Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

Sophos reports on Troj/Lewor-O and Troj/Bancban-JW

Troj/Lewor-O Trojan affects the Windows platform and has an alias Trojan-Downloader.Win32.Delf.aaz. The Trojan when downloaded installs and runs new software.

Troj/Bancban-JW also known as Trojan-Spy.Win32.Banbra.df is an Internet banking Trojan affecting the Windows platform. It can access the Internet and communicate with remote servers via HTTP and send notification messages to remote locations.

Explorer vulnerability– ‘Window ()’ execution

A vulnerability has been reported in Internet Explorer that can be exploited by black hat hackers. Certain objects are not initialised correctly when the ‘Window()’ function is used with the ‘<body load>’ event. This permits the execution of an arbitrary code on a vulnerable browser by means of a specially-crafted JavaScript code called directly when a site has been loaded.

Trend Micro reports BKDR_BREPLIBOT.N and WORM_AIMDES.E

BKDR_BREPLIBOT.N a memory resident backdoor application arrives as an attachment to mass-mailed e-mail. It can be downloaded from the Internet or dropped by a malware programme.

It runs a command to bypass the firewall settings of affected systems that otherwise block it. This backdoor application connects to an Internet Relay Chat (IRC) server using a random port and joins a specific channel allowing it to listen to commands from a remote, malicious user.

WORM_AIMDES.E spreads through instant messaging networks. Once executed, this memory-resident worm spreads through AOL Instant Messenger and sends messages to other users listed on a user’s AIM list. It opens several ports and comes with its own Internet Relay Chat (IRC) client engine. The worm also launches ping-flood attacks, which can compromise network traffic and slow down system performance.

Symantec reports SymbOS.Hidmenu.A

SymbOS.Hidmenu.A is a Trojan horse reported by Symantec. It drops corrupted files on to the memory card of a compromised device.

When the Trojan gets installed, it copies itself to a file Remove_MENU_1.0.sis. If the user opens this file, it displays a dialog to warn him that the application may be coming from an untrusted source and can cause potential problems. It then shows a message that prompts the user to install files, which in turn get installed to the memory card. The Trojan can copy these files to disable the Symbian application menu.

Sober worm affects Microsoft Webmail services

A variant of Win32/Sober.Z@mm has inundated Hotmail and MSN servers leading to delays in e-mail delivery. Internet service providers may have problems delivering e-mail to Hotmail and MSN accounts. Microsoft has announced that although delayed, e-mail is getting through. Sober was first spotted two years ago, it compromises Windows PCs and uses them to launch scads of spam overloading servers and affecting network performance.