Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
24 July 2006  
Untitled Document
Sections

Market
Management
Technology
Technology Life
Columns

Between The Bytes

Events

Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

Sophos reports Troj/Dloadr-ZM

Troj/Dloadr-ZM is a downloader trojan which will download, install and run new software without prior user notification. Once installed the trojan downloads the file to <System>\ server_.exe. The trojan, also known as Trojan-Downloader.Win32.Tiny.ag, affects the Windows platform.

Troj/Riler-S, a backdoor trojan that attacks the Windows platform, allows others to access the computer. Once installed it reduces system security and installs itself in the registry. The trojan may be contained in a Microsoft Word document, and dropped by an exploit.

Symantec reports Spyware.PrintMonitor

Malware Top 10
TROJ_MITGLIED.AF
TROJ_SMALL.DG
PE_GATTMAN.A-O
SYMBOS_SKULLS.AA
TROJ_NAKANI.A
TROJ_NANISTYL.A
TROJ_YABE.R
BKDR_ZAPCHAST.EH
WORM_STAC.C
WORM_OPANKI.AU

(Source: Trend Micro.
Period: July 1-8)

This is a spyware that monitors printer activity and affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. It creates a folder that is used to store copies of the documents being sent to the printer. It can log on to any printer in use, and can save documents being printed locally. It uses some basic rootkit technologies to run in full stealth mode, hiding its own folder and autorun registry key. It can also send logs periodically via e-mail or FTP to an e-mail account or FTP site configured by the user. According to Symantec, the security risk exists in two versions: a lite version called SpyArsenal Print Monitor that only logs printer usage, and a full version called SpyArsenal Print Monitor Pro that can log any printer use and can save the documents being printed locally.

W32.Jalabed.B@mm

Also reported by Symantec, W32.Jalabed.B@mm is a mass-mailing worm that sends a copy of itself to e-mail addresses gathered from a compromised computer. The worm also spreads through mIRC. It affects the Windows platform including Windows 2000/95/98/Me/NT/Server 2003/XP. Once installed it creates the IRC script file C:\mirc\script.ini, which causes mIRC to monitor all IRC channels that are being used. When a new user joins any of the monitored channels, the user is sent a copy of usefull.txt.exe through DCC.

Linux Kernel “prctl” Privilege Escalation Vulnerability

According to a report submitted on Secunia, a vulnerability has been reported in the Linux Kernel. The vulnerability can be exploited by malicious local users to bypass certain security restrictions or potentially gain escalated privileges. The vulnerability is caused due to improper handling of core dumps. This can be exploited to dump core files into usually restricted directories or potentially gain root privileges.

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.