New "Hearse" Worm May Be Worst Yet

Posted by Pile (8639 views) Add this story to MyYahoo Add this article to Submit article to Reddit Add story to Furl Add story to StumbleUpon [E-Mail link]

As a data security specialist, Jeremy Pickett sees all kinds of digital tricks. So on Mar. 20, when he was tracing the origins of a computer worm that had been blocked the night before from entering a client's computer network, Pickett wasn't too surprised that it tried to connect with four sleazy Web sites, most of them, he believes, in Russia. Or that it then tried to load victims' PCs with as many as 30 new pieces of "malware," ranging from spam programs to those that automatically dial in to expensive phone-sex services.

But the real shock came when Pickett decided to test another bug by infecting his own PC with it. Out slithered a program that promptly installed itself deep inside his computer. There it became virtually immune to detection from the basic antivirus software that scans for dangerous code. The bug -- known as a "Trojan," which in turn was hidden inside a "rootkit" -- was designed to activate whenever a Web surfer typed in a user name or password for bank accounts or Web sites for dating, social networking, or e-mail. Pickett went to a bank site and entered fictitious log-in information. Right before his eyes, those data were sent streaming back to Russia, joining the IDs of thousands of real victims. His reaction: "absolute horror."

This nasty bit of code, appropriately named "the Hearse" by Pickett's employer, Sana Security Inc. in San Mateo, Calif., is threatening to raise the stakes in the spy-vs.-spy war over cybercrime. That's because the average computer security program sifts for known worms and viruses on PCs. But rootkits cloak data-stealing code so that it can hide in the deepest guts of Windows software without showing up in task lists as an active program. Criminals, having greatly expanded their knowledge of Windows' inner workings, are flocking to this new tool. Russian computer security company Kaspersky Lab estimates that on average 28 new rootkits emerged each month in 2005, up from six per month in 2004.

Only five of 24 antivirus outfits picked up the Hearse outbreak by Mar. 21, according to virus tracker At first, antivirus giant Symantec Corp. was not among them, though it says it detected the bug the next day. In one of the first real-time cyber stakeouts, Sana monitored one of the Russian Web sites for four days in late March. Ironically, it was left open to public view thanks to a security lapse by its unknown operators. Pickett watched as some 90,000 pieces of personal data from clients of more than 6,500 companies flowed across his screen. "It's like [Pickett] put on night vision goggles and watched," says John M. Frazzini, CEO of Secure Systems Corp. and former head of the Secret Service's Electronic Crimes Task Force in Washington. The show lasted until a Russian Web host, warned by Sana, took the site down on Mar. 24.





Name: (change name for anonymous posting)

1 Article displayed.

Pursuant to Section 230 of Title 47 of the United States Code (47 USC § 230), BSAlert is a user-contributed editorial web site and does not endorse any specific content, but merely acts as a "sounding board" for the online community. Any and all quoted material is referenced pursuant to "Fair Use" (17 U.S.C. § 107). Like any information resource, use your own judgement and seek out the facts and research and make informed choices.

Powered by Percleus (c) 2005-2047 - Content Management System

[Percleus 0.9.4] (c) 2005, PCS