Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
21 August 2006  
Untitled Document
Sections

Market
Management
Technology
Technology Life
Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

Malware Top 10
TROJ_MDROPPER.AY
TROJ_PPCRASH.A
WORM_KELVIR.DA
TROJ_DLOADER.DJL
BKDR_PISABOY.C
TROJ_BAGLE.AE
TROJ_MDROPPER.BG
TROJ_MDROPPER.BD
TROJ_WMFCRASH.D
TROJ_WIMAD.C

(Jul 27, 2006 to Aug 7, 2006.
Source: Trend Micro)

Trend Micro reports TROJ_WMFCRASH.D

This trojan is Trend Micro’s detection for a proof-of-concept Windows Metafile (WMF) that takes advantage of a vulnerability affecting systems running Windows XP and Server 2003. The vulnerability is caused by a page fault in the Application Programming Interface function CreateBrushIndirect, which occurs because of invalid pointer access. It is a zero-day exploit that is capable of remote code execution. Zero-day exploits are those wherein the unpatched vulnerability and its corresponding exploit code are released on the same day. Once the malicious .WMF file is opened, it launches a denial of service attack against the system process EXPLORER.EXE to restart or terminate it. This effectively renders Windows inoperable. After performing the routine, the trojan terminates itself.

Sophos reports W32/Sdbot-CNG

W32/Sdbot-CNG is a worm and IRC backdoor for the Windows platform.
It has aliases such as Backdoor.Win32.SdBot.gen. W32/Sdbot-CNG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. It allows others to access the computer and installs itself in the registry.

Sophos reports W32/Brontok-BG

W32/Brontok-BG is a mass-mailing worm for the Windows platform. W32/Brontok-BG sends itself to e-mail addresses found on the infected computer. It spreads through e-mail attachments. It turns off anti-virus applications, sends itself to e-mail addresses found on an infected computer, drops more malware, forges the sender’s e-mail address, uses its own e-mailing engine, installs itself in the registry and leaves non-infected files on the computer. Its aliases include Email-Worm.Win32.Brontok.o, W32/Rontokbro.gen@MM, Win32/Pazetus.C and W32.Rontokbro@mm.

Computer Associates reports Win32/Puper.FQ

Win32/Puper.FQ is a trojan that changes a user’s Internet Explorer homepage and default search page. It also monitors sites visited by the affected user. This variant has been distributed as a 29,184-byte Win32 executable. It is also known as Win32/ Puper.0nw!DLL!Trojan, Win32.Puper.FQ, Trojan.Zlob (Symantec), Trojan-Downloader.Win32.Zlob.yt (Kaspersky), and TROJ_ZLOB.AND (Trend).

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.