PDA

View Full Version : Dangerous New Worm To Delete Certain Documents On Friday!



Starry Might
1st February 2006, 03:17 PM
http://www.foxnews.com/story/0,2933,183331,00.html

http://it.slashdot.org/it/06/02/01/1556213.shtml

Update your Anti-virus software, everyone! :eek:

mr_pikachu
2nd February 2006, 02:08 AM
Whoa; this sounds bad. Further information on the virus can be found on a Microsoft Security Advisory (http://www.microsoft.com/technet/security/advisory/904420.mspx). This could be a very potent attack, although the time delay is rather odd. Why make that big of a time gap between a large number of people receiving the worm and the worm's attack? It would seem smarter to have it attack every day, not just the third day of each month. I wouldn't think that would be something that would take up too much more code. From a programming perspective, it doesn't make much sense to me. Of course, hacking in general seems stupid to me, but that's beside the point.

Anyway, get protected, everyone! Update those antivirus programs, and run them immediately! Because if this hits you, it could do a lot of damage.

.hacker
2nd February 2006, 08:23 AM
I know I'll sound stupid for asking this, is there anyway that this could be a hoax? I agree with mr_pikachu about the strange timing it hits (the third of every month). Normally, a legitimate worm is not told to the world until it already hits (like the I Love You worm).

I know I sound like a cynic, but it just doesn't seem normal.

mr_pikachu
2nd February 2006, 08:33 AM
I don't think it was announced; I have a feeling that someone caught on to the fact that some strange file had entered their system, isolated it, and analyzed it. By looking at the code, they may have seen when it was supposed to "activate".

Also, remember that this isn't exactly a typical worm. It's not there to do immediate, temporary damage to systems; instead it's completely and permanently wiping out files. This isn't your run-of-the-mill bug, no matter which way you look at it.

It does seem a bit weird, though; by moving the activation date up a couple of days, whoever did this could have really caught a lot of people completely unaware. Maybe the hacker's testing which people are really paying attention to the goings-on in the techno community? I dunno. But it is rather odd.

Starry Might
2nd February 2006, 03:24 PM
I don't think it's a hoax.

I think that as long as your Anti-virus programs are up-to-date and you don't open any weird e-mails and/or attachments, you'll be okay. :smilie: And if you're REALLY worried about getting 0wned by it, don't turn your computer on at all tomorrow. (Make sure your computer's clock/calendar is accurate, though - the worm strikes on the 3rd of every month on infected machines, meaning some computers could get 0wned sooner or later than tomorrow.)

Considering the sexy nature of the e-mails that carry the virus (e.g. "Kama Sutra"), though, it makes you wonder who's more desperate - the person/people who wrote the worm, or any/all of the hapless schmoes who fall for it? :lol: :wink:

Magmar
2nd February 2006, 04:28 PM
Could this be avoided by setting your clock to January 4?

I HIGHLY recommend that EVERYONE scans their computers once.

mr_pikachu
3rd February 2006, 01:19 AM
A few things.

1. I saw a website earlier today that mentioned how they had tested setting infected computers on a remote system to February 3rd, and how it had activated and wreaked havoc on that isolated system. That and the amount of detail all these sites have on the effects of the worm make me think it's no joke.

2. According to a few sites I've seen, merely turning your computers off for the day makes no difference. Again, apparently turning your computer off makes no difference. It makes sense from a technological standpoint. I mean, the clock doesn't stop running just because the computer's off; otherwise, it'd start up with the wrong time every single time you turned it back on. (Think about how the clocks work in Pokemon GSC and RSE.) And it also makes sense that a virus like this could have some sort of "data flag" type thing that would be triggered when the date became the third. It apparently takes effect when you start the computer up the next time in that case, even if it's no longer the 3rd.

3. Well, some of the names are like that, while other luring messages are non-descript. But yeah, most of the people who likely got crushed by this... well, we know a little about their personalities. >_>;;;

4. I have seen on a couple of websites that they believe it can be avoided by simply skipping over the date. However, I'm not certain as to the accuracy of these statements, as they were only on websites which I had never visited before. Let the buyer beware, I suppose. (I imagine it would work by moving backwards, away from the date, but skipping straight over it makes me nervous. I'm not sure how the calendar system on any particular OS manages that. If it jumps straight to the new date, it's probably fine, but if for some reason it counts up, day-by-day, to get to the new date... well, you're screwed. Don't know why it would do that, but I'm not that advanced of a programmer, either.)

5. Scanned my computer several times, and there was no trace of the bug. It's the third of February, and my comp is safe.

.hacker
3rd February 2006, 08:34 AM
I think it would be helpful to know that this worm is an attachment in e-mails, not from surfing the web. So, if you don't open any spam or weird e-mails, you'll be fine.

Important update:

http://www.foxnews.com/story/0,2933,183683,00.html

No damage or incidents of the worm have struck any computer in Asia. That's right, nothing has been reported in the continent.

mr_pikachu
3rd February 2006, 09:13 AM
Well, I find it a little hard to believe that the entire continent got off scot-free. I mean, heck, I only heard about it yesterday. I'm sure there were some people who were caught off-guard, and there may be some people who don't use their computer often and who therefore don't realize they were hit by it yet.

The thing about this is that, without a computer, I'd imagine it'd be quite a bit harder to report an instance of this worm, and some people may be trying to use their computers as little as possible in the hopes of recovering lost files. (According to numerous reports I've read about the worm, this is foolish and won't make any difference in this particular case, but I did some pretty in-depth research on it for just one person looking into the virus. Others may not have taken such a keen interest until it was too late.)

But yeah, the cyberterrorism of today is all through those stupid attachments. As long as you're hyper-paranoid, you shouldn't have any trouble at all. ;)

PersianKing
3rd February 2006, 12:04 PM
i am not taking any chances updating my virus scanner and scanning for infected files right now. even though it has already been done this week.

Starry Might
3rd February 2006, 03:15 PM
2. According to a few sites I've seen, merely turning your computers off for the day makes no difference. Again, apparently turning your computer off makes no difference. It makes sense from a technological standpoint. I mean, the clock doesn't stop running just because the computer's off; otherwise, it'd start up with the wrong time every single time you turned it back on. (Think about how the clocks work in Pokemon GSC and RSE.) And it also makes sense that a virus like this could have some sort of "data flag" type thing that would be triggered when the date became the third. It apparently takes effect when you start the computer up the next time in that case, even if it's no longer the 3rd.
Really?! Yikes! :scared: Looks like those government guys in Italy are hosed, then...

But like I said, and like .hacker said, if you don't open any bizarre e-mails/attachments, you'll be fine. :smilie::yes:

Magmar
5th February 2006, 12:13 AM
So any updates on this virus?

Starry Might
6th February 2006, 03:11 PM
So any updates on this virus?

Lemme check... (*GOOGLES "BLACKWORM WORM*)

http://news.com.com/2061-11199_3-6034979.html

I guess not. :smilie: