Just-Identified Internet Worm Attacks Forums Like Ours

News, announcements and technical support for the forum. Report any related problem and be sure it is going to be solved :).

Moderator: Moderators

Post Reply
VeskoP
Posts: 580
Joined: Mon Apr 05, 2004 8:10 pm

Just-Identified Internet Worm Attacks Forums Like Ours

Post: # 2193Post VeskoP »

I just learnt the following virus news from today:

An Internet worm is defacing forum software like the one operating this forum.

http://www.europe.f-secure.com/v-descs/santy_a.shtml

Here is an actual defaced forum: http://www.maelineq.com

It rates Level 2 (Large infections) on the F-Secure website (Level 1 is the most critical).

This forum has been already patched to the latest software version since last month, so we should be safe, but without more information available at the moment, and the possibility that even the latest version of the software is vulnerable, we could actually get a defacement pretty soon.
I will immediately make a current backup of everything just in case.
VeskoP
Posts: 580
Joined: Mon Apr 05, 2004 8:10 pm

Post: # 2195Post VeskoP »

The news just came from another security information source (BugTraq) that the latest version, the one that we are running, is not vulnerable. The backup has been done though, just in case.
User avatar
Robanan
Posts: 944
Joined: Sat Dec 04, 2004 3:27 pm
Location: Denmark
Contact:

Post: # 2199Post Robanan »

I think this is a coincidence and planned. There is a lot of information about The Thiaoouba Prophecy spreading all over the internet lately; igniting discussions about it in the form of different forums. I think somebody is intrested in stopping the communication of the message. I unfortunately do not have enough information to support my theory with. But I think this needs to be paid Attention.

It's the second day that I have been subjected to professional hacking attempts. Someone keeps trying to turn my computer to a zombie for sending Spam. This Someone is also intrested in the information I have saved on my computer. I'm on watch! :twisted:

P.S. I would appreciate assistance! :roll:
The essence of Consciousness, is the ability to Create, Process, Transmit and Receive Information Autonomously.
Vesko
Posts: 1086
Joined: Wed Apr 07, 2004 5:13 pm

Post: # 2209Post Vesko »

The link I quoted above has updated information now: http://www.europe.f-secure.com/v-descs/santy_a.shtml.
Also see http://securityresponse.symantec.com/av ... santy.html.

No, it definitely has nothing directly to do with "Thiaoouba Prophecy" or such topics. It blindly tries to attack sites running the forum software, irrespective of actual forum content.

Install a good firewall and a good antivirus, and forget about your problem with "hacking attempts". Unless they are trying to saturate your bandwidth with spewing garbage traffic at you or by excessive connection attempts, they can do nothing unless you get hoaxed to open a crafted e-mail attachment, or visit a hoax site.

If you are running Windows XP, the built-in Windows Firewall in SP2 is sufficient to protect you as a firewall, however if you are already infected / hacked, it is unable to do anything to stop the outgoing (from your computer) communication of the virus / trojan / malware. If you are not a business but a home user, there's a free ZoneAlarm that you can download and install. Note that if you have more than one computer in your household, and your Internet setup uses Windows's Internet Connection Sharing feature, the free ZoneAlarm is incompatible with that; the commercial works fine.

For antivirus, if you are a home user you can use the free AVG Antivirus. It includes on-access virus scanning and e-mail scanning (the latter only if you are using Outlook Express or Outlook; if you are using anything else for e-mail this is not the solution for you).

If you choose a paid commercial solution for firewall and antivirus, I'd recommend buying Norton Internet Security 2005, but unless you are in the US, it's close to 100 euro so it's far from cheap.

A superior and a free alternative, at least until the next version of Windows, Windows Codename "Longhorn", arrives in 2006, is to switch to an OS like GNU/Linux and not run as superuser (root). I'm running Fedora Core 3 with NSA's SELinux enabled and the OS is absolutely sufficient for any task, and as a bonus has a quite usable Windows emulation mode. Unless you use very specific Windows programs without any substitute, or you have some unsupported hardware, you have no reason whatsoever to use Windows. If you decide to give it a go, feel free to contact me.
Do you REALLY practice meditation? If your REALLY do, do you practice a GOOD method? Are you sure this is REALLY so?
Vesko
Posts: 1086
Joined: Wed Apr 07, 2004 5:13 pm

Post: # 2211Post Vesko »

From the news articles (see below) linked from related Slashdot news, there have been 40,000 forums defaced by the worm so far.
Here is how you can see for yourself: the following will display results for the text "NeverEverNoSanity WebWorm Generation" on MSN's beta search, which currently displays more results than Google.
http://beta.search.msn.com/results.aspx ... &FORM=QBRE
The result displayed by this search engine is over 30,000 pages / forums.

Since the worm uses Google to spread, antivirus companies have asked Google to stop the worm and people at Google have done that to prevent the worm from spreading further.

Note also that this worm is quite harmless -- it just defaces the website. Through the same security exploit it uses, another virus would be able to do a lot more harm, such as destroying the information in the forum database.
Do you REALLY practice meditation? If your REALLY do, do you practice a GOOD method? Are you sure this is REALLY so?
VeskoP
Posts: 580
Joined: Mon Apr 05, 2004 8:10 pm

Post: # 2289Post VeskoP »

There is a new variation of the worm that affects even the most recent version of the forum software. A person has even disclosed the full program code of the variation.

Source: BugTraq
VeskoP
Posts: 580
Joined: Mon Apr 05, 2004 8:10 pm

Post: # 2379Post VeskoP »

The attack has waned now.
VeskoP
Posts: 580
Joined: Mon Apr 05, 2004 8:10 pm

Post: # 3157Post VeskoP »

Edited on July 21, 2005: We are now running the latest forum software version (2.0.17).

In addition, a newly registering user must now enter a confirmation code that is displayed in pictorial form, not text, so that spam bots cannot bypass it and register on the forum. Recently there has been an outbreak of a such type of activity, and it would only be a matter of short time before such attempts are made.
"Man exists physically for the sole purpose to develop spiritually" -- let us all really remember this when we think what to do next.
Post Reply