Language Selection

English French German Italian Portuguese Spanish

Mytob's Hackers May Spawn Unstoppable 'Super Worm'

Filed under
Security

There's mounting evidence that a group of industrious hackers is working on an especially destructive "super worm" that could spread from PC to PC indefinitely, or until it ran out of targets to infect.

The most recent clues are found in the slew of Mytob worms released this week that signal a systematic development process that may indicate," a security researcher said Friday.

Six variations of the Mytob worm have been spotted since Wednesday, June 1, by anti-virus vendors such as Symantec, bringing the total count since its debut four months before to more than 100. But prolific as it is, Mytob's reproductive habits aren't what draws attention from some experts.

"The variants are numbered, just as if it was a regular commercial program," said Carole Theriault, a security consultant at U.K-based Sophos. "One will be number version 1.0, the next 2.0. They're trying out things, different things in each," she said.

"They're following a carefully planned strategy to allow the worm to develop. By issuing multiple threats, all of which are tweaked slightly differently, they may be searching for the best code that will help them create a super worm."

A so-called super worm has been the bugbear of anti-virus researchers, and supposedly the Grail for hackers. The term is usually used to describe a worm that could spread indefinitely, or until it ran out of targets to infect.

The makers of Mytob, which includes code borrowed from earlier malware MyDoom and Rbot, appear to be a group calling itself "Hellbot," said Theriault. The group effort makes it possible, she went on, to crank out variant after variant, essentially flooding the Internet with copies and trying out techniques ad nauseam.

All Mytobs share characteristics such as hijacking addresses from compromised PCs to spread using its own SMTP engine, dropping in a backdoor Trojan so more malicious code can be added to the infected system, and try to shut down security software already on the computer.

The Hellbot group's been busy, Theriault added. As of Thursday, almost 50 percent of all malicious code Sophos was blocking consisted of Mytob variants. U.K.-based filtering firm MessageLabs reported similar percentages. According to Maksym Schipka, an anti-virus researcher with MessageLabs, Mytob represented at least 35 percent of all malware this week. In one 24-hour span, said Schipka, MessageLabs intercepted over 1.1 million copies of the worm.

Also active this week was the Bagle family of worms and Trojan downloaders, but researchers said that the spike in both groups, Mytob and Bagle, was probably just a coincidence.

"It's unusual, and interesting, that they're happening at the same time," said Theriault, "but there doesn't seem to be any connection at the moment."

The glut of Mytobs, however, did set one record. Several security firms pegged Mytob as the most pervasive piece of malware for the month of May, the first time that malicious code created in 2005 pushed older worms and viruses off the top spot. Both Sophos and Kaspersky Labs, a Moscow-based anti-virus software maker, had a Mytob variant in the number one spot on May's chart.

Source.

More in Tux Machines

Qt/KDE: Qt5 in Debian and Slackware, QtCreator on Android, KDE Discover, and Plasma's 10th Anniversary

  • moving Qt 4 from Debian testing (aka Buster): some statistics, update II
    We started filing bugs around September 9. That means roughly 32 weeks which gives us around 5.65 packages fixed per week, aka 0.85 packages per day. Obviously not as good as we started (remaining bugs tend to be more complicated), but still quite good.
  • [Slackware] Plasma5 – April 18 edition for Slackware
    The KDE-5_18.04 release of ‘ktown‘ for Slackware-current offers the latest KDE Frameworks (5.45.0), Plasma (5.12.4) and Applications (18.04.0). The Qt5 was upgraded to 5.9.5. Read the README file for more details and for installation/upgrade instructions. Enjoy the latest Plasma 5 desktop environment.
  • Perfect Debugging Experience with QtCreator on Android
    While I was working on a yet-to-be-announced super secret and cool Qt on Android project, I had to do a lot of debugging. This way I found that debugging Qt apps on Android using QtCreator was ok, but it had some issues, which was kinda frustrating.
  • Discover – Easily Install Software on KDE Neon Desktop
    KDE Discover is an Open Source GUI app installer that comes packaged with KDE Neon. It was particularly built from the ground up to be compatible with other modern Linux distros with emphasis on beauty and convenience. KDE Discover was also designed to allow for an intuitive User Experience as it features a clean and clear layout with a high readability value which makes it easy to browse, search for, install, and uninstall applications.
  • Almost 10 years of Plasma-Desktop
    Last week I was at work and start to listen my boss said: “We need to show this to our director”. So I went to my coworker table to see what was happening. So they were using Gource to make a video about the git history of the project. Gource is a software version control visualization tool. So that triggered in my mind some memories about a friend talking about Python and showing how the project as grow in this past years, but I never discovered about the tool that made that amazing video. So well, I started to make some Gource videos, and because my love about KDE Community, why not make one about it?

GNOME: Getting Real GNOME Back in Ubuntu 18.04, Bug Fix for Memory Leak

  • Getting Real GNOME Back in Ubuntu 18.04 [Quick Tip]
    Ubuntu 18.04 uses a customized version of GNOME and GNOME users might not like those changes. This tutorial shows you how to install vanilla GNOME on Ubuntu 18.04. One of the main new features of Ubuntu 18.04 is the customized GNOME desktop. Ubuntu has done some tweaking on GNOME desktop to make it look similar to its Unity desktop. So you get minimize options in the windows control, a Unity like launcher on the left of the screen, app indicator support among some other changes.
  • The Infamous GNOME Shell Memory Leak
    at this point, I think it’s safe to assume that many of you already heard of a memory leak that was plaguing GNOME Shell. Well, as of yesterday, the two GitLab’s MRs that help fixing that issue were merged, and will be available in the next GNOME version. The fixes are being considered for backporting to GNOME 3.28 – after making sure they work as expected and don’t break your computer.
  • The Big GNOME Shell Memory Leak Has Been Plugged, Might Be Backported To 3.28
    The widely talked about "GNOME Shell memory leak" causing excessive memory usage after a while with recent versions of GNOME has now been fully corrected. The changes are currently staged in Git for what will become GNOME 3.30 but might also be backported to 3.28. Well known GNOME developer Georges Stavracas has provided an update on the matter and confirmed that the issue stems from GJS - the GNOME JavaScript component - with the garbage collection process not being fired off as it should.

Graphics: AMDVLK, XWayland and Vulkan

  • AMDVLK Vulkan Driver Stack Gets Updated With More Extensions, Optimizations & Fixes
    AMD developers maintaining their official Vulkan cross-platform driver code have pushed their end-of-week updates to their external source repositories for those wanting to build the AMDVLK driver on Linux from source. This latest AMDVLK push updates not only their PAL (Platform Abstraction Layer) and XGL (Vulkan API Layer) components but it also updates their fork of the LLVM code-base used for their shader compilation.
  • EGLStreams XWayland Code Revised Ahead Of X.Org Server 1.20
    It's still not clear if the EGLStreams XWayland support will be merged for xorg-server 1.20 but at least the patches were revised this week, making it possible to merge them into this next X.Org Server release for allowing the NVIDIA proprietary driver to work with XWayland.
  • Vulkan 1.1.74 Released With Minor Fixes & Clarifications
    Vulkan continues sticking to the "release early, release often" mantra with the availability today of Vulkan 1.1.74.

Xfce Releases/Updates

  • Xfce Settings 4.12.3 / 4.13.2 Released
    Fixes galore! Xfce Settings 4.12.3 and 4.13.2 were released on March 18th with several improvements, feature parity, and translations.
  • Xfce PulseAudio Plugin 0.4.0 (and 0.4.1) Released
    Stable as a rock. Xfce PulseAudio Plugin hit a new stable milestone with the 0.4.0 release. This release wraps up the awesome development cycle we’ve had on this over the last few months and is recommended for all users.
  • Xfce Settings Update Brings Better Multi-Monitor Support
    While still waiting on the long-awaited Xfce 4.14, out this weekend is an Xfce Settings 4.14.2 preview release as well as an Xfce Settings 4.12.3 stable series update. Both of these Xfce Settings updates bring better multi-monitor support, including visualization of all display configuration states, visually noting if two displays are mirrored, always drawing the active display last so it's on top, and a number of fixes pertaining to the multi-monitor display handling from this Xfce desktop settings agent.