Blackworm threat serious

Discussion in 'malware problems & news' started by Tassie_Devils, Jan 28, 2006.

Thread Status:
Not open for further replies.
  1. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Blackworm threat:

    BLACKWORM SERIOUS THREAT SOURCE
     
  2. snowie

    snowie Guest

    Researchers Warn of File-Destroying Worm

    Researchers Warn of File-Destroying Worm
    By ANICK JESDANUN, AP Internet Writer 1 hour, 46 minutes ago

    NEW YORK - If you have computer files you'd rather not lose, now is a good time to make sure your anti-virus software is up to date. A worm set to activate Friday will corrupt documents using the most common file types, including ".doc," ".pdf," and ".zip."


    Hundreds of thousands of machines are believed to be infected, mostly in India, Peru, Turkey and Italy, said Mikko Hypponen, chief research officer for Finnish security company F-Secure Corp.

    The worm, known as "CME-24," "BlackWorm," "Mywife.E" or a number of other monikers, even tries to disable anti-virus software that is out of date, he said.

    Thus, users should make sure their software is turned on and has the latest definitions, generally available for free from the software vendor's Web site. F-Secure also has created a free removal tool.

    "If you are infected, and you find out about it today, you still have time to get rid of the virus," Hypponen said.

    As worms go, the spread of BlackWorm is relatively low. But worms these days are generally designed to help spammers and hackers carry out attacks, not to destroy files as this one does. So the impact this time may be more severe.

    Microsoft Corp. issued an advisory Tuesday warning customers about the worm, which affects most versions of its Windows operating system.

    Users should be safe if they have the latest anti-virus software or if their computers are set with limited privileges, a common setting in larger organizations. They are vulnerable if they, like many small business and home users, leave their computers set with full administrative rights.

    And users should check the date on the computer. The worm hits the third of every month, so if the computer's local calendar settings are off, Hypponen said, files may be destroyed sooner or later, even if the computer is never turned on Friday.

    ___

    On the Net:

    http://www.microsoft.com/technet/security/advisory/904420.mspx

    http://www.f-secure.com
     
  3. FanJ

    FanJ Guest

    Re: Researchers Warn of File-Destroying Worm

    From PSC (BOClean) :

    PSC Newsletter-A new month, a new mass media virus alert to come
    Tuesday, 31 January 2006


    Quotes:

    February's first major story is likely to be a worm called "Blackworm." According to the security industry "buzz," this one is the "Armageddon" we've all been promised in earlier press releases and then some. And in some respects, for those who are still infected, it very well could be a more destructive nasty than many seen recently. And of course, for those using BOClean, it's a non-issue as usual.

    Back on January 14th, one of our "spotters" in Japan saw a "warez" site in China ("warez" sites usually offer hacked versions of software or "keygens" which allow people to activate commercial or shareware software without paying for it) which offered a version of the popular "WINZIP" program for download. On a lark, he downloaded it and forwarded it to our BOClean lab team for analysis. It turned out to be a rather malicious worm. As a result, on our January 14th BOClean update, we included this worm (which by our policies of trying to use the actual name of trojans rather than the antivirus industry's obfuscation of the name) we dubbed "EVILPAIN" after the name of the item found within its heavily encrypted memory image.

    A few days later, ranging from January 15th when LURHQ discovered an increase in traffic to the 20th when numerous antivirus companies started to detect this worm, we began receiving copies of this in our emails from infected users around the globe who didn't use our BOClean product, which already detected this item. As the antiviruses began to cover it, the names "blackworm," "My wife," and "CME-24" were attached to this nasty. As of the January 31 BOClean update, we changed the name of our covered trojan from "EVILPAIN" to "EVILPAIN(BLACKWORM)" because some of our customers have asked if we covered it already.


    Read more:
    http://www.privsoft.com/archive/nws-bkw.html
     
  4. FanJ

    FanJ Guest

    Re: Researchers Warn of File-Destroying Worm

    PS for the mods:
    May I suggest to add Blackworm in the title of the thread ;)
     
  5. FanJ

    FanJ Guest

  6. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Good idea - 'tis done :cool:
     
  7. FanJ

    FanJ Guest

    Thanks Detox ! :D
     
  8. Snowie

    Snowie Guest

    Blackworm Summery

    http://isc.sans.org/diary.php?storyid=1067
     
    Last edited by a moderator: Feb 1, 2006
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Is it a reasonable assumption that both top notch AVs and ATs such as Ewido will detect Blackworm? By this time their data bases should include it.

    Jerry
     
  10. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.