Network News

X My Profile
View More Activity

'Dasher' No Reindeer Game

A new worm dubbed "Dasher" by antivirus companies is bringing an early holiday present for Microsoft Windows users who haven't applied a security update recently shipped from Redmond.

According to a post on the blog of Finnish antivirus company F-Secure, we've seen two versions of this worm in the past few days, the first iteration of which didn't work right and fizzled. The worm is based on exploit code that was first posted online for the world to see just a few weeks ago.

Microsoft released a patch in mid-October to fix the flaw Dasher exploits. If you're not up-to-date on patches, I'd strongly recommend heading over to Microsoft Update to remedy that.

The virus authors appear to have fixed whatever hobbled the first Dasher, and the worm is now happily spreading Christmas cheer by dropping a keystroke logger on machines it infects.

Many people may have the impression that keyloggers record everything a victim types on their keyboard. While a few keyloggers in use do that (usually the commercial variety designed to help parents spy on their kids' home computer use), the bad guys generally aren't interested in reading reams of IM  chat conversations and silly e-mails. Plus, that's a huge amount of data to be sending out of an infected machine.

Rather, a keylogger employed by viruses and worms usually works off a  predefined list of financial and e-commerce sites. The keylogger program lies in wait until the victim visits one of those sites, at which time it intercepts any information entered into credit card and other personal data fields and transmits the information back to attackers.

The SANS Internet Storm Center picked up on the considerable traffic generated by the first version of this worm back on Dec. 10. Just prior to the SANS post, I had a conversation with David Taylor, a security guru from the University of Pennsylvania who was watching this ugly mess unfold and trying to obtain a copy of the malware. Taylor said nearly all of the traffic generated by the worm that he was seeing appeared to be coming from China.

By Brian Krebs  |  December 15, 2005; 10:50 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Opera Browser Users Urged to Upgrade
Next: Database Hack Exposes Police Financial Data


Neither Symantec nor McAfee nor Microsoft have any reference to anything called "Dasher" on their websites. Furthermore, I googled extensively using different strings, quoted and unquoted, but could only find one reference to the "Dasher" worm - on the weblog referenced in this article.

Posted by: John - McLean | December 15, 2005 4:39 PM | Report abuse

Concerning "keyloggers"... If, say, Amazon was one of those sites where a "keylogger" would perk up and snag your credit card information, would such "keyloggers" also have the ability to somehow snag such information from the site if your credit card info was already stored with the site from previous (and prior to being infected) visits?

Posted by: corbett | December 19, 2005 3:05 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company