Warning: Function get_magic_quotes_gpc() is deprecated in /var/www/trogworld.com/public_html/forums/includes/class_core.php on line 1960
Virus Alert!! [Archive] - TrogWorld

PDA

View Full Version : Virus Alert!!



Almuric
05-19-2006, 03:47 PM
http://www.eweek.com/article2/0,1759,1965042,00.asp?kc=EWRSS03129TX1K0000614

Watch out for Word documents. Current virus scanners dont catch this one yet!!

Protoss119
05-19-2006, 08:51 PM
Holy hell...that's new.

I think there's a simple solution to that. When that kind of virus appears through the backdoor, just have the anti-virus delete the rootkit. As you could possibly view the rootkit through Notepad, simply have the anti-virus delete anything that is <insert rootkit code here> and the virus should be exposed. It's all downhill from there.

And...what the hell? The attacker has complete control over the computer? This, my friend, could be the most devastating virus yet in my book.

Finally, if there's a better version of Microsoft Word, get that one. Correct me if I'm wrong, but the article states that the virus executes shellcode when processed by Microsoft Word 2003. If not processed by such or anything below it, then the virus will not execute the shellcode.

Darakian
05-20-2006, 03:07 AM
HAHA!
*is glad he doesn't use MS word*
HAHA!!!

Almuric
05-20-2006, 08:49 AM
Yeah, you're good if you dont use the latest version of Word. The parts I hate are:

1. Antivirus doesnt see it (yet).
2. If the payload runs, the antivirus wont catch it later either. :(

Protoss119
05-20-2006, 12:36 PM
But that's why I said - they need to update the antiviruses to they delete everything that is <insert rootkit code here>. How you can help them do that:

1. Find the virus, most likely in the Temp. Internet Files folder.

2. Open virus with notepad.

3. Copy all the code 'n stuff in there.

4. Paste it onto a Wordpad document, explain that this code is the virus along with the rootkit tool.

5. Take the Wordpad document and e-mail it to Microsoft. Have them handle it from there.

Darakian
05-20-2006, 06:28 PM
*is still lol'ing*
You should all use open office. It's free, compatable with MS junk, free, can output any document to a PDF and well.... free. Did I mention free?
http://www.Openoffice.org

Protoss119
05-20-2006, 07:35 PM
Correct me if I'm wrong, but if it's compatible with Microsoft junk, then it will probably open Word documents and trigger the virus, no?

Darakian
05-20-2006, 07:53 PM
Correct me if I'm wrong, but if it's compatible with Microsoft junk, then it will probably open Word documents and trigger the virus, no?

Ok. Yes MS word and open office both open .doc files. However this virus runs off an exploit in the MS word code (the program opening the file). Word is what executes this viral code. I do not think Open office is not affected for two reasons.
1. It is not MS word thus it must use a different code structure
2. It's java based where as MS word is based on C or C++ (not sure)

The news bits I have seen mention that it uses macros to spread itself and that it is only a danger in the newer versions of word. Open office is not 100% compatable with word (crazy macro functions anyone? >.>) so I think it's safe to assume open office can open this viral docs without worry.

Almuric
05-23-2006, 11:26 AM
As of today, MS has no patch. Their current answer is to take Word out of Outlook as your text editor AND run word in safemode. :roll:

Almuric
06-07-2006, 11:43 AM
Has anyone seen a notice of a patch for this?

Darakian
06-07-2006, 01:09 PM
Nope :P
Classic microsoft ;)

Almuric
06-07-2006, 06:52 PM
I figure they'll wait until a massive email comes out that takes advantage of it and forces everyone's email servers to collapse under the pressure.