Jump to content

'Dabber' worm targets computers through Sasser


Recommended Posts

A computer worm that spreads using flaws in the code of the Sasser worm has been identified by computer experts. Called "Dabber", the new worm is the first to scavenge access to computers using another worm.

Sasser was released on 30 April and exploits a vulnerability in Microsoft's operating system software, Windows XP and Windows 2000, in order to infect computers. Over the following week this and three more variants managed to spread to around a million computers worldwide.

An analysis of the worm was published online by the computer security firm LURHQ, based in Michigan in the US, on Thursday.

"Even though we have seen worms utilize backdoors left behind by other worms, this is the first time we have seen a worm using a vulnerability in another worm in order to propagate," says the analysis.

Complete control

The analysis was updated on Friday to state that Dabber's code is largely based on another worm called Doomran, which also feeds off another piece of malicious code. Doomran uses a backdoor previously installed by the email virus MyDoom to slip between machines.

Dabber probes a network for computers infected with Sasser. It then uses a flaw in part of Sasser's code to force access to that machine. After deleting all trace of Sasser it then installs a backdoor that could be used to upload other programs to an infected machine. This might give a hacker complete control over that system. Dabber then sets about scanning for further Sasser-infected computers to infect.

The new Dabber worm was discovered shortly after the authorities claimed success in the search for the creator of Sasser. On 7 May an 18-year-old man in Rotenberg, a small town in Lower Saxony, Northern Germany was arrested on suspicion of releasing Sasser and is reported to have confessed to the crime.

The arrest came after informants contacted Microsoft to ask if the software company would give a reward for information about the worm's creator. Microsoft had previously offered three bounties of £250,000 for information leading to the successful prosecution of the creators of other viruses.

http://www.newscientist.com/news/news.jsp?id=ns99994997

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Our picks

    • Wait, Burning Man is going online-only? What does that even look like?
      You could have been forgiven for missing the announcement that actual physical Burning Man has been canceled for this year, if not next. Firstly, the nonprofit Burning Man organization, known affectionately to insiders as the Borg, posted it after 5 p.m. PT Friday. That, even in the COVID-19 era, is the traditional time to push out news when you don't want much media attention. 
      But secondly, you may have missed its cancellation because the Borg is being careful not to use the C-word. The announcement was neutrally titled "The Burning Man Multiverse in 2020." Even as it offers refunds to early ticket buyers, considers layoffs and other belt-tightening measures, and can't even commit to a physical event in 2021, the Borg is making lemonade by focusing on an online-only version of Black Rock City this coming August.    Read more...
      More about Burning Man, Tech, Web Culture, and Live EventsView the full article
      • 0 replies
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
×
×
  • Create New...