Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

W32/Sober.r@MM!M-151

McAfee AVERT has raised the risk assessment to medium on the recently discovered W32/Sober.r@MM!M-151 also known as Sober.r. The worm spreads through e-mail as a .zip file attached to e-mail with the name ‘PW_Klass.Pic.packed-bitmap.exe.’ It sends itself to addresses found on the victim’s machine. Depending on the version of Windows, the message is either written in English or German.

More information can be found on vil.nai.com/vil/ content/v_136390.htm.

Multidropper is a trojan that affects the computer by dropping malware like Troj/Sibco.A and spyware/Omi. Sibco.A. It downloads and runs several files without the user’s knowledge. It stops the process of explorer.exe, which makes the Windows taskbar disappear.

Omi displays advertising through pop-up windows, when the user connects to the Internet and downloads to the affected computer several DLLs and other executable files from a certain web pages. It also updates itself by connecting to the Web site. It can install itself through floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer file sharing networks etc.

Win32.SilentCaller.V

Win32.SilentCaller.V is a trojan that modifies the RAS phone book and once installed, dials a phone number without the user’s knowledge or permission. It dials a specific number contained in its code. It does this by modifying the RAS phonebook from the following

location: ‘C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk.’ The trojan also displays a Web page using Internet Explorer that contains link to an adult site.

Viruses reported by Sophos

Sophos has reported a virus Torj/Agent-HW that is a backdoor trojan for the Windows platform. It downloads additional files from a remote site. The side effects include allowing others to access the computer, downloading codes from the Internet and reducing the system security.

Sophos also reported on W32/Mytob-EU worm, a mass mailing worm that spreads through e-mail attachment. The worm spreads by sending itself as an e-mail attachment to e-mail address it accesses from the affected computer. Once it sends itself as e-mail to the e-mail it uses a predefined list of names with the harvested domains.

E-mail sent by the worm generally has subject line like; your password has been updated/has been successfully updated/updated your password etc. some of the side effects of the worms are—it allows access to computer, forges senders e-mail address and uses its own e-mailing engine.

Symantec reports SymbOS.Skulls.N

According to reports from Symantec SymbOS.Skulls.N a trojan horse affects the Symbian series 60 phones and disables several applications on the device. It arrives as BTKEYBOARD_GENERIC.SIS or BTKBINSTALL.SIS and affects the local drive. SymbOS.Skulls.N after dropping files from the drive installs malicious files and drops a picture that says that the system has been damaged.

Beware of Trojan—TROJ_NETLOG.C

TrendLabs was able to intercept a malware through its handy dandy honeypot, which aims to appeal to the visual senses in order to attract target hosts. It cleverly uses images of one of the famous Hollywood stars around, Brad Pitt as bait.

The package arrives as a .zip file that contains a .jpg file along with an executable file with a filename of brad pit.exe. The image appears to be a teaser to entice the viewer into running the executable file. Once executed, the following image is automatically opened. Along with the display of the image, changes have been made in their systems. This is one of the more common social engineering techniques used by malwares in order to make themselves tempting to the users, at the same time hide their malicious intentions. Well, not the obvious malicious, but ‘malicious’ in the sense that changes in the host computers are already made discretely.

The file itself is not a mass-mailer, but a trojan, detected as TROJ_NETLOG.C. It is undeniable that Brad Pitt is hot as suggested by the mail, but as to who would be victimised and lured by this offer now lies on the hands of the recipients, depending on whether they’re using pure and simple common sense or not.