5 September 2000

Reading:  Charles Beard, An Economic Interpretation of the Constitution


QAZ Trojan/Virus


I spent part of today finishing up the cleanup of the nasty little QAZ trojan/virus I picked up (see yesterday's entry).  Turns out this trojan is spread over unsecure ports (get yourself a firewall, people!) and quickly renames itself to notepad.exe, renaming the old notepad to note.com.  When one launches notepad, it runs itself and runs note.com, so the user doesn't really notice any difference.  But the new notepad is running in the background, having set itself up as a webserver that listens on a certain port for... basically anyone who knows what to look for!  The new notepad also tries to propagate itself, beginning a scan of IP addresses and ports.  Nasty stuff.  And it's only about a month old, so my anti-virus program didn't catch it initially.  But thankfully, Zone Alarm caught the unusual activity.  Interestingly, it was trying to send the information to an IP address located in China.  Scary stuff!

Otherwise, the day wasn't totally notable.  But that's notable enough!

<<<<   MAIN   >>>>