Inertia's picture

Info: Javascript Worm

First of all: OpenTK.net is NOT infected.

I don't intend to make people paranoid/panic about the worm, just sharing that it exists. The worm has been uncovered when it infected some scene.org hosted sites. There's a lengthy post about it here: http://www.pouet.net/topic.php?which=5006&page=1&x=22&y=11

The short version is:
-The worm was created by these guys http://en.wikipedia.org/wiki/Russian_Business_Network
-it's purpose is to install a rootkit to your master boot record, to phish your credit card number from online banking, ebay, amazon etc.
-This tool can identify the rootkit - which the worm installs - on your machine http://www.gmer.net/
If nothing highlights as red, your system is fine. It's perfectly normal that the tool lists your firewall/antivirus as rootkits, because of the way they are hooked into the OS.
-Virusscanners seem unable to detect the infection - yet.

Personally I'd recommend all Firefox users to install the NoScript plugin https://addons.mozilla.org/de/firefox/addon/722 which blocks all javascripts by default, and you have to manually allow sites - which you consider trustworthy - to execute scripts. This isn't a solution to the problem, but will heavily limit the sites which could possibly infect your system (and besides that it's an excellent popup/ad blocker).

This post is merely to inform people that such a threat exists. It might be old news for some people, but I've never heard of such an attack before.