ICQ epidemija!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

The "Bizex" worm attacks ICQ users

First global epidemic of an ICQ worm detected

Kaspersky Labs has issued a warming that "Bizex", a new network worm has
been detected, which has caused the first global epidemic among users of
ICQ, the Internet instant messaging system.

The ICQ message is sent to victim computers issues an invitation to
visit the hacker web-site 'jokeworld'. If the user visits this site,
cartoons from the popular series "Joecartoon" are shown to disguise the
true nature of the site. At the same time, a Java virus imperceptibly
penetrates the victim system; this virus uses a loophole in ICQ to
secretly send a link to the site named above to all contacts in the
computer owner's ICQ, as from the owner.

Kaspersky Labs recommends users that if they received a link to the
'jokeworld' site to delete it immediately. Users should under no
circumstances visit the site.

Kaspersky Labs expert personnel are currently analysing the malicious
program, and detailed information will be available shortly.

Kaspersky Labs Corporate Communications

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

opet je u sustini glavna krivica na (l)userima... ko je oprezan i zna da se ponasa na internetu skoro da nemora da koristi AV i FW programe...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

moras jer sam windows je "neoprezan" tj. ima rupa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja ne koristim ni firewall ni AVP, jako, jako retko se zarazim, mozda jednom godisnje ! A i onako WIN cesce cistim !

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga...po starom dobrom obicaju, KL je vec posle vrlo kratkog vremena prokljuvio crv i ubacio zastitu u bazu
Dakle, svi Kaspersky korisnici na UPDATE i mirni ste

Evo novih detalja:

1. 'Bizex' worm attacks ICQ users

First global epidemic of an ICQ worm detected
Kaspersky Labs has
detected Bizex, a new Internet worm which caused the first global
epidemic among users of ICQ, the Internet instant messaging system. At
the moment, messages about infection are coming in from almost all
corners of the globe. A preliminary estimate is that approximately
50,000 are infected.

A computer becomes infected if the user visits a hacker web-site.
Invitations to visit this site are being circulated by ICQ. As
camouflage, when the web-site is viewed, the user is shown the Joe
Cartoon site; Joe Cartoon is the creator of a popular American cartoon
series. At the same time, the malicious program attacks the computer on
two fronts: firstly, by using a breach in Internet Explorer
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bu
lletin/MS02-047.asp),
and secondly, by using a breach in Windows.
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bu
lletin/ms03-011.asp)
The result of this is that a special file is downloaded to the computer,
without the user noticing anything; this file downloads the file which
contains Bizex and launches it on the victim computer.
Once this has been done, Bizex begins the process of infecting the
victim computer. It creates a folder named SYSMON in the Windows system
directory, copies itself to this folder under the name SYSMON.EXE and
registers this file in the system registry auto-run key. The worm will
therefore be uploaded to the computer memory each time the operating
system is started.

Once this process is completed, Bizex starts to propagate using ICQ. The
worm extracts a number of system libraries which are used with the
instant messaging system from itself, and installs them in the Windows
system directory. Using these libraries, Bizex gains access to the ICQ
contact list, disconnects the active ICQ client, and establishes an new
connection to the server in the name of the user of the infected
machine. It then sends, as if from the user, a link to the web site
shown above to all contacts found.

It should be noted that the worm only attacks original ICQ programs
(with the exception of Web ICQ), and alternative instant messaging
systems, such as Miranda and Trillian, are immune.

Bizex has a range of payloads, all of which are dangerous, and which can
lead to the leaking of confidential information. Specifically, the worm
scans the infected computer, and harvests information on payment systems
which are installed. Then, unnoticed by the user, it sends these details
to a remote anonymous server. The list of vulnerable payment systems
includes: Wells Fargo American Express UK Barclaycard Credit Lyonnais
Bred.fr Lloyds E-gold Additionally, Bizex intercepts information
transmitted by HTTPS (an encrypted communications protocol, which is
used, in particular, to transmit financial transactions) and also log in
details for a range of email systems e.g. Yahoo. This information is
also sent to the remote anonymous server.

'We see this as a bare-faced attempt to make money. The new method of
penetration, the fact that ICQ has not been used for such an attack
before, and the wide range of spy functions - this combination is sure
to reap huge profits for the author of Bizex, in spite of the fact that
the site was closed down four hours after the start of the outbreak,'
said Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs.
'Users should be very cautious about visiting suspicious sites, and
should install updates for Internet Explorer and Windows immediately.'

Protection against all the malicious components in Bizex has already
been added to the Kaspersky Anti-Virus database.

A more detailed description
(http://www.viruslist.com/eng/viruslist.html?id=1029528-) of this
malicious program can be found in the Virus Encyclopaedia.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

mire ::moras jer sam windows je "neoprezan" tj. ima rupa


...ali opet se ispostavilo da su to vec odavno zakrpljene rupe, pa je veci greh na korisnicima koji ne krpe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

...evo sta da izbegavate

[img][/img]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stvarno ko klikće na ovakve linkove treba mu ozbiljna lekcija o "security"-u.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

GoranK ::Stvarno ko klikće na ovakve linkove treba mu ozbiljna lekcija o "security"-u.

Problem je sto ovu poruku moze covek da dobije kao da je od nekog sa njegove ICQ liste, pa da se zaleti i klikne

Ovaj slucaj od Admina je ocigledan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uh, ja sam mislio da je u pitanju jedna od onih SPAM poruka koje zalutaju, kao one za za-odrasle-o sajtove, a ovo je već nešto drugo ako se predstavi kao neko iz tvoje "contact" liste.