Feeds

back to article Superworm Crisis eats Macs, VMware and - shock - Windows

Security watchers have discovered a virus strain that compromises VMware virtual machines as well as infecting Mac OS X and Windows computers and Windows Mobile devices. It demonstrates previously unseen capabilities in the process. The Crisis malware typically arrives in a Java archive file (.jar) and is typically installed by …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Where are you now ...

RICHTO ?

1
0
Anonymous Coward

So

So long as you don't play the free porn video......

0
1
Bronze badge
Mushroom

Re: Where are you now ...

Here. First ever malware for Windows Mobile I think? But then it hasnt been updated for many years...

This isnt actually exploiting any vulnerability as far as I can see other than stupidity?

1
4
Anonymous Coward

Re: Where are you now ...

> This isnt actually exploiting any vulnerability as far as I can see other than stupidity?

It's a threat to all WP7 users then ;-)

5
3

Re: Where are you now ...

both of them must be worried then .....

2
0
Bronze badge
Mushroom

Re: Where are you now ...

I was thinking more of Mac users. They are mostly journalists too stupid to use a computer or 'creative' types that left school with only a GCSE in Art....

0
1
Anonymous Coward

Hardcoded IP for a command and control which it pings every five minutes.

Mmmm.

Smells like amateur hour.

6
0
Anonymous Coward

As does the article itself

2
6
WTF?

Wait a minute, that's *my* IP they're using! The bastards!

Wait...

4
1
Anonymous Coward

:)

Reminds of the days on IRC when someone would post "TEACH ME TO HACK" on a channel and we told them to direct <whatever script was current> at 127.0.0.1. Strangely, they dropped offline then :)

4
0
Silver badge

@AC

I think most *nix related channels have had such experiences. Even so, I found that using addresses such as 127.10.45.65 proofed to be way more effective than the "easily recognizable" default address.

1
0
jai
Silver badge

late?

This is listed on the Symantec and Sophos websites since 25th July. It's a bit late to be talking about it now isn't it?

It's seems that Symantec has been detecting this type of jar delivered malware since 2010!

Or is it just the way it attacks VMWare that makes it news worthy?

0
0

Re: late?

I've always assumed the article delay was usually caused by having to think up a catchy sub-title. Not sure what happened here.

4
0
(Written by Reg staff) Silver badge

Re: late?

Yeah, it's the four-way whammy of VMware, Mac OS X, Windows and Windows Mobile (what's that?) that's new.

C.

3
2
Silver badge
Coat

Re: late?

Wake me up when it has Linux support.

0
0
Bronze badge
Mushroom

Re: late?

That will be when Linux grows past 1% market share....

0
2
Silver badge
Linux

Re: late?

1% in which market?

0
0
Bronze badge
Trollface

Nope...

I'd bet it's because it's only just been revealed that this can affect Windows mobile devices - and the opportunity to take a swipe was too much to resist...

1
0
Gold badge
Coat

Re: Nope...

the opportunity to take a swipe was too much to resist

What? It scans gestures too?

1
0
Anonymous Coward

What? It scans gestures too?

A virus that uses gestures <flick through patent applications>, sorry Apple own that one, it can no longer be used in the US. The rest of the world can freely be infected.

1
0
Silver badge

Ass slappage worm

There was a write up in July...

http://www.theregister.co.uk/2012/07/25/mac_crisis_malware/

2
0

Worm? Virus?

Does it not say 'tricks the user into installing" ?

That's a Trojan then isn't it?

0
0
(Written by Reg staff) Silver badge

Re: Worm? Virus?

There's no trickery involved if transfered by an infected drive, AIUI.

C.

2
0

This post has been deleted by its author

Anonymous Coward

Re: Worm? Virus?

Trojan = Malicious software that pretends to be something useful in order to trick user into running it.

6
1

This post has been deleted by its author

Bronze badge

Re: Worm? Virus?

pretends to be something useful in order to trick

Like a giant wooden horse, for example. Someone should surely be able to find a use for that.

4
0
Anonymous Coward

Flash player java applet?

Wossat?

1
1
Anonymous Coward

Re: Flash player java applet?

@Destroy all monsters: Thanks, your link to the previous story told me that a "Flash player java applet" is a "Java Archive file which pretends to be Adobe Flash Player"

The idea of Adobe writing a Flash installer in Java raises a smile, if nothing else

2
0
Trollface

Re: Flash player java applet?

And if Adobe actually used Java to implement Flash it would probably be faster and less resource hungry.

0
0
Anonymous Coward

previous unseen capabilities

Err

"It demonstrates previous unseen capabilities in the process."

No it really does not. Spreading between differing OS's is not new, Dropping via the web using social engineering is not new or key-logging, Rootkit install, killing AV's or pretty much everything else listed.

In-fact I can still remember the first publicly recorded worm that could run unmodified on both Win and Linux boxes written by a member of the 29a. Sorry but having the Binary’s for three differing OS's is not really new or novel either.

0
2
Meh

So....

Now the new question in certain circles will be 'But will it run Crisis?'

4
0
JDX
Gold badge

Windows Mobile

Does that specifically mean the old version, or Windows Phone also?

1
0
Silver badge
WTF?

"Flash Player Java applet"

Hmm. My copy of Adobe Flash is incredibly buggy and slow. I wonder if there's anything I can replace it with -- oh, here's this e-mail, apparently Adobe has ported Flash to an incredibly buggy and slow platform! Surely that will work better!

1
4
Anonymous Coward

@Reg: Do Homework, use Proper Terms

This is clearly a Trojan Horse, as the first thing you need to do is to enter the system password. But yeah, let's sell MacOSX virus scanners for the Total-O-Bozos to protect them from themselves.

Surely Symantec, Kaspersky and M$ pay with nice advertising on the site for this Bull$hit news.

1
9

This post has been deleted by a moderator

Anonymous Coward

Re: Windows security fail

How dare you ? It is highly disrespectful not to show sympathy for your fellow PC users suffering form all kind of software pox. You know well that when there was last time a Linux virus (don't remember when was that, don't ask me, OK?) they were all trying to comfort you saying "it's OK, just run an antivirus software provided by an industry leader and you'll be protected". You heartless FOSS-er!

Now between the two of us, which distro do you like best ?

4
3
Linux

Re: Windows security fail

Mee to.

Runnning KVM on LVM on debian for virtualisation and debian on the desktop, no worries, licensing bullshit, crippleware gauntlets, forced "upgrades" end general creepiness of one of the platforms of the great information parasites of the world (you know who they are :-))

3
0
Coat

Re: Windows security fail

Forgot to add "security software suite" blackmailing

2
0
Bronze badge
Mushroom

Re: Windows security fail

I wouldnt feel quite so smug. Dont forget that the worst ever Internet worm infection (Morris worm) was on UNIX systems,,,

1
4

This post has been deleted by a moderator

Bronze badge
Mushroom

Re: Windows security fail

That doesnt change the facts as stated. It was the worst ever worm (took down much of the internet at the time) and it was only on UNIX systems.

1
2
Bronze badge
Mushroom

Re: Windows security fail

Oh - and Microsoft was founded in 1975. Nice try though....

1
1
FAIL

Re: Windows security fail

@Eadon. I seriously think you take another look at the history books.

Microsoft was founded in 1975. The origins of the internet can be traced to the 1960s.

Having googled "the morris worm", I see that our trusty friend Wikipedia dates it at 1988 when Windows was just an unpopular GUI for use on top of DOS primarily found on isolated machines. On the other hand, Unix was a proper operating system that handled networking and ran the majority of systems connected to the early Internet. If writing an internet worm, platform just wasn't a choice.

That time was an age of innocence. The term "computer security" was unheard of. No operating system was really prepared. Unix just happened to prove to be more secure because it was a multi-user operating system. User accounts and file permissions made much of the difference. Code quality may also have had something to do with it.

1
1

This post has been deleted by a moderator

This post has been deleted by its author

Re: Windows security fail

@Eadon

Looking at his posts, RICHTO is clearly pro-Microsoft. But in this case, the argument was pointless. Comparing the relative vulnerability to an Internet worm of two systems from 1980-something, one rarely connected to the internet (MS-DOS or MS-DOS/Windows 2.0), the other commonly connected (Unix) is just not a balanced test. I believe any independently minded rational person will conclude that Microsoft has historically been exceptionally poor at handling security challenges. While I agree with your position in part, I felt compelled to correct you because you have made so many completely inaccurate statements when trying to argue your case.

1) The Morris worm escaped into the wild in November 1988, not 1982.

2) Maybe you did mean that Microsofts share of the operating system market was non-existant. But what you wrote was that Mircosoft did not exist. The two are very different.

3) "That computer security was unheard of is a myth." Ok, 'unheard' was a bit too strong a term. My bad. But it was not a widely understood risk. Your assertion that 1982 was "a decade before anyone had even heard of the Internet" is an equal abuse of language.

4) You incorrectly state that the morris worm didn't cause damage. It didn't damage software or data but by preventing their use, caused harm in other ways such as financial.

Regardless of if this is pedantry or not, I defend the right to pedantry. Misinformation and misinterpretation get harder to correct the longer they're allowed to persist.

0
0

This post has been deleted by a moderator

Bronze badge
Mushroom

Re: Windows security fail

It would depend on what 'Unix' varient you compared, but it terms of enterprise Linux distributions, Windows has had fewer security vulnerabilities that were on average less critical and were fixed faster every year since 2003. (2002 was the year that Bill Gates set security as Microsofts #1 priority.)

This is why internet facing Linux servers are so much less secure and more likely to be hacked than Windows ones - and the gap is widening!

http://www.zone-h.org/news/id/4737

0
3
Silver badge

So...

Can it break out of a virtual machine?

Can it be stopped from getting onto a dormant virtual machine if the VM's virtual disk is encrypted?

I ask as a domestic user who is intending to use a VM for internet browsing, as an extra safeguard against nasties. I would say it is actually for a friend who might visit dodgy websites, but you lot will just say 'A friend. Yeah right, we believe you'

2
0

Page:

This topic is closed for new posts.