Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Computers and Technology Discussion

Taterf Worm - Page 1

Taterf Worm

Posted by: Wild MissingNo. appeared
Date: 2009-11-13 23:37:59
I was reading about Conficker, to see what its up to now, as it has been a year since Conficker was found in the wild, but now there's a new worm to deal with, and it's called Taterf Worm. It's been around for 6 months so says this artical, but I haven't heard of this thing, before. Here's a bit of it.

PC users open doors to such worms as Conficker, Taterf

A year after it first slithered onto the Internet, the Conficker worm remains as virulent as ever, despite an unprecedented eradication campaign. Meanwhile, a similar, though less heralded worm, Taterf, is gathering steam.

Conficker and Taterf may be unstoppable, barring sweeping behavior changes by companies and consumers which is unlikely. "The sad fact is worms and viruses would be wiped out if everyone used best security practices," says Eric Sites, chief technology officer of anti-virus firm Sunbelt Software.

ON THE IPHONE: First worm hits smartphone

Security firms and law enforcement are keeping a close watch. Yet, Conficker and Taterf each carry the potential to dramatically escalate Internet-wide thievery. Microsoft recently disclosed that the number of copies of Conficker and Taterf cleansed from Windows PCs rose 98.4% in the first six months of this year compared with the last six months of 2008. That snapshot comes from a clean-up tool in Windows' auto-update service, which checks mostly home-use PCs for specific, known infections.

Yet, Conficker and Taterf are spreading most prolifically within company networks, underscoring the risk of commercializing the Internet. Despite the fact that the Internet was created 40 years ago as an experiment in open, anonymous data exchanges, companies are increasingly using it to conduct business. In doing so, they've created an ideal setting for Conficker and Taterf to thrive.

"We're doing proprietary things with real dollars attached, raising the opportunity for people to take advantage," says Rob Housman, executive director of the Cyber Secure Institute, a tech security think tank. "We didn't design the Internet to be secure, we designed it to be free."

Tainting USB ports
Hackers in the 1980s spread viruses by sneaking bad code onto the floppy disks needed to boot up early PCs. Conficker and Taterf do much the same: They rely on the circulation of tainted memory sticks, music players, cameras, camcorders and smartphones that plug into the universal serial bus ports of modern PCs. The PC's USB port then becomes infected so that the next device plugged in also becomes tainted.

The worms don't stop there. Controlled by a top-tier cybergang, Conficker seeks out nearby PCs and slips into security holes left open if the PC is not current on its Windows security patches. It also tries to log onto PCs even patched ones sharing the network, using a password-breaking program. Each freshly infected PC, in turn, gets its USB drives tainted, and the cycle repeats. Conficker's creators set out to assemble a massive network of infected computers, called a botnet, to spread spam, steal data, hijack online financial accounts and promote worthless anti-virus protection. But with the FBI watching closely, its controllers appear to be content to let the worm self-propagate.

"Too much attention means little activity and little gain," Sites says.

Still, the bad guys could be "biding their time waiting for a particularly lucrative opportunity," says Vernon Jackson, engineering manager at IBM's ISS X-Force security team.

Gamers' worm
Unlike Conficker, Taterf is the collective work of hundreds of moderately skilled hackers using widely available tool kits to create their own special worm. These hackers' only goal is to harvest log-ons to online games, such as World of Warcraft, EverQuest and Aion. They sell the log-ons to thieves who loot gamers' accounts for virtual cash and prize items, which they sell for real cash to avid gamers.

Tainted USB devices plugged into workplace PCs have set Taterf loose in corporate networks. "The target is gamers, but the bleed-over effects are increasingly common," says Gunter Ollmann, vice president of research at security firm Damballa.

Taterf infects all the shared hard drives the infected PC can connect to. Subsequently, any worker who navigates to the shared drive gets infected. Some Taterf hackers are starting to recognize that access to a corporate PC can be valuable for more than just gaming log-ons. "Once your machine is owned, they can do anything with it they like," Sophos researcher Chet Wisniewski says. "This could certainly turn into a bigger problem."

Companies can slow Conficker and Taterf by keeping anti-virus programs updated and security patches current, as well as turning off the Windows "autorun" feature, which executes code from any device plugged into USB ports. But many don't. For those who are inoculating, cleanup can be a nightmare. One tainted USB device inserted into a clean PC can re-infect the entire system.

"These worms will be around for many years to come," Wisniewski says.

Re: Taterf Worm

Posted by: Chaos
Date: 2009-11-13 23:46:24
So….what should I be looking out for?
(Like, e-mail, pop-ups, websites, etc.)

Re: Taterf Worm

Posted by: Wa
Date: 2009-11-13 23:50:26
Worms are just another reason why any intelligent company should run Linux. Windows may be more user-friendly, but it is also inherently flawed. While I can sympathize with common computer users affected by these, I can't help but wonder why governments and airports are still running outdated operating systems. Thank you for spreading the word, because if simple security practices (e.g. updating Windows, avoiding using real-world money to buy MMORPG items) are employed then the effectiveness of the worms can be nullified.

Re: Taterf Worm

Posted by: Wild MissingNo. appeared
Date: 2009-11-13 23:57:59
It's not a problem, Wa. I haven't heard of Taterf, before other than Conficker, that is still running around like a lunatic. ¬¬ Here's another artical of Taterf.

Increase in activity of the Taterf worm sees prevalence of worm infections

The Taterf worm has increased infections by 156 per cent over the past six months.

According to the latest bi-annual Microsoft security intelligence report, the worm has moved from two million infections earlier this year to 4.9 million with the most recent analysis.

It claimed that the Taterf' worm is infecting seven machines every hour in the UK, with it targeting multiplayer online roll playing games such as Rainbow Island and World of Warcraft.

Unbeknown to the online gamer, the worm steals their personal account information via a downloadable executable file. It targets both home and work computers, and is primarily designed to infect a machine's USB stick or similar memory drive that can then be transported into a corporate network and infiltrate from inside their firewall defences.

The report stated that this is marking a resurgence of worms with infections doubling in the first half of this year, primarily due to the Conficker worm. This has seen worms becoming the second most prevalent threat category in the first half of 2009.

Microsoft UK's head of security and privacy Cliff Evans, said: Over a six month period it [Taterf] certainly stepped up. Also with Koobface, this whole area is a big change. In the UK it is still true that malware is still dominant.

It is spreading in a normal worm way. Starting by the dominance of worms into organisations business are hit by worms, consumers by malware. Because of the way it spreads, it is a big increase. Conficker played a part but criminals have seen a way to make money.

The report also claimed that Microsoft has detected and cleaned 13.4 million computers of rogue security software, down from 16.8 million, which it called an improvement, but still a significant threat'.

Evans said: We've cleaned less than last time, it is down from 16.8 million but we are still seeing it around and detecting it so I hope we are protecting it from getting it again. The category is still very important and we still advise on keeping things up to date.

Re: Taterf Worm

Posted by: Abwayax
Date: 2009-11-14 00:11:09
Generally the only way to be 100% safe against Windows worms and viruses is to

1) Keep an antivirus (AVG and AntiVir are good) in resident guard mode, which makes it scan any file your computer attempts to touch (including ones on USB sticks). Only run EXEs from sites that you trust. Never open EXEs in emails. Use a firewall. Always keep up to date with the latest Windows security updates. Also, it might not be a good idea to use Internet Explorer.

2) Don't use Windows. This doesn't mean it has to be Linux per se; but it's well known that Unix-likes (which includes Linux, BSD, and even Mac OS X) are built for security. I haven't had to worry about worms ever since I switched away from Windows (although, granted, as a techie person I didn't worry much about them on Windows either). Many excellent programs, such as the Firefox and Opera web browsers and the OpenOffice.org office suite, allow you to do many of the things you already do on Windows. For anything else (i.e. games) there's Wine, which basically allows you to use Windows exe's outside Windows. Check the Application DB for known Windows programs that work under Wine - off the Top 10 Gold/Platinum lists I already notice Guild Wars, World of Warcraft, Team Fortress 2, Half-Life 2, Call of Duty 4, Spore, and Command and Conquer 3 (Gold and Platinum are stated to work flawlessly; I haven't even looked over the Silver list, which indicated "almost flawlessly").

Staying with Windows might grant you a good sense of security, but note that antivirus companies and Microsoft are always playing catch-up to virus writers. Of course, I'm biased.

Windows may be more user-friendly…

User-friendliness is rather subjective. I actually find Ubuntu more user-friendly than Windows ever was. For example, program installation. I like being able to go into Synaptic, put checkmarks on a few packages, and hit install. A Windows installer requires you to download an installer file and go through a "setup wizard" which consists of hitting "next" a dozen times and agreeing to the license agreement that you never actually read. The installer might complain that some dependencies aren't met and choke immediately afterwards; Synaptic/apt-get will automatically find those dependencies and install them for you. The installer was also rather easy and straightforward and the Metacity window manager is specifically meant to be simple and unobtrusive.

IMHO the only reason anyone considers Windows user-friendly is because computer users were (and still are) practically breast-fed on it. It would be more accurate to say users are Windows-friendly.

Re: Taterf Worm

Posted by: Wild MissingNo. appeared
Date: 2009-11-14 00:14:34
To be honest, creators of Conficker/Taterf, will find flaws in Microsoft's updates. I mean again I got 3 "Important Updates" for Microsoft Office, where they keep failing to install, so they can't be important if they fail, and this is Vista. AVG I only have the free version and I find it useless for scanning in Safe Mode if Normal Mode crashes. I keep my laptop up to date, yet my PC has these updates for Microsoft Office as well, but that was lost 7 years ago. Windows is world-wide, and them who have pirated copies of Windows will get infected easily.

Why was my topics moved, when I've posted Conficker topics in the General Discussion place before but they were never moved.

Re: Taterf Worm

Posted by: :56 ERROR
Date: 2009-11-14 16:09:36
World of Warcraft accounts?

Oh God.

Good thing mine is just a bunch of old level 60 weapons (nostalgia runs, don't ask) and only a bit of gold.

Can these worms just be randomly installed on your computer just as you surf any site? Or does it have to be a particular site?
Or is it e-mail?

Re: Taterf Worm

Posted by: Axaj
Date: 2009-11-14 21:05:13

It would be more accurate to say users are Windows-friendly.


QFT

Re: Taterf Worm

Posted by: Wild MissingNo. appeared
Date: 2009-11-14 21:37:55
I'm unsure, it's been around for 6 months, so I guess there's little known about it. I'll check Wiki to see if that has heard of it.

Edit: Bah, Wikipeida, has no idea on the Taterf, but it has a few names:

Taterf.B - Worm:
    * Win32/Frethog.CUM (CA)
    * W32/Lineage.KHE (Panda)
    * Mal/Frethog-B (Sophos)
    * Trojan-GameThief.Win32.Magania.ammv (Kaspersky)
    * Generic PWS.ak (McAfee)
    * Infostealer.Gampass (Symantec)

I'll be checking Google for more about Taterf.B, to see if there's any more news but not much has been said.

Re: Taterf Worm

Posted by: glitchhunter09
Date: 2009-11-14 23:04:26

[color=reds:
* Win32/Frethog.CUM
 


lol, .CUM extension? Several perverted thoughts just went through my head based on this extension.

Re: Taterf Worm

Posted by: Wild MissingNo. appeared
Date: 2009-11-14 23:06:51
Oh, god, I didn't notice that. Seriously, I think perverts are the makers of this worm.

Re: Taterf Worm

Posted by: Bent`
Date: 2009-11-14 23:11:54

but it's well known that Unix-likes (which includes Linux, BSD, and even Mac OS X) are built for security.

Its worth pointing out that OS X is not actually that secure. Even Snow Leopard doesnt provide proper ASLR, and OS X and Safari routinely get taken out at competitions like Pwn2Own. That said, it is a smaller target than Windows and youre unlikely to get hit by a trojan simply due to its low market share, but this is not intrinsic to the design of the Macintosh.

Also, if youre smart about it, you wont get hacked even on Windows. I ran Windows 2000 for years (up through early 2009 in fact) without ever getting a virus. On the other hand, my sister got a really nasty virus embedded in her XP system because she never downloaded Java updates, which is why she runs Ubuntu now.

For example, program installation. I like being able to go into Synaptic, put checkmarks on a few packages, and hit install. A Windows installer requires you to download an installer file and go through a "setup wizard" which consists of hitting "next" a dozen times and agreeing to the license agreement that you never actually read. The installer might complain that some dependencies aren't met and choke immediately afterwards; Synaptic/apt-get will automatically find those dependencies and install them for you. The installer was also rather easy and straightforward and the Metacity window manager is specifically meant to be simple and unobtrusive.

Definitely one of the major draws of Linux: the packaging systems beat the pants off program installation in Windows and OS X (provided, of course, that the program you want is in the repositories, but the probability of that is increasing all the time).

Re: Taterf Worm

Posted by: Wild MissingNo. appeared
Date: 2009-11-14 23:18:15
Nothing's ever fucking safe is there? I ran like Windows 98 for like 9 years even with the death screens, spyware, and viruses, but that lasted a good long 9 years, until I got my first Windows XP (Even with my 98 still alive), and that was fucking useless. XP: Home, and the first thing that hapened was a death screen, then all these numbers scrolled down the screen then it rebooted itself, and it was fine until think it was the hard drive that died and I lost my CD to Windows XP as the damn drive wouldn't open. Conficker's creators are doing this for money, Taterf's creator/creators are doing this for unknown reasons, maybe for money from games like WoW, reason Guild Wars isn't a target, because it's free to play, and any bots on the game are banned either way.

Re: Taterf Worm

Posted by: :56 ERROR
Date: 2009-11-15 12:15:21
Is Norton Antivirus any good to use?

Because although my WoW account is not imperative to my life, I would not want it lost after 3-4 years of gameplay.
Also, I obviously do not want my computer to be screwed with.

Re: Taterf Worm

Posted by: Wild MissingNo. appeared
Date: 2009-11-15 12:31:45
I think Norton sucks. My Windows 98 had Norton on there for 9 years, and no matter what I could not uninstall it. AVG/Avast/other anti-viruses are good. I only use something that's free since I don't have the money to buy things, as I believe things over here in England for Anti-virus programes, are over-priced or they just suck.