main

Noomy.A virus spreading via chat rooms

malebolgia   on 07 October 2004 - 21:35 · 14 comments & 772 views

Advertisement (Why?)
Security experts have warned internet users to update their antivirus systems to protect against a newly discovered worm dubbed Noomy.A, which "could represent a new trend in malicious code techniques". PandaLabs said that, although this sophisticated and dangerous worm has not yet spread significantly in the wild, it has a series of unusual but potentially effective characteristics to propagate itself through Internet Relay Chat (IRC).

Written in Visual Basic, the worm creates an HTTP server on affected computers and generates a large number of files containing copies of its code. The names of these files, designed to tempt unwary users into believing that they are software cracks, include '2004serials.pif', 'Ageofempires2crack.exe', 'AgeOfMythologyISO.exe' or 'AnaKurnikovaVirualGirl2004.scr', among many others.

News source: vnunet.com


Cont...

At present the new venture is being called "Exclaim," but this is apparently only a temporary name and is likely to be replaced before the firm starts trading. Cousens is joined in the new venture by Europlay Capital Advisers, the Los Angeles based firm which is headed by industry veterans Sean Brennan and Mark Dyne and has advised on a number of major industry deals in recent years.

It's expected that along with the Cheltenham and Manchester studios - accounting for some 160 employees - "Exclaim" will also take possession of several of Acclaim's products in development, including Interview with a Made Man and Heist.


Share this Article

About the Author

Full name: Unknown
User name: malebolgia
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

Post a comment · Send to friend Comments · There are 14 additional comments
#1 castor_troyuk on 07 Oct 2004 - 22:16
yeah we've been trying to combat this one for weeks, although we know it as mymoon. Oddly my network is one of the 1st on the list, so odds are it's some user I prolly glined n he's getting revenge heh
#2 cheesegoduk on 07 Oct 2004 - 22:49
Yah this virus is actually fairly old now, I'm an oper on one of the affected networks, and we managed to get hold of the bot and analyse it, we were the first ones to submit it to Mcafee/norton , Managed to get them to analyse it has well and was provided with a newly built dat file within 2 hours

Anyway theres a thread on the unrealircd forums (IRC software) on which infomation on the virus was posted, and a successful method of blocking it.
This can be viewed Here

The virus itself is actually rather pants, The bots that post on the network often post links to IP addresses on Private IP ranges which clearly don't work online, and the backdoor features of the virus aren't exactly anything for "skiddies" to get excited over(ie, they suck or don't work)



Last edited by 34378 on 07 Oct 2004 - 22:54
#3 MaceX on 08 Oct 2004 - 00:45
why is this even news?
(5 replies) #4 Colonel_Angus on 08 Oct 2004 - 01:30
Windows users getting pwned LOL. maybe this will clean out some of those clueless windows n00bs polluting IRC with their ignorance.
#4.1 NyaR on 08 Oct 2004 - 01:54
yea lets perform racial cleansing on the noobie subusers
#4.2 jivemastert on 08 Oct 2004 - 03:05
you were a n00b at one point you know... so stfu and knock it off with the n00b hating.
#4.3 cheesegoduk on 08 Oct 2004 - 07:17
Yes may have been a n00b, but It really is common sense not to open random things from users with odd names etc on irc
#4.4 Colonel_Angus on 08 Oct 2004 - 12:21
Like, alot of you windows noobs are like 'Why are you always pwning us' and stuff and im like thats just what I do, I pwn noobs. And you guys are like 'why, its so easy to pwn us, why dont you pwn gurus' and im like to me, everyones a noob.
#4.5 snake-eyes on 08 Oct 2004 - 16:38
What, your idea of "pwning" others is go after "noobs" using pre-made exploits or trojans on IRC networks?

Please.

Script kiddies "pwning" clueless Windows "noobs" on IRC is hardly impressive. I suppose if that's enough to boost your self esteem, go you. To anyone else that has a clue, it just looks sad.
#5 neufuse on 08 Oct 2004 - 01:48
when was the last time you saw a crack with the name ISO in the title? people that fall for this ugh... thats all I have to say..
#6 Geo on 08 Oct 2004 - 02:23
QUOTE
Written in Visual Basic


*hits back button*
(1 reply) #7 jivemastert on 08 Oct 2004 - 03:06
chances are if you got a virus, you did something stupid... watch yourself and dont download questionable stuff and you are fine!
#7.1 Colonel_Angus on 08 Oct 2004 - 12:22
chances are if you've ever gotten a virus, you ARE stupid.
#8 Chrysalis on 08 Oct 2004 - 04:15
virus's like this have been around years its nothing new

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.899) © 2000 - 2008 Neowin.net