Your Ad Here Your Ad Here
Results 1 to 5 of 5

Thread: Witty Worm Overwrites Hard Disks

  1. #1

  2. Software & Hardware   -   #2
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    35
    Posts
    5,530
    this is a nasty piece of work so make sure if your using blackice you are up to date.

    The worm's functionality is as follows:

    1) Generates a random IP address
    2) Sends the worm payload
    3) Repeats steps 1-2 20,000 times
    4) Opens a random PHYSICALDRIVE from 0-7, which allows raw hard disk access
    5) Seeks to a random point on the disk
    6) Writes 65K of data from the beginning of the vulnerable DLL to the disk
    7) Closes the disk
    8) Starts the process over from step 1

    this at one point will corrupt your file tables making it impossible for average users to recover there data.

    I have to admit It is a very well thought out virus though. It makes a change from all those horrible mass mailing worms. This kinda destructive virus will probably educate alot of users that your system should remain up to date or you will use all your data to viruses like this.

    Another thing with this virus is that it remains in memory at all time so it is never written to disk. I wonder how many anti viruses will never be able to detect this virus because of this.

  3. Software & Hardware   -   #3
    WolverineDK's Avatar Poster
    Join Date
    May 2003
    Location
    Denmark
    Posts
    149
    well what about a dos start disc ? (write protect the shite offcourse) amd then run MCaffe ? viral removal ?

  4. Software & Hardware   -   #4
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    35
    Posts
    5,530
    there will be no virus to remove, it is destroyed when you switch the pc off because its only stored in ram.

    and try mounting a ntfs partition with a dos disk

    your best bet would be a linux live cd that can mount ntfs drives.

  5. Software & Hardware   -   #5
    Poster
    Join Date
    Aug 2003
    Location
    Burmoda triangle, right behind you!
    Posts
    571
    Blocked access to port 4000 for all proccesses(althoug it is blocked, in use and stealthed). That should keep us safe for sumt!m3.
    Click the longhorn icon to visit my website.
    <span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>

    ::::::::::::::::::::::::::::::::::::::::

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •