Language Selection

English French German Italian Portuguese Spanish

Mytob's Hackers May Spawn Unstoppable 'Super Worm'

Filed under
Security

There's mounting evidence that a group of industrious hackers is working on an especially destructive "super worm" that could spread from PC to PC indefinitely, or until it ran out of targets to infect.

The most recent clues are found in the slew of Mytob worms released this week that signal a systematic development process that may indicate," a security researcher said Friday.

Six variations of the Mytob worm have been spotted since Wednesday, June 1, by anti-virus vendors such as Symantec, bringing the total count since its debut four months before to more than 100. But prolific as it is, Mytob's reproductive habits aren't what draws attention from some experts.

"The variants are numbered, just as if it was a regular commercial program," said Carole Theriault, a security consultant at U.K-based Sophos. "One will be number version 1.0, the next 2.0. They're trying out things, different things in each," she said.

"They're following a carefully planned strategy to allow the worm to develop. By issuing multiple threats, all of which are tweaked slightly differently, they may be searching for the best code that will help them create a super worm."

A so-called super worm has been the bugbear of anti-virus researchers, and supposedly the Grail for hackers. The term is usually used to describe a worm that could spread indefinitely, or until it ran out of targets to infect.

The makers of Mytob, which includes code borrowed from earlier malware MyDoom and Rbot, appear to be a group calling itself "Hellbot," said Theriault. The group effort makes it possible, she went on, to crank out variant after variant, essentially flooding the Internet with copies and trying out techniques ad nauseam.

All Mytobs share characteristics such as hijacking addresses from compromised PCs to spread using its own SMTP engine, dropping in a backdoor Trojan so more malicious code can be added to the infected system, and try to shut down security software already on the computer.

The Hellbot group's been busy, Theriault added. As of Thursday, almost 50 percent of all malicious code Sophos was blocking consisted of Mytob variants. U.K.-based filtering firm MessageLabs reported similar percentages. According to Maksym Schipka, an anti-virus researcher with MessageLabs, Mytob represented at least 35 percent of all malware this week. In one 24-hour span, said Schipka, MessageLabs intercepted over 1.1 million copies of the worm.

Also active this week was the Bagle family of worms and Trojan downloaders, but researchers said that the spike in both groups, Mytob and Bagle, was probably just a coincidence.

"It's unusual, and interesting, that they're happening at the same time," said Theriault, "but there doesn't seem to be any connection at the moment."

The glut of Mytobs, however, did set one record. Several security firms pegged Mytob as the most pervasive piece of malware for the month of May, the first time that malicious code created in 2005 pushed older worms and viruses off the top spot. Both Sophos and Kaspersky Labs, a Moscow-based anti-virus software maker, had a Mytob variant in the number one spot on May's chart.

Source.

More in Tux Machines

Document Freedom Day 2017

  • Happy Document Freedom Day
    It is with great pleasure again that we are announcing Document Freedom Day celebration. As we mentioned we gave people 1 more month to prepare for the event and run it on Wednesday April 26th so it’s today! DFD is the international day to celebrate and raise awareness of Open Standards. Open Standards goes beyond essays and spreadsheets and covers all digital formats from artwork, sheet and recorded music, email, or statistics. They provide freedom from data lock-in and the subsequent supplier’s lock-in.
  • LibreOffice in The Matrix [m]

Why GPL Compliance Education Materials Should Be Free as in Freedom

I am honored to be a co-author and editor-in-chief of the most comprehensive, detailed, and complete guide on matters related to compliance of copyleft software licenses such as the GPL. This book, Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide (which we often call the Copyleft Guide for short) is 155 pages filled with useful material to help everyone understand copyleft licenses for software, how they work, and how to comply with them properly. It is the only document to fully incorporate esoteric material such as the FSF's famous GPLv3 rationale documents directly alongside practical advice, such as the pristine example, which is the only freely published compliance analysis of a real product on the market. The document explains in great detail how that product manufacturer made good choices to comply with the GPL. The reader learns by both real-world example as well as abstract explanation. However, the most important fact about the Copyleft Guide is not its useful and engaging content. More importantly, the license of this book gives freedom to its readers in the same way the license of the copylefted software does. Specifically, we chose the Creative Commons Attribution Share-Alike 4.0 license (CC BY-SA) for this work. We believe that not just software, but any generally useful technical information that teaches people should be freely sharable and modifiable by the general public. Read more

Android Leftovers

today's leftovers

  • MPV 0.25.0 Open-Source Video Player Supports DVB-T2, MacBook Pro's Touch Bar
    It's been more than two months since the MPlayer-based MPV open-source video player received an update, and the development team is proud to announce the immediate availability for download of MPV 0.25.0. MPV 0.25.0 is a major milestone and comes with significant changes, such as the fact that starting with this release, all future versions of the player will be tagged on the master branch. Also, this is the first release of MPV to drop support for Mac OS X 10.7 and earlier builds.
  • KDE Plasma 5.9.5 Is the Last in the Series, KDE Plasma 5.10 Is Coming End of May
    As expected, today KDE announced the availability of the fifth maintenance update to the current stable, yet short-lived KDE Plasma 5.9 desktop environment for GNU/Linux operating systems, versioned 5.9.5. KDE Plasma 5.9.5 is here more than a month after the release of the KDE Plasma 5.9.4 update, which most probably many of you use on your favorite GNU/Linux distributions. But the time has come to update your installations to KDE Plasma 5.9.5, the last point release in the series, adding more than 60 improvements across various components.
  • What was Linux like ten years ago?
    Linux has improved by leaps and bounds over the last decade, and more and more people have come to appreciate its power and flexibility. But a redditor recently wondered what it was like to run Linux ten years ago, and he got some very interesting responses from Linux veterans.
  • Highlights of YaST development sprint 33
    It has been a long time since our last status update! The reason is the end of the previous sprint caught quite some of the YaST Team members on vacations and, when the vacation period was over, we were so anxious to jump into development to make YaST another little bit better that the blog post somehow fell behind. But it’s time to pay our (reporting) debts. So these are some of the highlights of the 33th development sprint that finished on April 11th.
  • StackIQ announces support for SUSE Linux Enterprise Server, Raspberry Pi and NetApp Storage Arrays in major new release, Stacki 4.0
  • Red Hat repackages its application management tech into software containers
    A year after buying application connectivity startup 3scale Inc., Red Hat Inc. is making the technology that it obtained through the deal available in a new form geared toward tech-savvy firms. Unveiled on Thursday, Red Hat 3scale API Management – On Premise runs on the company’s OpenShift Container Platform and is designed to be deployed inside Docker instances. It’s an alternative to the original cloud version of 3scale for organizations that wish to keep their operations behind the firewall. The software should be particularly appealing to government agencies and firms in regulated industries, which often can’t move certain workloads off-premises due to security obligations.
  • Ubuntu 17.10 Daily Build Downloads Now Available
    Ubuntu 17.10 daily build images are available to download.
  • This Script Can Make GNOME Shell Look like Windows, Mac, or Unity
    GNOME Shell’s stock experience is fairly vanilla, but with the right ingredients you can give it an entirely different flavour. GNOME Layout Manager is a new script in development that takes advantage of this malleability.
  • 96Boards Officially Launches The HiKey 960 ARM Board
    The 96Boards organization has announced the official launch and shipping of the HiKey 960.