Kazaa viruses showing up like crazy
MonsieurEvil
Join Date: 2002-01-22 Member: 4Members, Retired Developer, NS1 Playtester, Contributor
Join Date: 2002-01-22 Member: 4Members, Retired Developer, NS1 Playtester, Contributor
in Off-Topic
<div class="IPBDescription">That's what you get for pirating!</div>There have been a rash of Kazaa-spread viruses showing up lately. This tool has lousy internal checking of files (by its very nature), and is starting to be the method of choice. After all, Kazaa is built like a Trjan, and designed to put files on your PC.
Check these links for more information. Symantec links 16 kinds of Kazaa viruses in its database right now, with several in the last week alone.
<a href="http://www.symantec.com/avcenter/venc/data/w32.kitro.e.worm.html" target="_blank">W32.Kitro.E.Worm - overwrites your files and cripples your antivirus software</a>
<a href="http://www.symantec.com/avcenter/venc/data/w32.supova.b.worm.html" target="_blank">w32.supova.b.worm - Deletes OS files and lowers performance</a>
<a href="http://www.symantec.com/avcenter/venc/data/bat.eversaw.b@mm.html" target="_blank">bat.eversaw.b@mm - Deletes files</a>
<a href="http://www.symantec.com/avcenter/venc/data/w32.evala.worm.html" target="_blank">w32.evala.worm - Gives hacker access to your PC</a>
<a href="http://search.symantec.com/custom/us/query.html" target="_blank">Type 'Kazaa' in the search field here to see all 16 known viruses</a>
As always, the best defense is to not run file-sharing applications that allow access to your PC from the internet, and to install and maintain Anti-Virus software like Norton, McAfee, or others. And stop pirating software!
Check these links for more information. Symantec links 16 kinds of Kazaa viruses in its database right now, with several in the last week alone.
<a href="http://www.symantec.com/avcenter/venc/data/w32.kitro.e.worm.html" target="_blank">W32.Kitro.E.Worm - overwrites your files and cripples your antivirus software</a>
<a href="http://www.symantec.com/avcenter/venc/data/w32.supova.b.worm.html" target="_blank">w32.supova.b.worm - Deletes OS files and lowers performance</a>
<a href="http://www.symantec.com/avcenter/venc/data/bat.eversaw.b@mm.html" target="_blank">bat.eversaw.b@mm - Deletes files</a>
<a href="http://www.symantec.com/avcenter/venc/data/w32.evala.worm.html" target="_blank">w32.evala.worm - Gives hacker access to your PC</a>
<a href="http://search.symantec.com/custom/us/query.html" target="_blank">Type 'Kazaa' in the search field here to see all 16 known viruses</a>
As always, the best defense is to not run file-sharing applications that allow access to your PC from the internet, and to install and maintain Anti-Virus software like Norton, McAfee, or others. And stop pirating software!
Comments
Sorry Genie, Kazaalite is just as vulnerable to these viruses. The distribution methodology is what's at fault - you are granting access to strangers and getting files from them as well when you use any file-sharing app. There were also Morpheus, Napster, BearShare, and other file-sharing viruses made in the last few years.
I think you guys are confusing the 'gator' spyware trojan that came with the full Kazaa and these other viruses. They are separate issues entirely.
<!--EDIT|MonsieurEvil|July 22 2002,12:39-->
things seem alot easier when using Imesh, if I need any bots for a hl mod and I'm just too lazy to go search the net I just need to write "Day of defeat sturmbot" and poof I have the latest release, also if I want to upgrade a mod of mine, "Cs 1.4 to 1.5" and poof, there it is, alot easier,
don't have to be in fileplanet line :/
I've been using imesh for quite some time now and I've never gotten a virus through it.
Imesh is my own little program that saves me from alot of trouble and wasted energy, so instead of searching the net I can sleep! weeee
Editor's note: This download includes additional applications that are bundled within the software's installer file, some of which may be provided by parties other than the developer of this download. These applications may deliver advertisements, collect information, overlay content or graphics on the Web site you are viewing, or modify your system settings. As with all downloads, CNET recommends that you pay close attention to the options presented to you during the installation process. Known third-party applications bundled with this download include eZula, SaveNow, and New.net. For more information, please read CNET News.com's report on bundled software.
All this, after reading about how the company swears up and down not to include spyware. Also, the fact that you have not received a virus (that you know about) is no indicator of future performance, to borrow from the stock market guys.
There is no free lunch, and hoping other users besides yourself are keeping their PC's clean is asking for trouble.
Besides, those virii prolly require EXE files, and I just don't download those.
And just because you catch two before they get in doesn't do anything for a new virus that your AV company has not written a pattern definition for yet. I guess you guys just want to find out the hard way - it would explain why your PC always so screwed up during playtesting, Molec.
<!--emo&:p--><img src="http://www.natural-selection.org/iB_html/non-cgi/emoticons/tounge.gif" border="0" valign="absmiddle" alt=':p'><!--endemo-->
Using file-sharing apps is bad, mmmkay?
<!--EDIT|MonsieurEvil|July 23 2002,00:03-->
<a href="http://features.slashdot.org/article.pl?sid=02/06/14/1343223&mode=thread&tid=166" target="_blank">McAfee Manufactures Virus Threat</a>
Affected JPEG files facilitate this malware's routine only on infected machines and behave as normal JPEG files on non-infected systems.
<i>(Taken from Trend Micro's site)</i><!--QuoteEnd--></td></tr></table><span id='postcolor'><!--QuoteEEnd-->So you can't be infected by JPEG's you get of Kazaa. Or MP3's (I can't find any virus description anywhere that says a virus can infect MP3 files (at least, change them so that they can infect your PC).
People will believe anything.
That's fine and everything, but just because the first version of a virus does not have a destructive payload doesn't mean anything. The recent JPEG virus was more a 'tech demo' than anything else. The issue still stands.
The MP3 virus was a hoax (which even took me in; I went and read a few articles about how it's been floating around as a myth for 4 years).
However (and here I take issue with Monkey) most people I know seem to think that viruses can't happen to them. Giving people a false sense of security is not the answer. In a recent contract I did for a wireless company in NC, after I rolled out an enterprise anti-virus solution, we ended finding about 50,000 viruses on 2000 PC's and 200 servers. Not cool.
I know that anti-virus companies like to make a big hulabaloo about viruses, but that doesn't mean they aren't out there. Go work a few years in the tech industry, see a virus like melissa, nimda, or iloveyou take a company down completely for a couple of days, and you'll have a better understanding.
<!--EDIT|MonsieurEvil|July 23 2002,11:02-->
movie files though, especially microsoft's web based formats like ASF, ASX (streaming), and WMV, those could potentially do funky things as they have all that web crap hidden in them. sometimes (is rare) but a video will open IE or somethin when its played. well if whoever made the video links it directly to a virus... you get the picture.
so anybody who stands by the JPEG thing actually care to explain how the virus goes from reading in your image viewer to somehow executing code? heh. cause i'd love to see an explaination of why :P I don't doubt it happening as much as the mp3 thing though cause i've heard many reports of this kinda thing or years, including by a few personal friends (that doesn't mean anything though, heh)...
I can't seem to find a good article on it. Most of the AV companies don't seem to know much about it, or have clammed up after the backlash of the first version not being a big deal.
The best I can find is from The Register:
<!--QuoteBegin--></span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td><b>Quote</b> </td></tr><tr><td id="QUOTE"><!--QuoteEBegin-->
Anti-virus firms have discovered a Windows virus that infects JPEG image files, though the chances of it causing a major security risk any time soon are close to zero. W32/Perrun, as Networks Associates Inc named the virus, was assessed as low risk, and has not been found in the wild.
"It is believed to be the first of its kind," said Vincent Gullotto. "It's no danger, but it shows that virus writers are looking at other methods of infection." In the last year, virus writers have started using other file types, such as PDFs and Flash animations, to spread themselves.
Perrun arrives as an executable file. When run, it drops a further "infector" executable onto the machine and adds it to the Windows registry, Gullotto said. Whenever a JPEG file, or a file with a .jpg extension is opened, the infector appends the virus to the end of the file before the image is displayed via the user's preferred image viewer.
Sending infected JPEGs to other, uninfected computers will have no effect, NAI confirmed. Image files do not have the ability to execute malicious code, so simply viewing a JPEG, without the infector running on the same machine, will not have any effect, other than slowing it down while any installed anti-virus software scans it.
<!--QuoteEnd--></td></tr></table><span id='postcolor'><!--QuoteEEnd-->
The point, any kind of executed file has the potential to carry viruses. Hence the mention of graphic format files like flash movies, adobe PDF files, and others. Just because there isn't a working virus yet doesn't mean that hundreds of tiresome virus writers in the world aren't working on them.
Small update, from Microsoft's Windows Media Player knowledgebase article:
<!--QuoteBegin--></span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td><b>Quote</b> </td></tr><tr><td id="QUOTE"><!--QuoteEBegin-->In addition to the audio and video content, Windows Media files can contain data that runs your browser and opens a specific Internet address. For example, the content may open a Web site that is related to the audio or video content, or may contain text and graphics such as a banner advertisement<!--QuoteEnd--></td></tr></table><span id='postcolor'><!--QuoteEEnd-->
So yes, there is potential for execeution in audio and movie files for execution of maliscious code. Go Doom!
<!--EDIT|MonsieurEvil|July 23 2002,11:29-->
I don't believe that I'll never have a virus (I've had several). I do think that some people make a much bigger fuss about it than they should. I know someone who doesn't even use e-mail (despite having a pop3 account with his isp), becuase he thinks that 'the moment I do, I'll get hundred's of viruses and I'll have to reinstall windows'. I appreciate how common they can be (if you use a computer at the college I go to, you can almost be certain that there'll be a virus on it, somewhere. But people there deliberately put viruses into the system - the computers don't belong to them, and they want to make other people's lives a misery).
McAffee is just playing on the fact that most of their customers are likely to be suspicious and paranoid.
Movie files... well, if you go to Windows Update, there's a load of Critical Updates for Windows Media Player to stop this sort of thing (not that I use Windows Media Player). But that's not the same as JPEG's and mp3's having 'viruses' in them.
The point: most of us have better things to worry about than viruses.
Incidentally, I'm sorry about being off topic; this sort of thing just happens sometimes.
I rest my case.
Oh, well...
Don't steal, and keep your stuff backed up.
Hey MonsE, you know of any viruses out there that can repartition, or screw up multiple partitions, or are most (all) of them pointed at the C:\ drive?
well this is the off topic forum :D