|
Updates
 A
compilation of the latest information about viruses and worms, security issues
and patches to rectify the same.
F-Secure reports IRCBot.es
The IRC-based backdoor worm provides unauthorised access
to an infected computer and also has the capability to spread to remote computers
using the PNP exploit on port 445. This is supposed to be another variant of
the malware IRCBot. This IRCBot variant attacks in a different way—instead
of the usual replication methods of guessing share passwords or probing for
RPC/LSASS vulnerabilities, this bot uses the brand new MS05-039 Plug-and-Play
vulnerability. The backdoor file is a PE executable file of 8 kilobytes. When
activated on a computer, it copies its file to Windows System folder as MOUSEBM.EXE
and then starts the copied file as a service named Mouse Button Monitor. If
the backdoor fails to start its service, it tries to inject its code into the
Explorer.exe process.
Symantec reports mass mailing worm
Symantec has reported a mass mailing worm called W32.Zotob.C@mm.
It opens a backdoor and exploits the Microsoft Windows Plug-and-Play Buffer
Overflow Vulnerability. It gathers e-mail addresses from the Windows Address
Book and from other locations. The worm affects Windows 2000, 95, 98, Me, NT,
Server 2003 and XP. Symantec reckons this is a high threat security risk.
W32/Tilebot-F Spyware reported
Sophos has reported the W32/Tilebot–F Spyware worm.
It is an IRC backdoor trojan for the Windows platform. The worm spreads through
network shares and affects Windows. The W32/Tilebot-F includes functions to
carry out DDoS flooder attacks; silently download, install and run new software;
access the Internet and communicate with a remote server via HTTP; and steal
information from the PC including user account passwords from the protected
storage areas. It allows others to access the computer, steals information,
downloads code from the Internet, installs itself in the registry, and exploits
system or software vulnerabilities.
Trojan reported by CA
CA has reported a trojan named Win32.Mitglieder.DA. It is
a trojan that opens a backdoor on an infected machine (on different ports),
and acts as a SOCKS 4 proxy. It also periodically contacts Web sites with the
information pertaining to the infection. The main executable is 20,992 bytes
in size. This allows the trojan to run under the guise of the Window’s
process Explorer.exe. Additionally, the backdoor can be instructed to perform
varying tasks which includes changing the backdoor port number, updating the
trojan, downloading and executing files, uninstalling the trojan, executing
files on the infected computer, and downloading and executing files via a URL.
Vulnerability detected in Microsoft DDS Library
A vulnerability has been reported in Internet Explorer (versions
5.0, 5.5 and 6) which can compromise a vulnerable system. Customers who use
the initial release of Microsoft Visual Studio 2002 are at risk from this vulnerability,
and are encouraged to download a patch from the vendor’s site. An attacker
can create malicious files that could use the Microsoft
| Malware Top 10 |
| WORM _ZOTOB.I |
| WORM_MYTOB.JT |
| WORM_MYTOB.JU |
| WORM _ZOTOB.C |
| HTML_BINDSHELL.B |
| WORM_ESBOT.C |
| WORM _ZOTOB.F |
| WORM_BOBAX.AD |
| WORM_RBOT.CBR |
| WORM _ZOTOB.D |
| (Source: Trend Micro. |
| Period: August 16 to August 23) |
DDS Library Shape Control (Msdds.dll) to trick users into
visiting a malicious Web site. This Web site could then try and trick the user
into downloading and executing malicious software add-ons such as spyware. According
to Microsoft, later versions of the COM object that were included with Microsoft
Office 2003 and Microsoft Visual Studio .NET 2003 are not vulnerable.
|
