"mp3 Killer Worm"
<div class="IPBDescription">w32/nopir-b</div> <a href='http://www.siliconrepublic.com/news/news.nv?storyid=single4777' target='_blank'>Clicky</a>
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->The W32/Nopir-B worm spreads via peer-to-peer file-sharing systems and at first glance seems to be software that can be used to make copies of commercial DVDs. When opened, it shows its true colours, or rather its tricolour. When the user runs the file it shows an anti-piracy image complete with French flag and signed - for what that's worth - by someone purporting to be The French Hacker.
More importantly, once it infects the host PC the file tries to delete all MP3 music files as well as disabling various system utilities and wiping .com programs. According to data from Sophos, the worm also attempts to disable task manager, registry tools and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
;<
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->The W32/Nopir-B worm spreads via peer-to-peer file-sharing systems and at first glance seems to be software that can be used to make copies of commercial DVDs. When opened, it shows its true colours, or rather its tricolour. When the user runs the file it shows an anti-piracy image complete with French flag and signed - for what that's worth - by someone purporting to be The French Hacker.
More importantly, once it infects the host PC the file tries to delete all MP3 music files as well as disabling various system utilities and wiping .com programs. According to data from Sophos, the worm also attempts to disable task manager, registry tools and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
;<
Comments
Yes. It begins.
<!--QuoteBegin-Sophos Corp.+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Sophos Corp.)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> W32/Nopir-B is a worm for the Windows platform.
W32/Nopir-B will display an anti-piracy image on the screen when run. The worm will then delete all COM and MP3 files from the computer. The worm will also disable taskmanager, registry tools, and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds.
W32/Nopir-B copies itself to <Program Files>\Projects Visual Studio.NET\Nctrup.exe, <Program Files>\Restore\<random name>.exe, <Program Files>\eMule\Incoming\AnyDVD 5.1.0.1 Crack+Keygen By Razor.exe. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
So, no downloading of AnyDVD 5.1.0.1 from the P2P networks.
This will affect so many people it will be unbelievable. The amount of people who come in asking about copying original DVDs is getting stupid. Now I can say to them "Are you on <Random P2P Network>? Yes? Then download AnyDVD 5.1.0.1..." <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo-->
So evil.
On a last note
<!--QuoteBegin- Sophos Corp.+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> ( Sophos Corp.)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> W32/Nopir-B will create the following registry entries:
...
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Hmm, disable access to regedit will you?
It's as though all these virus creators have never used .reg files to delete registry entries... <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo-->
Explain...
Black Hats are hackers that do bad things.
White Hats are hackers that get hired to perform awesome internet security, or do what you do, or whatever a good guy hacker would do.
Black Hats are hackers that do bad things.
White Hats are hackers that get hired to perform awesome internet security, or do what you do, or whatever a good guy hacker would do. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Alrighty then...
I'm a White Hat.
But one that's employed in Tech Support.
And one whos last hack was the college's Win2k server. Which was a piece of ****. Sub7, and self-written stuff, all the way...
Gimme them passwords Mr. I-Know-About-Security-but-can't-recognise-a-false-RM-Netowrk-login-screen!
An example of a grey hat would be someone who publicy publishes an exploit, in order to force a company to release a patch. They aren't malicious, but they aren't wholly benevolent.
sir patch acts like a script kiddie
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->The W32/Nopir-B worm spreads via peer-to-peer file-sharing systems and at first glance seems to be software that can be used to make copies of commercial DVDs. When opened, it shows its true colours, or rather its tricolour. When the user runs the file it shows an anti-piracy image complete with French flag and signed - for what that's worth - by someone purporting to be The French Hacker.
More importantly, once it infects the host PC the file tries to delete all MP3 music files as well as disabling various system utilities and wiping .com programs. According to data from Sophos, the worm also attempts to disable task manager, registry tools and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
;< <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->"However this worm is easily detected by its snobbish attitude and love for cheese"<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Little to Ballsy for a french guy. <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo-->
Another 1.57 and some pocket lint says that the writer of the program isn't really French, just trying to humiliate people by making them think they were owned by a Frenchman.
And it's oh so illegal! Yep, I'm sure deleting random people's stuff and messing up their computers is a lot better than stealing music from the publisher.
BTW I'm a little "MDKMDKMDKMDKMDK I WANT MY AK NOW" when it comes to publishers of popular music (a.k.a. "total crap").
You can rightclick to extract RARs without opening any exe.
Winner. Not winnar, but winner.
I dont use any visual studio programs.
I think i have it blocked on my firewall, going to check it when i get home.
It was bound to happen: People stealing from you, and you can't get to them through the legal system? Use an illegal one instead! Responding in kind has never been the best way of solving a conflict, but it's definitely one of the more popular ones.
I'm going to suggest one of the more obvious ways of protecting yourself against this: Stop stealing software.
They're black, only with bleach.