Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch
Tweaking
Glitches by generation
Glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Pokémon cheat codes
Pokémon glitch terminology
Useful tools
More

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Taterf Worm  (Read 2375 times)

0 Members and 1 Guest are viewing this topic.

Lauryn the Arisen

  • ...
  • Member+
  • *
  • Offline Offline
  • Gender: Female
  • "That is just offensive what they do." - Ellis
    • View Profile
    • The Hellgar Pack
Taterf Worm
« on: November 13, 2009, 11:37:59 pm »
I was reading about Conficker, to see what its up to now, as it has been a year since Conficker was found in the wild, but now there's a new worm to deal with, and it's called Taterf Worm. It's been around for 6 months so says this artical, but I haven't heard of this thing, before. Here's a bit of it.

PC users open doors to such worms as Conficker, Taterf

A year after it first slithered onto the Internet, the Conficker worm remains as virulent as ever, despite an unprecedented eradication campaign. Meanwhile, a similar, though less heralded worm, Taterf, is gathering steam.

Conficker and Taterf may be unstoppable, barring sweeping behavior changes by companies and consumers – which is unlikely. "The sad fact is worms and viruses would be wiped out if everyone used best security practices," says Eric Sites, chief technology officer of anti-virus firm Sunbelt Software.

ON THE IPHONE: First worm hits smartphone

Security firms and law enforcement are keeping a close watch. Yet, Conficker and Taterf each carry the potential to dramatically escalate Internet-wide thievery. Microsoft recently disclosed that the number of copies of Conficker and Taterf cleansed from Windows PCs rose 98.4% in the first six months of this year compared with the last six months of 2008. That snapshot comes from a clean-up tool in Windows' auto-update service, which checks mostly home-use PCs for specific, known infections.

Yet, Conficker and Taterf are spreading most prolifically within company networks, underscoring the risk of commercializing the Internet. Despite the fact that the Internet was created 40 years ago as an experiment in open, anonymous data exchanges, companies are increasingly using it to conduct business. In doing so, they've created an ideal setting for Conficker and Taterf to thrive.

"We're doing proprietary things with real dollars attached, raising the opportunity for people to take advantage," says Rob Housman, executive director of the Cyber Secure Institute, a tech security think tank. "We didn't design the Internet to be secure, we designed it to be free."

Tainting USB ports
Hackers in the 1980s spread viruses by sneaking bad code onto the floppy disks needed to boot up early PCs. Conficker and Taterf do much the same: They rely on the circulation of tainted memory sticks, music players, cameras, camcorders and smartphones that plug into the universal serial bus ports of modern PCs. The PC's USB port then becomes infected so that the next device plugged in also becomes tainted.

The worms don't stop there. Controlled by a top-tier cybergang, Conficker seeks out nearby PCs and slips into security holes left open if the PC is not current on its Windows security patches. It also tries to log onto PCs – even patched ones – sharing the network, using a password-breaking program. Each freshly infected PC, in turn, gets its USB drives tainted, and the cycle repeats. Conficker's creators set out to assemble a massive network of infected computers, called a botnet, to spread spam, steal data, hijack online financial accounts and promote worthless anti-virus protection. But with the FBI watching closely, its controllers appear to be content to let the worm self-propagate.

"Too much attention means little activity and little gain," Sites says.

Still, the bad guys could be "biding their time waiting for a particularly lucrative opportunity," says Vernon Jackson, engineering manager at IBM's ISS X-Force security team.

Gamers' worm
Unlike Conficker, Taterf is the collective work of hundreds of moderately skilled hackers using widely available tool kits to create their own special worm. These hackers' only goal is to harvest log-ons to online games, such as World of Warcraft, EverQuest and Aion. They sell the log-ons to thieves who loot gamers' accounts for virtual cash and prize items, which they sell for real cash to avid gamers.

Tainted USB devices plugged into workplace PCs have set Taterf loose in corporate networks. "The target is gamers, but the bleed-over effects are increasingly common," says Gunter Ollmann, vice president of research at security firm Damballa.

Taterf infects all the shared hard drives the infected PC can connect to. Subsequently, any worker who navigates to the shared drive gets infected. Some Taterf hackers are starting to recognize that access to a corporate PC can be valuable for more than just gaming log-ons. "Once your machine is owned, they can do anything with it they like," Sophos researcher Chet Wisniewski says. "This could certainly turn into a bigger problem."

Companies can slow Conficker and Taterf by keeping anti-virus programs updated and security patches current, as well as turning off the Windows "autorun" feature, which executes code from any device plugged into USB ports. But many don't. For those who are inoculating, cleanup can be a nightmare. One tainted USB device inserted into a clean PC can re-infect the entire system.

"These worms will be around for many years to come," Wisniewski says.
R.I.P. Paul Gray - April 8, 1972 – May 24, 2010.
Poets of the Fall Addict.
I love you, to the moon and back, Nathan "Dallas" Steele <3

Chaos Hiruko

  • Lord of Destruction
  • Oldbie
  • *
  • Offline Offline
  • Gender: Male
  • Pharaoh Robotnik demands fried chicken!
    • View Profile
Re: Taterf Worm
« Reply #1 on: November 13, 2009, 11:46:24 pm »
So....what should I be looking out for?
(Like, e-mail, pop-ups, websites, etc.)
[size=9]3.14[/size][/b][/glow]

My trainer card, thanks to Epgpwpx
Need a new one soon.....
GETS in the Count to One Million: 5300, 5400, 5900, 6400, 6500, 7600, 8300, 8500

Awesome banner made by the equally awesome FooBot!

Kaena

  • Sandstorm Trainer
  • Member+
  • *
  • Offline Offline
  • Gender: Female
    • View Profile
Re: Taterf Worm
« Reply #2 on: November 13, 2009, 11:50:26 pm »
Worms are just another reason why any intelligent company should run Linux. Windows may be more user-friendly, but it is also inherently flawed. While I can sympathize with common computer users affected by these, I can't help but wonder why governments and airports are still running outdated operating systems. Thank you for spreading the word, because if simple security practices (e.g. updating Windows, avoiding using real-world money to buy MMORPG items) are employed then the effectiveness of the worms can be nullified.
and when the day arrives
I'll become the sky
and I'll become the sea

and the sea will come to kiss me
for I am going home

nothing can stop me now

-- la mer, translated from Creole French

Lauryn the Arisen

  • ...
  • Member+
  • *
  • Offline Offline
  • Gender: Female
  • "That is just offensive what they do." - Ellis
    • View Profile
    • The Hellgar Pack
Re: Taterf Worm
« Reply #3 on: November 13, 2009, 11:57:59 pm »
It's not a problem, Wa. I haven't heard of Taterf, before other than Conficker, that is still running around like a lunatic. ¬¬ Here's another artical of Taterf.

Increase in activity of the Taterf worm sees prevalence of worm infections

The Taterf worm has increased infections by 156 per cent over the past six months.

According to the latest bi-annual Microsoft security intelligence report, the worm has moved from two million infections earlier this year to 4.9 million with the most recent analysis.

It claimed that the ‘Taterf' worm is infecting seven machines every hour in the UK, with it targeting multiplayer online roll playing games such as Rainbow Island and World of Warcraft.

Unbeknown to the online gamer, the worm steals their personal account information via a downloadable executable file. It targets both home and work computers, and is primarily designed to infect a machine's USB stick or similar memory drive that can then be transported into a corporate network and infiltrate from inside their firewall defences.

The report stated that this is marking a resurgence of worms with infections doubling in the first half of this year, primarily due to the Conficker worm. This has seen worms becoming the second most prevalent threat category in the first half of 2009.

Microsoft UK's head of security and privacy Cliff Evans, said: “Over a six month period it [Taterf] certainly stepped up. Also with Koobface, this whole area is a big change. In the UK it is still true that malware is still dominant.

“It is spreading in a normal worm way. Starting by the dominance of worms into organisations – business are hit by worms, consumers by malware. Because of the way it spreads, it is a big increase. Conficker played a part but criminals have seen a way to make money.”

The report also claimed that Microsoft has detected and cleaned 13.4 million computers of rogue security software, down from 16.8 million, which it called ‘an improvement, but still a significant threat'.

Evans said: “We've cleaned less than last time, it is down from 16.8 million but we are still seeing it around and detecting it so I hope we are protecting it from getting it again. The category is still very important and we still advise on keeping things up to date.”
« Last Edit: November 13, 2009, 11:59:02 pm by Mutou Yami »
R.I.P. Paul Gray - April 8, 1972 – May 24, 2010.
Poets of the Fall Addict.
I love you, to the moon and back, Nathan "Dallas" Steele <3

Abwayax

  • Founder/Technical Support
  • Distinguished Member
  • *
  • Offline Offline
    • View Profile
Re: Taterf Worm
« Reply #4 on: November 14, 2009, 12:11:09 am »
Generally the only way to be 100% safe against Windows worms and viruses is to

1) Keep an antivirus (AVG and AntiVir are good) in resident guard mode, which makes it scan any file your computer attempts to touch (including ones on USB sticks). Only run EXEs from sites that you trust. Never open EXEs in emails. Use a firewall. Always keep up to date with the latest Windows security updates. Also, it might not be a good idea to use Internet Explorer.

2) Don't use Windows. This doesn't mean it has to be Linux per se; but it's well known that Unix-likes (which includes Linux, BSD, and even Mac OS X) are built for security. I haven't had to worry about worms ever since I switched away from Windows (although, granted, as a techie person I didn't worry much about them on Windows either). Many excellent programs, such as the Firefox and Opera web browsers and the OpenOffice.org office suite, allow you to do many of the things you already do on Windows. For anything else (i.e. games) there's Wine, which basically allows you to use Windows exe's outside Windows. Check the Application DB for known Windows programs that work under Wine - off the Top 10 Gold/Platinum lists I already notice Guild Wars, World of Warcraft, Team Fortress 2, Half-Life 2, Call of Duty 4, Spore, and Command and Conquer 3 (Gold and Platinum are stated to work flawlessly; I haven't even looked over the Silver list, which indicated "almost flawlessly").

Staying with Windows might grant you a good sense of security, but note that antivirus companies and Microsoft are always playing catch-up to virus writers. Of course, I'm biased.

Windows may be more user-friendly...
User-friendliness is rather subjective. I actually find Ubuntu more user-friendly than Windows ever was. For example, program installation. I like being able to go into Synaptic, put checkmarks on a few packages, and hit install. A Windows installer requires you to download an installer file and go through a "setup wizard" which consists of hitting "next" a dozen times and agreeing to the license agreement that you never actually read. The installer might complain that some dependencies aren't met and choke immediately afterwards; Synaptic/apt-get will automatically find those dependencies and install them for you. The installer was also rather easy and straightforward and the Metacity window manager is specifically meant to be simple and unobtrusive.

IMHO the only reason anyone considers Windows user-friendly is because computer users were (and still are) practically breast-fed on it. It would be more accurate to say users are Windows-friendly.
« Last Edit: November 14, 2009, 12:18:31 am by Adrian Malacoda »
A. Malacoda, http://monarch-pass.net

Also malacoda@social.monarch-pass.net and @malacoda:matrix.monarch-pass.net

Also adrianmalacoda or kuschelyagi in some places.

Lauryn the Arisen

  • ...
  • Member+
  • *
  • Offline Offline
  • Gender: Female
  • "That is just offensive what they do." - Ellis
    • View Profile
    • The Hellgar Pack
Re: Taterf Worm
« Reply #5 on: November 14, 2009, 12:14:34 am »
To be honest, creators of Conficker/Taterf, will find flaws in Microsoft's updates. I mean again I got 3 "Important Updates" for Microsoft Office, where they keep failing to install, so they can't be important if they fail, and this is Vista. AVG I only have the free version and I find it useless for scanning in Safe Mode if Normal Mode crashes. I keep my laptop up to date, yet my PC has these updates for Microsoft Office as well, but that was lost 7 years ago. Windows is world-wide, and them who have pirated copies of Windows will get infected easily.

Why was my topics moved, when I've posted Conficker topics in the General Discussion place before but they were never moved.
« Last Edit: November 14, 2009, 11:23:10 am by Mutou Yami »
R.I.P. Paul Gray - April 8, 1972 – May 24, 2010.
Poets of the Fall Addict.
I love you, to the moon and back, Nathan "Dallas" Steele <3

:56 ERROR

  • Uncle Rupee
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • 777
    • View Profile
    • This Glitch-tastic place.
Re: Taterf Worm
« Reply #6 on: November 14, 2009, 04:09:36 pm »
World of Warcraft accounts?

Oh God.

Good thing mine is just a bunch of old level 60 weapons (nostalgia runs, don't ask) and only a bit of gold.

Can these worms just be randomly installed on your computer just as you surf any site? Or does it have to be a particular site?
Or is it e-mail?
Hail to Oman, may it live forever.
I AM BACK ON GCLF WITH A VENGEANCE, WELCOME ME.

∀xaj

  • is dead
  • Member+
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
    • reply me please
Re: Taterf Worm
« Reply #7 on: November 14, 2009, 09:05:13 pm »
It would be more accurate to say users are Windows-friendly.

QFT



Lauryn the Arisen

  • ...
  • Member+
  • *
  • Offline Offline
  • Gender: Female
  • "That is just offensive what they do." - Ellis
    • View Profile
    • The Hellgar Pack
Re: Taterf Worm
« Reply #8 on: November 14, 2009, 09:37:55 pm »
I'm unsure, it's been around for 6 months, so I guess there's little known about it. I'll check Wiki to see if that has heard of it.

Edit: Bah, Wikipeida, has no idea on the Taterf, but it has a few names:

Taterf.B - Worm:
    * Win32/Frethog.CUM (CA)
    * W32/Lineage.KHE (Panda)
    * Mal/Frethog-B (Sophos)
    * Trojan-GameThief.Win32.Magania.ammv (Kaspersky)
    * Generic PWS.ak (McAfee)
    * Infostealer.Gampass (Symantec)

I'll be checking Google for more about Taterf.B, to see if there's any more news but not much has been said.
« Last Edit: November 14, 2009, 09:41:19 pm by Mutou Yami »
R.I.P. Paul Gray - April 8, 1972 – May 24, 2010.
Poets of the Fall Addict.
I love you, to the moon and back, Nathan "Dallas" Steele <3

Glisp

  • The Protector of Darkness
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • The Dark Eternal Champion will pwn you!
    • View Profile
Re: Taterf Worm
« Reply #9 on: November 14, 2009, 11:04:26 pm »
[color=reds:
 * Win32/Frethog.CUM
 

lol, .CUM extension? Several perverted thoughts just went through my head based on this extension.
Bleah! *Splash and Splatter*

Lauryn the Arisen

  • ...
  • Member+
  • *
  • Offline Offline
  • Gender: Female
  • "That is just offensive what they do." - Ellis
    • View Profile
    • The Hellgar Pack
Re: Taterf Worm
« Reply #10 on: November 14, 2009, 11:06:51 pm »
Oh, god, I didn't notice that. Seriously, I think perverts are the makers of this worm.
« Last Edit: November 14, 2009, 11:08:28 pm by Mutou Yami »
R.I.P. Paul Gray - April 8, 1972 – May 24, 2010.
Poets of the Fall Addict.
I love you, to the moon and back, Nathan "Dallas" Steele <3

IIMarckus

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Impersonal Text
    • View Profile
    • iimarck.us
Re: Taterf Worm
« Reply #11 on: November 14, 2009, 11:11:54 pm »
but it's well known that Unix-likes (which includes Linux, BSD, and even Mac OS X) are built for security.
It’s worth pointing out that OS X is not actually that secure. Even Snow Leopard doesn’t provide proper ASLR, and OS X and Safari routinely get taken out at competitions like Pwn2Own. That said, it is a smaller target than Windows and you’re unlikely to get hit by a trojan simply due to its low market share, but this is not intrinsic to the design of the Macintosh.

Also, if you’re smart about it, you won’t get hacked even on Windows. I ran Windows 2000 for years (up through early 2009 in fact) without ever getting a virus. On the other hand, my sister got a really nasty virus embedded in her XP system because she never downloaded Java updates, which is why she runs Ubuntu now.

For example, program installation. I like being able to go into Synaptic, put checkmarks on a few packages, and hit install. A Windows installer requires you to download an installer file and go through a "setup wizard" which consists of hitting "next" a dozen times and agreeing to the license agreement that you never actually read. The installer might complain that some dependencies aren't met and choke immediately afterwards; Synaptic/apt-get will automatically find those dependencies and install them for you. The installer was also rather easy and straightforward and the Metacity window manager is specifically meant to be simple and unobtrusive.
Definitely one of the major draws of Linux: the packaging systems beat the pants off program installation in Windows and OS X (provided, of course, that the program you want is in the repositories, but the probability of that is increasing all the time).
« Last Edit: November 14, 2009, 11:12:49 pm by IIMarckus »

Lauryn the Arisen

  • ...
  • Member+
  • *
  • Offline Offline
  • Gender: Female
  • "That is just offensive what they do." - Ellis
    • View Profile
    • The Hellgar Pack
Re: Taterf Worm
« Reply #12 on: November 14, 2009, 11:18:15 pm »
Nothing's ever fucking safe is there? I ran like Windows 98 for like 9 years even with the death screens, spyware, and viruses, but that lasted a good long 9 years, until I got my first Windows XP (Even with my 98 still alive), and that was fucking useless. XP: Home, and the first thing that hapened was a death screen, then all these numbers scrolled down the screen then it rebooted itself, and it was fine until think it was the hard drive that died and I lost my CD to Windows XP as the damn drive wouldn't open. Conficker's creators are doing this for money, Taterf's creator/creators are doing this for unknown reasons, maybe for money from games like WoW, reason Guild Wars isn't a target, because it's free to play, and any bots on the game are banned either way.
R.I.P. Paul Gray - April 8, 1972 – May 24, 2010.
Poets of the Fall Addict.
I love you, to the moon and back, Nathan "Dallas" Steele <3

:56 ERROR

  • Uncle Rupee
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • 777
    • View Profile
    • This Glitch-tastic place.
Re: Taterf Worm
« Reply #13 on: November 15, 2009, 12:15:21 pm »
Is Norton Antivirus any good to use?

Because although my WoW account is not imperative to my life, I would not want it lost after 3-4 years of gameplay.
Also, I obviously do not want my computer to be screwed with.
Hail to Oman, may it live forever.
I AM BACK ON GCLF WITH A VENGEANCE, WELCOME ME.

Lauryn the Arisen

  • ...
  • Member+
  • *
  • Offline Offline
  • Gender: Female
  • "That is just offensive what they do." - Ellis
    • View Profile
    • The Hellgar Pack
Re: Taterf Worm
« Reply #14 on: November 15, 2009, 12:31:45 pm »
I think Norton sucks. My Windows 98 had Norton on there for 9 years, and no matter what I could not uninstall it. AVG/Avast/other anti-viruses are good. I only use something that's free since I don't have the money to buy things, as I believe things over here in England for Anti-virus programes, are over-priced or they just suck.
R.I.P. Paul Gray - April 8, 1972 – May 24, 2010.
Poets of the Fall Addict.
I love you, to the moon and back, Nathan "Dallas" Steele <3