Inertia's picture

Info: Javascript Worm

First of all: is NOT infected.

I don't intend to make people paranoid/panic about the worm, just sharing that it exists. The worm has been uncovered when it infected some hosted sites. There's a lengthy post about it here:

The short version is:
-The worm was created by these guys
-it's purpose is to install a rootkit to your master boot record, to phish your credit card number from online banking, ebay, amazon etc.
-This tool can identify the rootkit - which the worm installs - on your machine
If nothing highlights as red, your system is fine. It's perfectly normal that the tool lists your firewall/antivirus as rootkits, because of the way they are hooked into the OS.
-Virusscanners seem unable to detect the infection - yet.

Personally I'd recommend all Firefox users to install the NoScript plugin which blocks all javascripts by default, and you have to manually allow sites - which you consider trustworthy - to execute scripts. This isn't a solution to the problem, but will heavily limit the sites which could possibly infect your system (and besides that it's an excellent popup/ad blocker).

This post is merely to inform people that such a threat exists. It might be old news for some people, but I've never heard of such an attack before.