Worm-Shiv causes problems with denial of service

Powered by SC Magazine
 

A worm that prevents certain applications from working properly has been detected by Webroot.

Andrew Brandt, threat expert at Webroot, described the Worm-Shiv as ‘obnoxious', claiming that ‘there isn't anything especially technically avant-garde or advanced about the worm, nor was it especially difficult to detect or remove. It just exhibits behaviour that, to be blunt, is about as annoying as it possibly can be'.

 

Brandt explained that the infection process starts with a small self-extracting RAR archive executable that when run, drops and executes another .exe file, which in turn drops and executes yet another .exe file.

 

It then puts a copy of a file named wsock32.dll into every single folder on the hard drive and the code is designed to prevent certain applications from working properly.

 

“But even worse, the worm has been engineered to mess with the application window of many anti-virus products, including ours. Not only does the worm make the quarantine button disappear, but then the real shenanigans begin, when you move the mouse pointer anywhere within the program's active window, it immediately snaps the title bar over the mouse pointer, which then sticks to the pointer.

 

“If you move the mouse too quickly when it's “stuck” like that, the mouse pointer just slips off the title bar, leaving the window half off the screen.”


Webroot recommends using a keyboard shortcut for the quarantine feature, where you can just hit the Alt-Q keys instead of trying in vain, over and over, to click the button.

 

Brandt claimed that the creator ‘will think of something even more annoying in the future, but for now, we can all breathe a little easier knowing this Sisyphean nonsense is contained — at least, for the moment.'

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 977

Vote