IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [worm]

Use this tag in relation to any kind of computer program that can replicate itself on its own, without user intervention, Like the old Morris worm. Lately, SMB vulnerabilities are the most common method.

Use this tag in relation to any kind of computer program that can replicate itself on its own, without user intervention, Like the old Morris worm. Lately, SMB vulnerabilities are the most common method.

18 questions
19
votes
3 answers

How Can I Process Untrusted Data Sources Securely?

Here is the conundrum: At my current company, we process physical discs from numerous third party sources and extract the data from them to ingest to our own system. While we can generally trust the sources, we don't want to run the risk of…
Sera H
  • 291
  • 3
  • 6
8
votes
1 answer

/hnap1/ scans router compromised or worm?

Recently, I saw some strange entries on my local-only webserver. The thing is I don't know if the attack came from outside the network or from an infected machine. I have read up a little on the hnap attack, but I'm still unsure what to do about it.…
James
  • 545
  • 2
  • 5
  • 8
5
votes
1 answer

Monero miner in ~/.info directory - a worm signature?

On one of development machines, we've noticed high CPU usage caused by md process. A short inspection has lead to ~/.info/md process which turned out to be monero miner, started by crontab. Unfortunately we've deleted it too eagerly, without…
9ilsdx 9rvj 0lo
  • 197
  • 6
4
votes
1 answer

WannaCry Source Code

Maybe this is a stupid question: Is the WannaCry source code public? https ://github.com/svenvdz/wannacry https: //github.com/Hackstar7/WanaCry https: //github.com/fadyosman/WannaCrySample I didn't really find anything on github or google. Is the…
user157308
  • 41
  • 1
  • 2
3
votes
0 answers

How did Stuxnet prevent the user from seeing the malicious files on a USB stick?

From what I can tell there were two main TMP files present on the infected USB stick. The smaller of the two would run first and hook various functions related to viewing files so as to hide the LNK and TMP files. While this was happening would it…
user224270
3
votes
1 answer

Malware: Is there a difference between automounting vs manually mounting?

This is specifically for Ubuntu, but if you'd like to include a reply that'd help Windows users, please do. Background: I'm working on the suspicion that there's malware on my neighbour's laptop, desktop PC and a external HDD. I've scanned them…
Nav
  • 351
  • 2
  • 9
2
votes
0 answers

Are there any wormable vulnerabilities for legacy Windows operating systems that are left unfixed?

I want to know the status of remote, code executing vulnerabilities of old Windows operating systems that are left unfixed, if they exist at all. Exploits like EternalBlue or BlueKeep wreaked havoc on many systems, but Microsoft did issue a patch…
manatails
  • 61
  • 3
2
votes
2 answers

How to act on company-wide malware infestation

A colleague left and I have been entrusted with the security of the company. Checking an initial status I found that the machines are infested with viruses and there are multiple port scans and brute force attacks that are showing on the firewall…
kimo pryvt
  • 469
  • 4
  • 6
  • 12
1
vote
0 answers

How does the "ClaimLetter#.zip" attack work?

I wonder if this is the right place to ask about the specific functioning of viruses / worms. We all receive fishy mails all the time. And generally I never click on anything, especially not attachments purporting to be quotes, letters, sipping…
Gunther Schadow
  • 111
  • 3
1
vote
1 answer

Morris worm and fixes

I am new to information security and was reading about Morris worm and encoutnered some nice reports and articles on it like this, this and this. There are many other article and tech reports on this. The first one talks about issues with BSD UNIX…
PHcoDer
  • 111
  • 2
1
vote
2 answers

Would it be possible and advisable to create a worm to patch for WannaCrypt?

WannaCrypt uses an SMB vulnerability to spread. Can we not use this vulnerability to create a similar worm, but one which patches for WannaCrypt instead of affecting it. Our worm infects a computer on network using the same vulnerability. And then…
Aravind Voggu
  • 123
  • 6
0
votes
1 answer

Is Blaster worm still dangerous on Windows 10?

I was able to successfully compile the blaster worm source code. I have its executable file now but I'm not sure if it is safe to run this file on my Windows 10 computer or not. What might happen if I do?
Jimmy Yang
  • 103
  • 3
0
votes
1 answer

The practicality that a home network / router gets compromised

I know that it's theoretically possible that a router can be hacked, and malware can be spread throughout a network merely by being connected to it. However, I'm wondering what exactly the chances of this is, since, we never really hear about it…
aslingaboutsec
  • 1
0
votes
1 answer

Do viruses spread by infecting other files on an infected machine?

Suppose malware lands and executes on a computer. Could this malware attempt to spread further by writing itself to data files (images, pdfs, docs) and hoping that the owner would transfer or upload these files somewhere. Like adding payload to…
aleks1265
  • 33
  • 2
0
votes
1 answer

Could a virus force a phone to download an app and spread it?

I'm writing a sci-fi story that includes a malicious app that spreads globally. The developer publishes an app without knowing it's infected, and it spreads because it forces phones to download it. Are there any mechanisms that might make this…
Jori Richman
  • 3
  • 1
1
2