Worm Archives -

Worm

Flashback Friday: SQL Slammer

Within a few hours of being released in the winter of 2003, SQL Slammer had brought the internet to something of a standstill. We look back at this notable worm.

ACAD/Medre.A Technical Analysis

For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg's blog post. For technical details from analysing the worm's source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to

Made in the Czech Republic: a PHP Autorun worm

Recently, a new data-stealing worm caught our attention. The reason why it stands out from many similar amateur creations is that its author is most probably Czech, as the text strings, variable and function names used by the malware suggest. The Czech text above is displayed by the worm inside a console window and translates

The more things change, the more they stay the same

It's something of a truism, that 'old viruses never die', and that certainly seems to be the case for some of the older, more widespread, email worms. In this interview (http://www.signonsandiego.com/uniontrib/20041129/news_lz1b29five.html) back in 2004, I talked about an email worm called "Win32/Zafi.b" which, at the time, had recently been spreading on a global scale. However,

Real War – The Next Cyber Frontier

Cyber Security pundits have been keenly watching the development of nascent state targeted attacks such as the Stuxnet worm with interest for some time and warning of the possible implications, but now it’s official. According to The Wall Street Journal, “The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public

What are Heuristics?

It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the "find" command in your word processor to locate a particular piece of text) or as

IM to Spread Malware: the Butterfly Effect

This weekend, an unnamed worm forced Microsoft to temporarily suspend active links  in Live Messenger 2009, in order to prevent the aggressive worm from spreading further. This is quite a surprising measure, because worms spreading through Instant Messaging (IM) such as Skype, Yahoo! Messenger and Microsoft Live Messenger are not new at all! For example,

Another Look at Koobface: How It Infects Facebook Users

Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it: NOTE: The audio is not

Operation Cyber ShockWave

While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries

The Blame Game

I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was

September’s Global Threat Report

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET’s ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number

Twit of the Year?

I’m guessing that you’ve probably heard about the worm attacks on Twitter over the Easter weekend. Even I did, and I was doing my best to take some time out from work, with rather more success than usual. According to one Michael – sorry, Mikeyy – Mooney, a bored 17-year-old, he was responsible for the

The Only Good Worm is a Gummy Worm

From time to time the discussion of whether or not there are (or can be) good worms comes up, usually specifically in the context of program maintenance, updates and upgrades. In fact, the idea of maintenance viruses goes back at least as far as Dr. Fred Cohen, who pretty much "wrote the book" on early

Win32/Waledac for Valentine’s Day

As Valentine’s Day is approaching the criminals behind Win32/Waledac have increased their activity. The Valentine campaign started some time ago but the interesting part is only starting for us.  The Waledac botnet has been using fast flux for some time now.  This means that the IP addresses of the websites used to distribute this malware

Conficker: can’t stand up for falling downadup

You might have noticed that Conficker (Downadup) is actually standing up rather well to all the attention it’s receiving at the moment. Heise UK reported that 2.5 million PCs are already infected (links removed, as Heise no longer seems to have a UK site and the articles have disappeared). In The Register, Dan Goodin reports that the

Confused about Conficker?

CNN reported that there a new sleeper virus out there. http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html There is nothing sleepy about the Conficker worm, it is wide awake and looking for people who are asleep at the security wheel. CNN reports that Conficker could allow hackers to steal personal and financial data, and they also report that it “it is