Alert - New virus on the loose

Chmera · July 07, 2006, 04:04:58 PM

Our own Mr. Ksoft's been taken down by it, as well as Conway The Z-Bomb virus is inverse - the better your antivirus software, the more damage it does. Sunrise(you may know the jerk) has been spreading it. I'm not going to tell you its URL, but watch out for any addresses containing 'z-bomb'. Especially from Sunrise's friends.

Apparently he made it and spread it simply because he was bored. I am alerting his nearest Sunshine Home for Psychopaths as we speak.

Mr. K · July 07, 2006, 06:11:13 PM

...

I've been taken down by it? Really? Hm. My computer seems fine; in fact I have a virus scan running right now and it would notice something suspicious

I'm curious about this. Google brings up nothing, so it seems to be new and unknown. More details?

EDIT: Hm, Sunrise sent me an 'MP3' called "Massive Damage" but I never opened it. Whaddya bet it's the virus? *delete*

EDIT AGAIN!!!!!: Before I deleted it, I opened it in a hex editor on a whim. Here is a legible it of text I found in the ANSI data:

Quote from: The so called MP3 fileZ-Bombed.txt You have received the Z-Bomb. Have a nice day.

Thank GOD I didn't open that thing!!!!!!!!!!!

If you receive a suspicious MP3 file, GET A HEX EDITOR AND CHECK IT FIRST. The one I got was called "Psycho Gun - Massive Damage.mp3" and it sure as hell wasn't one.

I am going to spread the word a bit, get the warning out before that asshole goes widespread with it.

EDIT3: I'm making a list of addresses that are suspicious/known to spread ZBomb. Can someone help me out? I need Sunrise's MSN/email so I can post it up make people aware... or maybe spam him. So basically, list of MSN's for Sunrise and all his friends. Also, maybe a list of affected people? I need to make sure people see this as a real threat.

tseug · July 07, 2006, 09:56:47 PM

It is about time for me to say... WTF! :huh2:

I'm interested to know how it works (and what it does), especially because of this:

Quote from: Chmera on July 07, 2006, 04:04:58 PMThe Z-Bomb virus is inverse - the better your antivirus software, the more damage it does

Could you PM it to me?

Also, how did you find out? (ATM I doubt it even exists, but I'm still curious :winktounge:)

Chmera · July 07, 2006, 10:57:00 PM

I asked the jerk himself, Sunrise. He told me everything but the code, pretty much. It doesn't delete anything, thankfully, but just makes the computer freeze and reboot. Annoying more than anything else, but still. Beware yon Jerkrise, for thou's compy may not return alive.

Mindless · July 08, 2006, 12:08:19 AM

Gimme a copy too. :wink:

Mr. K · July 08, 2006, 12:08:49 AM

You know, I tried executing that disguised MP3 Sunrise sent me via a virtual machine, and it refused to start. Though that may be because the only OS I have is a crippled, slimmed down version of WinXP. *needs to find Media Player and then try it*

And technically, with the "more damage" thing, it could basicially just look for certain Anti-Virus programs and hack them out. That's what it means.

I spread the word, now with this info Chmera has squeezed out of him. They respond with "Lol script kiddie".

I guess if people want it I could send the MP3. Dunno if it's an acutal working copy.

Mr. K · July 08, 2006, 02:42:13 AM

Updateyness. I've been talking with Sun himself.

Quotes from conversation:

Quotesunriseh@maxnet.co.nz says (9:29 PM):
Crap antivirus = Crap Z-Bomb results
Good antivirus = Z-Bomb pwns you
It's an old trick really, I just amplified it in a few ways
(And hid a couple of secret messages in it)

Quotesunriseh@maxnet.co.nz says (9:30 PM):
Haha, so your antivirus doesn't automatically scan new received files?
\\Mr. Ksoft - DEVIANTART http://ksoftman.deviantart.com/ // says (9:30 PM):
Not to my knowledge.
sunriseh@maxnet.co.nz says (9:30 PM):
That's why it didn't have any immediate effect
If it had've scanned it as soon as you had've received it, you'd've received instant pwnage

Quotesunriseh@maxnet.co.nz says (9:31 PM):
Scan on startup would probably mean you'd get locked otu of your computer until you manually deleted the file (or your antivirus)
Haha, I know EXACTLY how it works It's a very simple trick

Quotesunriseh@maxnet.co.nz says (9:35 PM):
Bascially, upon scanning, you get pwned
It's one of the oldest tricks in the book... just improved and disguised better
\\Mr. Ksoft - DEVIANTART http://ksoftman.deviantart.com/ // says (9:35 PM):
Hm. Was I pwned then if I manual-scanned it.
sunriseh@maxnet.co.nz says (9:36 PM):
Btw - if you actually can get into the tricks of how it works (not hard), there are a couple of secret mesasges hidden in it
Most likely.
\\Mr. Ksoft - DEVIANTART http://ksoftman.deviantart.com/ // says (9:36 PM):
Odd, computer is working fine. In fact, it's working better.
OWNED
sunriseh@maxnet.co.nz says (9:36 PM):
Hm, maybe it's only on automatic scans then. I don't know exactly what the results will be. All I know is that 99.99% of the time it won't cause any irreversable damage
\\Mr. Ksoft - DEVIANTART http://ksoftman.deviantart.com/ // says (9:37 PM):
So it's not what I thought it was. It's fixable then. I had the feeling it zapped your disks, cripped Winblowz, etxc.
sunriseh@maxnet.co.nz says (9:37 PM):
No
sunriseh@maxnet.co.nz says (9:38 PM):
It could in theory flood your hard drive until all the space is used up, but that's reversable by deleting
I also doubt that'd happen very often

k, show's over kids. Nothing serious. lol script kiddie.

EDIT: More on the inner workings of this thing. Sunrise has asked that I only post its capabilites and figures.

I'll just say that it has to do with 560GB, and depending on your virus scanner's scanning habits, that will make it nail you faster/slower. Also it is reversible.

Sunrise also challenges you to find out how it works by getting it from http://z-bomb.cabspace.com/ . Disable your virus scanner before downloading/messing with, just for safety. Hint: HEADER!

tseug · July 08, 2006, 03:08:26 AM

Hehe he's a n00b. :wink:

EDIT: What the hell... it doesn't do anything whatsoever.

Mr. K · July 08, 2006, 03:15:21 AM

Then obviously your antivirus sucks

Just don't scan it, that's all I'll say. Try and figure out how it works.

tseug · July 08, 2006, 03:17:25 AM

Umm... I scanned it twice... my compy is fine...

Mr. K · July 08, 2006, 03:19:46 AM

Whoa. Interesting.

tseug · July 08, 2006, 03:23:37 AM

......................

It's just an unusually deep zip archive..... nothing more. According to my antvirus and my disassembler.

Mr. K · July 08, 2006, 03:27:16 AM

Yes. Do you know how it cripples your computer when it gets scanned?

tseug · July 08, 2006, 04:37:17 AM

It doesn't. At least not for my antivirus. It just takes a few minutes to scan, which has no effect on the rest of my comp.

EDIT: I suppose if your antivirus ran at a high priority level it would freeze your comp for a bit, but that would still be fairly easy to fix.

EDIT2: Here are the messages:

Z-Bombed.txt - You have received the Z-Bomb. Have a nice day.

The Z-Bomb.txt - Welcome to the Z-Bomb. Can you find the three secret messages?

bomb.zip>>Z-Bombed.txt - You have received the Z-Bomb. Have a nice day.

Mindless · July 08, 2006, 04:53:40 AM

Yeah... it's just nested archives of 7mB files of "z"s... hence the name z-bomb (if you completely expanded all the files your hard disk would be filled with worthless "z"s)

My anti-virus is very good... so good, in fact, that it does not detect this lame excuse for a "virus"... because it isn't one. As of right now, it's still scanning deep into the reaches of the nested archives... not slowing my computer a bit.

Edit: a message (from bomb.zip->4.zip->l.zip->e.zip->x)

Quotei love you alexa, why don't you love me?!

Edit: another message (from bomb.zip->8.zip->e.zip->o.zip->n)

Quotedestruction is imminent do not try to survive --eon8

Edit: i'm fairly certain that he forgot to put in the third message... LAME!

Alert - New virus on the loose

tseug

tseug

tseug

tseug

tseug