Bizex
27th February 2004
I’m going to try not to turn this in to a blog about Windows security exploits but this one is genuinely interesting in that it actively tries to steal financial information and important passwords. Bizex spreads itself by spamming messages over ICQ advising the recipient to visit a specific URL. When they visit it, Internet Explorer exploits are used to download and execute the main payload which then infects their ICQ program and uses it to message their contacts. The worm also scans their hard drive for information relating to a number of well known financial services which it then uploads to a server via FTP, and it apparently snoops on their browser for any passwords travelling over HTTPS connections as well.
It seems that the sole purpose of this worm was to steal a bunch of cash quickly, and it looks very likely to succeed. The servers used to spread the worm have since been taken offline but you can be sure the person or people behind the worm were smart enough to cover their tracks.
More on Bizex can be found here and here; Thors Larholm’s analysis on BugTraq is particularly insightful.
More recent articles
- What happens if AI labs train for pelicans riding bicycles? - 13th November 2025
- Reverse engineering Codex CLI to get GPT-5-Codex-Mini to draw me a pelican - 9th November 2025
- Video + notes on upgrading a Datasette plugin for the latest 1.0 alpha, with help from uv and OpenAI Codex CLI - 6th November 2025