Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
18 September 2006  
Untitled Document
Sections

Market
Management
Technology
Technology Life
Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

W32/Mobler-A

Sophos reports W32/Mobler-A, also known as Worm.Win32.Mobler.a and W32/Backdoor.NWK, a worm that attacks the Windows platform. It spreads by copying itself onto available network shares including floppies, fixed drives and USB devices. This worm gives crackers access to a compromised computer, drops additional malware, and reduces system security levels.

W32.Bustoy

Malware Top 10
WORM_DASHER.H
PE_LOOKED.BF
TROJ_DOWDEC.C
TROJ_MDROPPER.BP
TROJ_MDROPPER.AZ
TROJ_GOBRENA.V
WORM_WOMBLE.A
BKDR_HAXDOOR.IL
WORM_STRATION.BH
TROJ_DOWDEC.B

(Source: Trend Micro.
Period: August 28 to Sept 1)

Symantec has reported W32.Bustoy, a worm that propagates by copying itself to removable storage devices. It affects Windows 2000, 95, 98, Me, NT, Server 2003 and XP. When the worm executes, it copies locations like %UserProfile%, a variable that refers to the current user’s profile folder or %System%\mslogon.exe, a variable that refers to the System folder. It creates mslogon.exe and a hidden window.

Then it registers the following system-wide hotkey: Alt+Down. If it is unable to do this, it registers Alt+Up instead. This hotkey, which is a hidden feature, can be used to reveal the worm’s window, which is otherwise invisible. W32.Bustoy collects Windows messages listing new removable storage devices that are connected to an infected PC.

Troj/Bombka-K

Reported by Sophos, Troj/Bombka-K is a trojan that targets the Windows platform. It is capable of, among other things, spying on browsing habits, modifying the Internet Explorer settings, and harvesting e-mail addresses from infected computers.

Microsoft Security Bulletin Scam

According to a WebSense report, people are receiving an e-mail message that urges the immediate installation of a cumulative security patch for a “plug and play” vulnerability. Although the Microsoft patch number is similar to a previous alert that WebSense issued in June www.websense.com/securitylabs/alerts/alert.php?AlertID=228), the Web site and the code that gets downloaded and installed are quite different. Those visiting the site linked to the fake bulletin and running code from it end up with their systems infected with a password-stealing trojan.

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.