NEWS Computers compromised by the Sasser worm may be vulnerable to a scavenging program that exploits a flaw in the software left behind by the worm, a security researcher said Thursday.
The worm - dubbed Dabber - has started spreading to Microsoft Windows systems, but likely won't have a large impact, said Joe Stewart, senior security researcher with network protection firm Lurhq.
"It is not going to be a big problem for anyone that is paying any attention at all to computer security," he said. "If somebody does get it, they probably already have Sasser and, most likely, Agobot as well."
Dabber is not the first worm to exploit back doors into compromised systems left behind by previous attackers. Two worms, Doomjuice and Deadhat, infected systems already compromised with the MyDoom virus.
However, Dabber may be the first worm to attack systems using a flaw in a previous malicious program. In this case, the file transfer protocol (FTP) server installed by Sasser to enable the worm to transfer itself to new hosts has a buffer-overflow vulnerability. Dabber uses that security flaw to spread to the new machine.
Once it copies itself to a new host, the worm will change the system settings so that operating system runs the malicious program every time it starts up. Dabber will also attempt to block other worms, which may have infected the machine, from running.
Finally, the worm will establish a back door into the software to allow knowledgeable attackers to take control of the system.
The scavenging worm arrives as German police are investigating more leads in the Sasser case. Already, the suspected author has been arrested in that country, based on information leaked to Microsoft by informants interested in reward money.
Robert Lemos writes for News.com
Comments
There are 6 comments. Join the discussion
1. Martyn Witt
Perhaps it might help deter the obnoxious parasites who write these worms, if they knew they'd be handed over to the US Military once they've been caught? ;-}
2. anonymous
Cut their hands off!
3. Jack J
Cut *their* hands off? How about cutting *yours*?
The people who do this are just smart teenagers. They only want to know more and more. Their schools can't provide them with the knowledge, so they resort to other measures. Either destructive or not. Either way they are creative - some like me try to find a hobby in game programming. Others find it better to write viruses. It's not the people who write those viruses to be blamed - it's those who don't care for thier talent.
4. ghandi
yeah man, jacks got a point here. I was in highschool not to long ago and I wrote a stupid little program using qbasic that would scroll some words across the screen. Yes, the words were bad. But thats not the point. The point is that I was alot smarter than the teacher and she thought that I was doing something bad to the computer. So they kicked me out of school. They were just afraid of me becuase I was smater than them. But now I'm dumb.
5. anonymous
I hope that you are just kidding. Kids or not, they are intentionally doing something that they know (or should know) is causing millions of dollars in damage and they should be treated like the criminals that they are. Just as I should be able to walk down the street or leave my house without fear of a criminal assulting me or breaking into my house, I should be able to use my computer, or any other device without fear of a criminal breaking into my systems and stealing or damaging my personal files. The simple fact is that these people are intending to hurt others, both businesses and individuals. It is time that we stopped making excuses for these criminals and start treating them like we do other criminals that intend to hurt people.
6. anonymous
I hope that you are just kidding. Kids or not, they are intentionally doing something that they know (or should know) is causing millions of dollars in damage and they should be treated like the criminals that they are. Just as I should be able to walk down the street or leave my house without fear of a criminal assulting me or breaking into my house, I should be able to use my computer, or any other device without fear of a criminal breaking into my systems and stealing or damaging my personal files. The simple fact is that these people are intending to hurt others, both businesses and individuals. It is time that we stopped making excuses for these criminals and start treating them like we do other criminals that intend to hurt people.