back to article Superworm Crisis eats Macs, VMware and - shock - Windows

Security watchers have discovered a virus strain that compromises VMware virtual machines as well as infecting Mac OS X and Windows computers and Windows Mobile devices. It demonstrates previously unseen capabilities in the process. The Crisis malware typically arrives in a Java archive file (.jar) and is typically installed …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Where are you now ...

    RICHTO ?

    1. Anonymous Coward
      Anonymous Coward

      So

      So long as you don't play the free porn video......

    2. RICHTO
      Mushroom

      Re: Where are you now ...

      Here. First ever malware for Windows Mobile I think? But then it hasnt been updated for many years...

      This isnt actually exploiting any vulnerability as far as I can see other than stupidity?

      1. Anonymous Coward
        Anonymous Coward

        Re: Where are you now ...

        > This isnt actually exploiting any vulnerability as far as I can see other than stupidity?

        It's a threat to all WP7 users then ;-)

        1. Gerhard den Hollander

          Re: Where are you now ...

          both of them must be worried then .....

        2. RICHTO
          Mushroom

          Re: Where are you now ...

          I was thinking more of Mac users. They are mostly journalists too stupid to use a computer or 'creative' types that left school with only a GCSE in Art....

  2. Anonymous Coward
    Anonymous Coward

    Hardcoded IP for a command and control which it pings every five minutes.

    Mmmm.

    Smells like amateur hour.

    1. Anonymous Coward
      Anonymous Coward

      As does the article itself

    2. dotdavid
      WTF?

      Wait a minute, that's *my* IP they're using! The bastards!

      Wait...

      1. Anonymous Coward
        Anonymous Coward

        :)

        Reminds of the days on IRC when someone would post "TEACH ME TO HACK" on a channel and we told them to direct <whatever script was current> at 127.0.0.1. Strangely, they dropped offline then :)

        1. Anonymous Coward
          Anonymous Coward

          @AC

          I think most *nix related channels have had such experiences. Even so, I found that using addresses such as 127.10.45.65 proofed to be way more effective than the "easily recognizable" default address.

  3. jai

    late?

    This is listed on the Symantec and Sophos websites since 25th July. It's a bit late to be talking about it now isn't it?

    It's seems that Symantec has been detecting this type of jar delivered malware since 2010!

    Or is it just the way it attacks VMWare that makes it news worthy?

    1. Jon Lamb

      Re: late?

      I've always assumed the article delay was usually caused by having to think up a catchy sub-title. Not sure what happened here.

    2. diodesign (Written by Reg staff) Silver badge

      Re: late?

      Yeah, it's the four-way whammy of VMware, Mac OS X, Windows and Windows Mobile (what's that?) that's new.

      C.

      1. Miek
        Coat

        Re: late?

        Wake me up when it has Linux support.

        1. RICHTO
          Mushroom

          Re: late?

          That will be when Linux grows past 1% market share....

          1. Miek
            Linux

            Re: late?

            1% in which market?

  4. RyokuMas Silver badge
    Trollface

    Nope...

    I'd bet it's because it's only just been revealed that this can affect Windows mobile devices - and the opportunity to take a swipe was too much to resist...

    1. Fred Flintstone Gold badge
      Coat

      Re: Nope...

      the opportunity to take a swipe was too much to resist

      What? It scans gestures too?

      1. Anonymous Coward
        Anonymous Coward

        What? It scans gestures too?

        A virus that uses gestures <flick through patent applications>, sorry Apple own that one, it can no longer be used in the US. The rest of the world can freely be infected.

  5. Destroy All Monsters Silver badge

    Ass slappage worm

    There was a write up in July...

    http://www.theregister.co.uk/2012/07/25/mac_crisis_malware/

  6. Magnus_Pym

    Worm? Virus?

    Does it not say 'tricks the user into installing" ?

    That's a Trojan then isn't it?

    1. diodesign (Written by Reg staff) Silver badge

      Re: Worm? Virus?

      There's no trickery involved if transfered by an infected drive, AIUI.

      C.

    2. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: Worm? Virus?

        Trojan = Malicious software that pretends to be something useful in order to trick user into running it.

        1. This post has been deleted by its author

        2. Frumious Bandersnatch Silver badge

          Re: Worm? Virus?

          pretends to be something useful in order to trick

          Like a giant wooden horse, for example. Someone should surely be able to find a use for that.

  7. Anonymous Coward
    Anonymous Coward

    Flash player java applet?

    Wossat?

    1. Anonymous Coward
      Anonymous Coward

      Re: Flash player java applet?

      @Destroy all monsters: Thanks, your link to the previous story told me that a "Flash player java applet" is a "Java Archive file which pretends to be Adobe Flash Player"

      The idea of Adobe writing a Flash installer in Java raises a smile, if nothing else

      1. Badvok
        Trollface

        Re: Flash player java applet?

        And if Adobe actually used Java to implement Flash it would probably be faster and less resource hungry.

  8. Anonymous Coward
    Anonymous Coward

    previous unseen capabilities

    Err

    "It demonstrates previous unseen capabilities in the process."

    No it really does not. Spreading between differing OS's is not new, Dropping via the web using social engineering is not new or key-logging, Rootkit install, killing AV's or pretty much everything else listed.

    In-fact I can still remember the first publicly recorded worm that could run unmodified on both Win and Linux boxes written by a member of the 29a. Sorry but having the Binary’s for three differing OS's is not really new or novel either.

  9. TheRealRoland
    Meh

    So....

    Now the new question in certain circles will be 'But will it run Crisis?'

  10. JDX Gold badge

    Windows Mobile

    Does that specifically mean the old version, or Windows Phone also?

  11. Steve Knox
    WTF?

    "Flash Player Java applet"

    Hmm. My copy of Adobe Flash is incredibly buggy and slow. I wonder if there's anything I can replace it with -- oh, here's this e-mail, apparently Adobe has ported Flash to an incredibly buggy and slow platform! Surely that will work better!

  12. Anonymous Coward
    Anonymous Coward

    @Reg: Do Homework, use Proper Terms

    This is clearly a Trojan Horse, as the first thing you need to do is to enter the system password. But yeah, let's sell MacOSX virus scanners for the Total-O-Bozos to protect them from themselves.

    Surely Symantec, Kaspersky and M$ pay with nice advertising on the site for this Bull$hit news.

  13. This post has been deleted by a moderator

    1. Anonymous Coward
      Anonymous Coward

      Re: Windows security fail

      How dare you ? It is highly disrespectful not to show sympathy for your fellow PC users suffering form all kind of software pox. You know well that when there was last time a Linux virus (don't remember when was that, don't ask me, OK?) they were all trying to comfort you saying "it's OK, just run an antivirus software provided by an industry leader and you'll be protected". You heartless FOSS-er!

      Now between the two of us, which distro do you like best ?

    2. Smartypantz
      Linux

      Re: Windows security fail

      Mee to.

      Runnning KVM on LVM on debian for virtualisation and debian on the desktop, no worries, licensing bullshit, crippleware gauntlets, forced "upgrades" end general creepiness of one of the platforms of the great information parasites of the world (you know who they are :-))

      1. Smartypantz
        Coat

        Re: Windows security fail

        Forgot to add "security software suite" blackmailing

      2. RICHTO
        Mushroom

        Re: Windows security fail

        I wouldnt feel quite so smug. Dont forget that the worst ever Internet worm infection (Morris worm) was on UNIX systems,,,

        1. This post has been deleted by a moderator

          1. RICHTO
            Mushroom

            Re: Windows security fail

            That doesnt change the facts as stated. It was the worst ever worm (took down much of the internet at the time) and it was only on UNIX systems.

          2. RICHTO
            Mushroom

            Re: Windows security fail

            Oh - and Microsoft was founded in 1975. Nice try though....

          3. Ottman001
            FAIL

            Re: Windows security fail

            @Eadon. I seriously think you take another look at the history books.

            Microsoft was founded in 1975. The origins of the internet can be traced to the 1960s.

            Having googled "the morris worm", I see that our trusty friend Wikipedia dates it at 1988 when Windows was just an unpopular GUI for use on top of DOS primarily found on isolated machines. On the other hand, Unix was a proper operating system that handled networking and ran the majority of systems connected to the early Internet. If writing an internet worm, platform just wasn't a choice.

            That time was an age of innocence. The term "computer security" was unheard of. No operating system was really prepared. Unix just happened to prove to be more secure because it was a multi-user operating system. User accounts and file permissions made much of the difference. Code quality may also have had something to do with it.

            1. This post has been deleted by a moderator

              1. This post has been deleted by its author

              2. Ottman001

                Re: Windows security fail

                @Eadon

                Looking at his posts, RICHTO is clearly pro-Microsoft. But in this case, the argument was pointless. Comparing the relative vulnerability to an Internet worm of two systems from 1980-something, one rarely connected to the internet (MS-DOS or MS-DOS/Windows 2.0), the other commonly connected (Unix) is just not a balanced test. I believe any independently minded rational person will conclude that Microsoft has historically been exceptionally poor at handling security challenges. While I agree with your position in part, I felt compelled to correct you because you have made so many completely inaccurate statements when trying to argue your case.

                1) The Morris worm escaped into the wild in November 1988, not 1982.

                2) Maybe you did mean that Microsofts share of the operating system market was non-existant. But what you wrote was that Mircosoft did not exist. The two are very different.

                3) "That computer security was unheard of is a myth." Ok, 'unheard' was a bit too strong a term. My bad. But it was not a widely understood risk. Your assertion that 1982 was "a decade before anyone had even heard of the Internet" is an equal abuse of language.

                4) You incorrectly state that the morris worm didn't cause damage. It didn't damage software or data but by preventing their use, caused harm in other ways such as financial.

                Regardless of if this is pedantry or not, I defend the right to pedantry. Misinformation and misinterpretation get harder to correct the longer they're allowed to persist.

                1. This post has been deleted by a moderator

              3. RICHTO
                Mushroom

                Re: Windows security fail

                It would depend on what 'Unix' varient you compared, but it terms of enterprise Linux distributions, Windows has had fewer security vulnerabilities that were on average less critical and were fixed faster every year since 2003. (2002 was the year that Bill Gates set security as Microsofts #1 priority.)

                This is why internet facing Linux servers are so much less secure and more likely to be hacked than Windows ones - and the gap is widening!

                http://www.zone-h.org/news/id/4737

  14. Dave 126 Silver badge

    So...

    Can it break out of a virtual machine?

    Can it be stopped from getting onto a dormant virtual machine if the VM's virtual disk is encrypted?

    I ask as a domestic user who is intending to use a VM for internet browsing, as an extra safeguard against nasties. I would say it is actually for a friend who might visit dodgy websites, but you lot will just say 'A friend. Yeah right, we believe you'

  15. Gordon Fecyk
    Boffin

    Same prevention methods work

    Once launched, the worm puts in place a rootkit to hide itself from view; installs spyware to record the user's every move on the computer[...]

    Can't install anything as a non-admin, either on MacOS or Windows. Also not new.

  16. url
    Thumb Up

    finally we have the answer

    ...

    ...

    ...

    it can run crisis

  17. The Jase

    The OS wars

    Nothing pisses me off more than on a forum when you ask

    "I have problem xyz with Windows application abc"

    And some tosspot writes "get application xyz instead" or "get a Mac/Linux".

    That's like saying "I have a problem with my petrol Honda starting"

    and someone saying "get a diesel instead" or "get a Ford/Toyota"

    That's not an answer people.

  18. SiempreTuna
    FAIL

    Never Mind What It Is ..

    .. how do I find out if my PC/Mac/VM/(no-one has an MS phone so forget that) is infected and if so, how do I get rid of it?!

    1. RICHTO
      Mushroom

      Re: Never Mind What It Is ..

      Domestos kills all known viruses dead. Try putting some of that in your connection ports, and you should be fine....

  19. TrishaD

    @The Jase

    Or indeed people who's reaction to news of new malware is to castigate the stupidity of the average PC user.

    I'd remind anyone working in IT of one small fact...

    It's the 'dumbass' end user who pays your wages, whether directly or indirectly.

    1. angelochoa

      Re: @The Jase

      Or that they may be "the stupid <something else> user"

  20. Anonymous Coward
    Anonymous Coward

    Introducing the Evil virus..

    .. it installs Windows 8 everywhere..

  21. ross

    it amazes me, all the panic about this when this

    http://www.sniperspy.com/

    and others like it are freely available to any one with about $100.00 US. and they are legal!!!!! but it is as scary as any virus. it does more than this virus we are talking of here. even the Australian Privacy Foundation don't see it as anything to worry about apparently

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020