:44:02] -woo.Net- *** Notice -- Maximum connections: 13940 (13939 clients)
[18:44:03] -woo.Net- *** Notice -- Maximum connections: 13950 (13949 clients)

Look at the timestamps.

This morning there were 4000 bots.

People suck. :(

EDIT: It's still going up. It'll go up for a couple of thousand infections (bots) then quiet down..

[18:47:13] -woo.Net- *** Notice -- Maximum connections: 14140 (14139 clients)

* segosa sighs

This post was edited on 04-22-2005 at 04:49 PM by segosa.
The previous sentence is false. The following sentence is true.
04-22-2005 04:39 PM
Profile PM Find Quote Report
Disabled Account

Posts: 337
Joined: May 2004
RE: worm detected today at symantec
I'll second what Segosa has said. I am working on getting the DNS for the botnet IRCd removed, once that has gone the trojan should stop spreading. Just don't click it, and if someone spams you the link HELP them remove the trojan.

04-22-2005 05:02 PM
Profile PM Find Quote Report
« Next Oldest Return to Top Next Newest »

Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On