The Frost Wyrm Of Bropia
What the fuck? The email blogs I sent a couple of days ago just turned up. Also, the number of my posts doesn't get updated. Oh well, on with the show.
Last night, I was cruisin' round the Net in my Windows XP-mobile when a not-too-familiar acquaintance tried to send me a file (.pif) over MSN Messenger. Secure in the aura of my wizardly prowess, I accepted the file. I then sent the goon an IM asking him what the fuck he had just sent me. He did not reply. I was installing an update of Messenger Plus at the time, so after the installation, my Messenger had to be restarted (kinda like Windows itself, which has to be restarted if you, like, update some text file or some shit like that).
Once Messenger was restarted, the same goon tried to send me another .pif file. Still secure in the deadly aura of my wizardly prowess, I accepted that too. Again, I asked the bugger what he'd just sent me. Again, he did not reply. By this time, I was sure it was a virus or worm of some kind, so just to prove how tough I was, I ran the file. Bam, a browser opened, showing a page with some idiotic script kiddy l337 h4x0r message. Then, a lot of send file dialogs for Messenger appeared, trying to send the file to everyone on my list. I won't even say "nice try", because it wasn't. Why would a worm clue you in to the fact that it was there by first opening a browser and then popping up so many dialogs?
The best (or worst, depending on your perspective) crack is one where the victim doesn't even know that he's been cracked. This worm goes out of its way to tell you that you should be trying to prevent it from propagating by getting rid of it. Ego, ego *wags finger*. Ah, yes, it also swapped my left and right mouse buttons. Now, that's just childish. Applying common sense, I tried to run task manager, which was immediately killed. Not certain if I was still inadvertently trying to propagate the worm, I shut down my Messenger. To be on the safe side, I uninstalled it. Then, I scanned my hard drive with my (original and updated) McAfee (is that how you spell it?), but it turned up nothing. Piece of shit. I tried to run regedit, but that was killed too.
Muttering to myself about the iniquities of Windows, I examined my hard disk manually. Immediately it became clear that some files were there that did not belong. I deleted them and they reappeared immediately. So, it appeared to be time to apply some fearsome hacker-jutsu. I left the leisurely hay cottage with easily opened Windows where I played games with the children of the Net and entered my fortress of Linux. Using dark arts too arcane to mention and incantations in terrible tongues lost to mortal ken, I summoned fearsome creatures from the Plane of Hex to do my sorcerous bidding. My dark minions wrung from the recalcitrant wyrm its secrets, and behold, it could not resist my unholy powers. Now that I knew where this Hydra made its lairs, I armed myself with the Sword of RM and proceeded to excise this reckless wyrm which had so foolishly intruded on my Domain. Deciding that it was now safe to proceed from my fortress, I returned the Sword of RM to whence it came and dismissed my unholy minions back to the Plane of Hex.
I then journeyed to the Safe Place in the cottage where no wyrms may enter and . . . *demonic red glow fades from eyes* ran regedit again. Looking through the usual suspects, (HKLM->blahblah->Run, etc), I deleted all the entries the worm had created. Rebooting Windows in normal mode, I sat back, basking in the warm glow of the knowledge that I was still the master of my (web) domain.
Anyway, humble readers, do not accept any .pif files from anybody on Messenger, especially if they do not seem to be replying to your messages and more especially if you're running McAfee. If you do accept such a file, do not
run it unless you're absolutely sure you know what you're doing.
Update: For more information, look here