'Offensive' worm spreading worldwide

by abennett
Be the first to comment | I like it!
More »
on this topic
August 24, 2001, 03:51 PM —  ITworld.com — 

A new script that can severely limit user access to infected systems is spreading slowly worldwide, antivirus companies said.

The program, a Trojan horse, called either Trojan.JS.Offensive or Trojan.Offensive, can make Windows desktop icons invisible, can prevent users from starting programs or shutting down Windows and even persists when a machine is being used in safe mode, according to information posted on Symantec Corp.'s antivirus Web site. Luckily for users, Symantec doesn't see wide distribution of the worm yet.

Trojan.Offensive arrives in users' e-mail in-boxes as an HTML e-mail, though it could also be a Web page found on the Internet, if someone posted it there, Symantec said. The Trojan, written in Javascript, presents a button that reads "Start" which, when clicked, activates the script. A variant of the Trojan activates when the file is opened and lacks the "Start" button. When the Trojan is executed, it proceeds to make a series of system-level changes to the configuration of the infected PC, greatly limiting user access to the system.

The Trojan exploits a ten-month-old security hole in Microsoft Corp.'s Java Virtual Machine, said Craig Schmugar, a virus researcher with McAfee's AVERT Labs. Systems which have had the patch Microsoft released applied are not vulnerable, he said.

The combination of an attack tool, called an exploit, and a Trojan is likely to become more common, as will the combination of exploits and worms, of which Code Red was an example, Schmugar said.

"I suspect we will see a lot more use of vulnerabilties (in worms, viruses and Trojans)," he said. In fact, a Web exploiting this same vulnerability and using the same technique, but not using Trojan.Offensive itself, was discovered by AVERT last week, he said. The site has since been taken offline, he said.

Trojan.Offensive is not yet widespread and isn't likely to be, Schmugar said. Unlike a worm, which will often use an e-mail application to resend itself to other potential victims, Trojan.Offensive isn't likely to be able to spread itself because it locks systems up so extensively, he said.

If a PC is infected by Trojan.Offensive, typical users should contact technical support staff immediately, Symantec said. A reinstallation of Windows, a deletion of the Trojan using DOS, or changing the system settings back by hand are ways to remove the infection, Symantec said.

"The average end user is going to have a heck of a time getting around these problems," AVERT's Schmugar agreed.

Symantec, in Cupertino, California, can be reached at +1-408-253-9600 or via the Web at http://www.symantec.com. McAfee, in Santa Clara, California, can be contacted at +1-408-992-8100 or http://www.mcafeeb2b.com/.

ITworld.com

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
Free books

Build your tech library with our book giveaways.

Windows PowerShell 2.0 Unleashed
By Tyson Kopczynski, Pete Handley, Marco Shaw; Published by Sams

Windows PowerShell Unleashed will not only give you deep mastery over PowerShell but also a greater understanding of the features being introduced in PowerShell 2.0–and show you how to use it to solve your challenges in your production environment. Enter now!

 

Ubuntu Server Administration
By Michael Jang; Published by McGraw-Hill Osborne Media

Realize a dynamic, stable, and secure Ubuntu Server environment with expert guidance, tips, and techniques from a Linux professional. Ubuntu Server Administration covers every facet of system management -- from users and file systems to performance tuning and troubleshooting. Enter now!

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
More Resources