'Dasher' No Reindeer Game
A new worm dubbed "Dasher" by antivirus companies is bringing an early holiday present for Microsoft Windows users who haven't applied a security update recently shipped from Redmond.
According to a post on the blog of Finnish antivirus company F-Secure, we've seen two versions of this worm in the past few days, the first iteration of which didn't work right and fizzled. The worm is based on exploit code that was first posted online for the world to see just a few weeks ago.
The virus authors appear to have fixed whatever hobbled the first Dasher, and the worm is now happily spreading Christmas cheer by dropping a keystroke logger on machines it infects.
Many people may have the impression that keyloggers record everything a victim types on their keyboard. While a few keyloggers in use do that (usually the commercial variety designed to help parents spy on their kids' home computer use), the bad guys generally aren't interested in reading reams of IM chat conversations and silly e-mails. Plus, that's a huge amount of data to be sending out of an infected machine.
Rather, a keylogger employed by viruses and worms usually works off a predefined list of financial and e-commerce sites. The keylogger program lies in wait until the victim visits one of those sites, at which time it intercepts any information entered into credit card and other personal data fields and transmits the information back to attackers.
The SANS Internet Storm Center picked up on the considerable traffic generated by the first version of this worm back on Dec. 10. Just prior to the SANS post, I had a conversation with David Taylor, a security guru from the University of Pennsylvania who was watching this ugly mess unfold and trying to obtain a copy of the malware. Taylor said nearly all of the traffic generated by the worm that he was seeing appeared to be coming from China.
Posted by: John - McLean | December 15, 2005 4:39 PM | Report abuse
Posted by: corbett | December 19, 2005 3:05 PM | Report abuse
The comments to this entry are closed.