Vlad (recompiler) wrote in wardrivers,
Vlad
recompiler
wardrivers

WiFi worm

New worm/trojan appears to be spreading, it utilizes, get this, WiFi. Yes we are long over due for one of these. It seems to be over much of New Jersey but we first noticed it around Newark in the evening on 9/20/05. It appears to infect unpatched XP machines. The machines lock up and everything including regedit stops working. MS malicious code detection tool does detect it but is unable to clean it. After infection is sets the WiFi card to Ad-Hoc mode with SSID aec_le and starts requesting DHCP leases. Looks like this might actually be relying on wardrivers to spread.

More details to come as I get them.


WEP,Infrastructure,JB,00:0C:41:BD:72:87,-90,6,9/21/2005 9:41:14 PM,9/21/2005 9:44:51 PM,0,0
WEP,Infrastructure,japan,00:13:10:82:E9:6C,-90,6,9/21/2005 9:41:14 PM,9/21/2005 9:44:51 PM,0,0
WEP,Infrastructure,linksys,00:13:10:FF:52:F5,-90,6,9/21/2005 9:41:34 PM,9/21/2005 9:44:51 PM,0,0
None,Infrastructure,decker,00:90:4C:7E:00:29,-90,1,9/21/2005 9:41:14 PM,9/21/2005 9:42:25 PM,0,0
None,AdHoc,aec_le,00:6D:C9:6D:D8:00,0,6,9/21/2005 9:44:18 PM,9/21/2005 9:44:27 PM,0,0
None,AdHoc,aec_le,00:90:FD:90:D6:00,0,6,9/21/2005 9:42:15 PM,9/21/2005 9:42:24 PM,0,0
None,AdHoc,LAWN,CA:DA:FF:A9:CC:DD,-90,10,9/21/2005 9:41:40 PM,9/21/2005 9:44:39 PM,0,0
None,AdHoc,aec_le,00:99:06:99:D8:00,0,6,9/21/2005 9:44:29 PM,9/21/2005 9:44:38 PM,0,0
WEP,Infrastructure,danner,00:0F:3D:4E:C1:76,-90,6,9/21/2005 9:41:15 PM,9/21/2005 9:44:51 PM,0,0
None,AdHoc,aec_le,00:EF:AF:EF:D8:00,0,6,9/21/2005 9:44:51 PM,9/21/2005 9:44:51 PM,0,0
None,AdHoc,aec_le,00:66:50:66:D6:00,0,6,9/21/2005 9:42:03 PM,9/21/2005 9:42:13 PM,0,0
None,AdHoc,aec_le,00:C0:1A:C0:D7:00,0,6,9/21/2005 9:43:33 PM,9/21/2005 9:43:42 PM,0,0
None,AdHoc,aec_le,00:94:AC:94:D7:00,0,6,9/21/2005 9:43:21 PM,9/21/2005 9:43:31 PM,0,0
None,AdHoc,aec_le,00:BD:26:BD:D6:00,0,6,9/21/2005 9:42:26 PM,9/21/2005 9:42:35 PM,0,0
None,AdHoc,aec_le,00:3E:67:3E:D7:00,0,6,9/21/2005 9:42:59 PM,9/21/2005 9:43:09 PM,0,0
None,AdHoc,aec_le,00:69:69:69:D7:00,0,6,9/21/2005 9:43:10 PM,9/21/2005 9:43:20 PM,0,0
None,AdHoc,aec_le,00:43:33:43:D8:00,0,6,9/21/2005 9:44:06 PM,9/21/2005 9:44:16 PM,0,0
None,AdHoc,aec_le,00:C4:15:C4:D8:00,0,6,9/21/2005 9:44:40 PM,9/21/2005 9:44:49 PM,0,0
WEP,Infrastructure,Cho MOMMA,00:30:BD:C0:2E:D0,-90,11,9/21/2005 9:41:15 PM,9/21/2005 9:41:20 PM,0,0
WEP,Infrastructure,phoenix-aoG,00:0F:66:A0:C8:1C,-90,6,9/21/2005 9:42:04 PM,9/21/2005 9:44:28 PM,0,0
None,AdHoc,aec_le,00:16:AF:16:D8:00,0,6,9/21/2005 9:43:55 PM,9/21/2005 9:44:05 PM,0,0
None,AdHoc,aec_le,00:E8:CE:E8:D6:00,0,6,9/21/2005 9:42:37 PM,9/21/2005 9:42:47 PM,0,0
None,AdHoc,aec_le,00:EA:9E:EA:D7:00,0,6,9/21/2005 9:43:44 PM,9/21/2005 9:43:53 PM,0,0
None,AdHoc,aec_le,00:3A:A0:3A:D6:00,0,6,9/21/2005 9:41:52 PM,9/21/2005 9:42:02 PM,0,0
WEP,Infrastructure,CBB,00:13:10:76:FE:B5,-90,6,9/21/2005 9:41:14 PM,9/21/2005 9:44:51 PM,0,0
WEP,Infrastructure,linksys_SES_15134,00:14:BF:28:84:B6,-90,6,9/21/2005 9:41:15 PM,9/21/2005 9:44:51 PM,0,0
None,AdHoc,aec_le,00:13:6B:13:D7:00,0,6,9/21/2005 9:42:48 PM,9/21/2005 9:42:58 PM,0,0



None,AdHoc,aec_le,00:AD:BB:AD:EF:00,0,6,9/21/2005 10:09:55 PM,9/21/2005 10:10:04 PM,0,0
None,AdHoc,aec_le,00:97:7C:97:E7:00,0,6,9/21/2005 10:00:59 PM,9/21/2005 10:01:09 PM,0,0
None,AdHoc,aec_le,00:A3:A3:A3:E8:00,0,6,9/21/2005 10:02:09 PM,9/21/2005 10:02:19 PM,0,0
None,AdHoc,aec_le,00:18:2A:18:EE:00,0,6,9/21/2005 10:08:10 PM,9/21/2005 10:08:19 PM,0,0
WEP,Infrastructure,bigcheese,00:0F:B5:6E:AA:14,-90,11,9/21/2005 10:06:38 PM,9/21/2005 10:11:28 PM,0,0
None,AdHoc,aec_le,00:50:46:50:EF:00,0,6,9/21/2005 10:09:30 PM,9/21/2005 10:09:40 PM,0,0
WEP,Infrastructure,
None,AdHoc,aec_le,00:E9:56:E9:ED:00,0,6,9/21/2005 10:07:58 PM,9/21/2005 10:08:07 PM,0,0
WEP,Infrastructure,BIG BALLS,00:13:10:6D:6D:0C,-79,8,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:6E:32:6E:EB:00,0,6,9/21/2005 10:05:14 PM,9/21/2005 10:05:23 PM,0,0
None,AdHoc,aec_le,00:91:44:91:EA:00,0,6,9/21/2005 10:04:17 PM,9/21/2005 10:04:26 PM,0,0
None,AdHoc,aec_le,00:30:5C:30:E6:00,0,6,9/21/2005 9:59:35 PM,9/21/2005 9:59:36 PM,0,0
None,Infrastructure,belkin54g,00:11:50:38:02:7F,-63,11,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:5F:DA:5F:F0:00,0,6,9/21/2005 10:10:41 PM,9/21/2005 10:10:50 PM,0,0
None,AdHoc,aec_le,00:CD:16:CD:EB:00,0,6,9/21/2005 10:05:38 PM,9/21/2005 10:05:47 PM,0,0
None,AdHoc,aec_le,00:D0:1F:D0:E8:00,0,6,9/21/2005 10:02:21 PM,9/21/2005 10:02:30 PM,0,0
None,AdHoc,aec_le,00:C3:29:C3:E7:00,0,6,9/21/2005 10:01:11 PM,9/21/2005 10:01:21 PM,0,0
None,AdHoc,aec_le,00:63:EB:63:EA:00,0,6,9/21/2005 10:04:05 PM,9/21/2005 10:04:14 PM,0,0
None,AdHoc,aec_le,00:E4:AA:E4:E6:00,0,6,9/21/2005 10:00:14 PM,9/21/2005 10:00:23 PM,0,0
None,AdHoc,aec_le,00:0D:5F:0D:ED:00,0,6,9/21/2005 10:07:01 PM,9/21/2005 10:07:10 PM,0,0
None,AdHoc,aec_le,00:9C:35:9C:EE:00,0,6,9/21/2005 10:08:44 PM,9/21/2005 10:08:54 PM,0,0
None,Infrastructure,njit,00:40:96:52:DB:83,-90,3,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:7F:05:7F:EF:00,0,6,9/21/2005 10:09:43 PM,9/21/2005 10:09:52 PM,0,0
None,AdHoc,aec_le,00:44:2A:44:EE:00,0,6,9/21/2005 10:08:21 PM,9/21/2005 10:08:30 PM,0,0
WEP,Infrastructure,BARSBAY,00:09:5B:72:CF:04,-90,11,9/21/2005 10:02:20 PM,9/21/2005 10:02:43 PM,0,0
None,AdHoc,aec_le,00:E8:C1:E8:EA:00,0,6,9/21/2005 10:04:40 PM,9/21/2005 10:04:49 PM,0,0
None,AdHoc,aec_le,00:07:81:07:F0:00,0,6,9/21/2005 10:10:18 PM,9/21/2005 10:10:26 PM,0,0
WEP,Infrastructure,BurgerKing,00:11:50:0E:6D:09,-90,3,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:38:A4:38:ED:00,0,6,9/21/2005 10:07:12 PM,9/21/2005 10:07:21 PM,0,0
None,AdHoc,aec_le,00:BD:DD:BD:ED:00,0,6,9/21/2005 10:07:47 PM,9/21/2005 10:07:55 PM,0,0
None,AdHoc,aec_le,00:BA:24:BA:F0:00,0,6,9/21/2005 10:11:04 PM,9/21/2005 10:11:12 PM,0,0
None,AdHoc,aec_le,00:14:BE:14:EB:00,0,6,9/21/2005 10:04:51 PM,9/21/2005 10:05:00 PM,0,0
None,AdHoc,aec_le,00:8B:AB:8B:E6:00,0,6,9/21/2005 9:59:51 PM,9/21/2005 10:00:00 PM,0,0
WEP,Infrastructure,dx,00:0D:88:ED:4F:65,-90,6,9/21/2005 9:59:54 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:53:F8:53:EC:00,0,6,9/21/2005 10:06:13 PM,9/21/2005 10:06:22 PM,0,0
None,AdHoc,aec_le,00:E1:81:E1:EC:00,0,6,9/21/2005 10:06:49 PM,9/21/2005 10:06:59 PM,0,0
None,AdHoc,aec_le,00:8D:FF:8D:F0:00,0,6,9/21/2005 10:10:52 PM,9/21/2005 10:11:01 PM,0,0
None,AdHoc,aec_le,00:F1:27:F1:E7:00,0,6,9/21/2005 10:01:23 PM,9/21/2005 10:01:33 PM,0,0
None,AdHoc,aec_le,00:0C:16:0C:EA:00,0,6,9/21/2005 10:03:43 PM,9/21/2005 10:03:52 PM,0,0
None,AdHoc,aec_le,00:B8:F4:B8:E6:00,0,6,9/21/2005 10:00:03 PM,9/21/2005 10:00:12 PM,0,0
None,AdHoc,aec_le,00:70:83:70:EE:00,0,6,9/21/2005 10:08:32 PM,9/21/2005 10:08:41 PM,0,0
None,AdHoc,aec_le,00:58:0C:58:E9:00,0,6,9/21/2005 10:02:56 PM,9/21/2005 10:03:05 PM,0,0
None,AdHoc,aec_le,00:7F:D6:7F:EC:00,0,6,9/21/2005 10:06:25 PM,9/21/2005 10:06:33 PM,0,0
None,AdHoc,aec_le,00:B5:A0:B5:EC:00,0,6,9/21/2005 10:06:38 PM,9/21/2005 10:06:47 PM,0,0
None,AdHoc,aec_le,00:4A:92:4A:E8:00,0,6,9/21/2005 10:01:46 PM,9/21/2005 10:01:55 PM,0,0
None,AdHoc,aec_le,00:38:7C:38:EA:00,0,6,9/21/2005 10:03:54 PM,9/21/2005 10:04:03 PM,0,0
None,AdHoc,aec_le,00:27:BE:27:EC:00,0,6,9/21/2005 10:06:02 PM,9/21/2005 10:06:11 PM,0,0
None,AdHoc,aec_le,00:21:67:21:EF:00,0,6,9/21/2005 10:09:19 PM,9/21/2005 10:09:28 PM,0,0
None,AdHoc,aec_le,00:1E:04:1E:E8:00,0,6,9/21/2005 10:01:34 PM,9/21/2005 10:01:44 PM,0,0
None,AdHoc,aec_le,00:65:49:65:ED:00,0,6,9/21/2005 10:07:24 PM,9/21/2005 10:07:33 PM,0,0
None,AdHoc,aec_le,00:5E:08:5E:E6:00,0,6,9/21/2005 9:59:39 PM,9/21/2005 9:59:48 PM,0,0
None,AdHoc,aec_le,00:90:D1:90:ED:00,0,6,9/21/2005 10:07:35 PM,9/21/2005 10:07:44 PM,0,0
None,AdHoc,aec_le,00:B1:F8:B1:E9:00,0,6,9/21/2005 10:03:19 PM,9/21/2005 10:03:28 PM,0,0
WEP,Infrastructure,Wasted Empire,00:0D:88:EB:EA:4A,-90,1,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:FB:15:FB:EB:00,0,6,9/21/2005 10:05:50 PM,9/21/2005 10:05:59 PM,0,0
WEP,Infrastructure,
None,Infrastructure,AMP_NETGEAR,00:0F:B5:62:D4:2A,-90,11,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:6B:7B:6B:E7:00,0,6,9/21/2005 10:00:48 PM,9/21/2005 10:00:58 PM,0,0
None,AdHoc,aec_le,00:F5:91:F5:EE:00,0,6,9/21/2005 10:09:07 PM,9/21/2005 10:09:16 PM,0,0
None,AdHoc,aec_le,00:19:37:19:F1:00,0,6,9/21/2005 10:11:29 PM,9/21/2005 10:11:30 PM,0,0
None,Infrastructure,,00:14:BF:15:3E:F6,-90,8,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:CA:4C:CA:EE:00,0,6,9/21/2005 10:08:56 PM,9/21/2005 10:09:05 PM,0,0
None,AdHoc,aec_le,00:76:11:76:E8:00,0,6,9/21/2005 10:01:58 PM,9/21/2005 10:02:06 PM,0,0
None,AdHoc,linksys,FE:10:BC:FA:67:0F,-90,11,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:DF:26:DF:E9:00,0,6,9/21/2005 10:03:31 PM,9/21/2005 10:03:40 PM,0,0
None,AdHoc,aec_le,00:3E:29:3E:E7:00,0,6,9/21/2005 10:00:37 PM,9/21/2005 10:00:47 PM,0,0
None,AdHoc,aec_le,00:40:CF:40:EB:00,0,6,9/21/2005 10:05:02 PM,9/21/2005 10:05:11 PM,0,0
None,AdHoc,aec_le,00:DA:09:DA:EF:00,0,6,9/21/2005 10:10:06 PM,9/21/2005 10:10:15 PM,0,0
WEP,Infrastructure,
None,Infrastructure,oak408sjs22,00:0F:66:3D:75:DC,-90,1,9/21/2005 9:59:34 PM,9/21/2005 10:11:03 PM,0,0
None,Infrastructure,jezlukin,00:0F:3D:07:FA:33,-90,1,9/21/2005 9:59:35 PM,9/21/2005 10:11:30 PM,0,0
None,AdHoc,aec_le,00:BD:52:BD:EA:00,0,6,9/21/2005 10:04:28 PM,9/21/2005 10:04:37 PM,0,0
None,AdHoc,aec_le,00:12:39:12:E7:00,0,6,9/21/2005 10:00:25 PM,9/21/2005 10:00:35 PM,0,0
None,AdHoc,aec_le,00:84:23:84:E9:00,0,6,9/21/2005 10:03:07 PM,9/21/2005 10:03:17 PM,0,0
None,AdHoc,aec_le,00:EB:60:EB:F0:00,0,6,9/21/2005 10:11:16 PM,9/21/2005 10:11:26 PM,0,0
None,AdHoc,aec_le,00:2A:6F:2A:E9:00,0,6,9/21/2005 10:02:44 PM,9/21/2005 10:02:53 PM,0,0
None,AdHoc,aec_le,00:9E:79:9E:EB:00,0,6,9/21/2005 10:05:26 PM,9/21/2005 10:05:35 PM,0,0
None,AdHoc,aec_le,00:32:CA:32:F0:00,0,6,9/21/2005 10:10:29 PM,9/21/2005 10:10:38 PM,0,0
None,AdHoc,aec_le,00:FC:AE:FC:E8:00,0,6,9/21/2005 10:02:33 PM,9/21/2005 10:02:41 PM,0,0
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

  • 0 comments