Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

Symantec reports Backdoor.sedepex

Backdoor.Sedepex is a Trojan horse that affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. The Trojan opens a back door on the affected computer, allows the attacker to have unauthorised access, and ends various security-related processes.

Once the Trojan infects the machine, it can allow the remote attacker to download and execute files, serve as a proxy server, send files via e-mail or FTP, and retrieve system information.

The Backdoor.Sedepex copies itself as %System%\ [RANDOM FILE NAME].exe and runs whenever Window restarts.

Sophos reports Troj/Bdoor-KS

Troj//Bdoor-KS reported by Sophos is a spyware Trojan. Once installed, it allows others to access the computer, steals information, installs itself into the registry, and downloads code from the Internet. Some of its functionality includes updates of its software, third-party software, and other malicious executables.

It is also known as Backdoor.Win32.Small.gv

Trend Micro reports Backdoor and WORM_RONTOKBRO.J

Trend Micro has reported a memory-resident backdoor malware which drops itself with the file name LSASS.EXE (also detected as BKDR_MOSUCKER.AI), into the Fonts folder. The program opens a random port and listens for incoming commands from a remote user.

The malware changes the Windows Hosts file by affixing a list of Web addresses and directs to the loopback address (127.0.0.1). Thus, affected users trying to access certain Web sites related to security companies get redirected to the local machine. It also has the alias W32/Generic.j

WORM_RONTOKBRO.J affects Windows ME/NT/2000/XP/Server 2003. The worm sends itself as an attachment to e-mail messages. It targets e-mail addresses from the affected computer with certain extensions. It avoids sending messages to addresses that can mostly be attributed to anti-virus and security companies.The worm also disables the folder options item in the tools drop-down menu from the main menu bar of Windows Explorer and control panel.

Secunia reports vulnerabilities in the Opera Mail Client

Secunia Research has discovered two vulnerabilities in the Opera Mail client which can be exploited to conduct script insertion attacks and to spoof the name of the attached files. The attached files are opened without any warnings directly from the user’s cache directory. This can be exploited to execute arbitrary JavaScript in context of ‘file://’.

Generally, filename extensions are determined by the ‘Content-Type’ in Opera Mail. However, by appending an additional ‘.’ to the end of a filename, an HTML file could be spoofed (For e.g. ‘image.jpg’). The vulnerabilities have been confirmed in Opera version 8.02; prior versions may also be vulnerable.