CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image Weekly Summaries: Weekly report on viruses and intrusions image
Viruses


Science is organized knowledge. Wisdom is organized life.
Immanuel Kant (1724 - 1804); German philosopher.

- Weekly report on viruses and intrusions -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, April 25, 2004 - This week's report on viruses and intrusions
focuses on four variants of Netsky -W, X, Y and Z-, two variants of Mydoom
-I and J-, the Zafi.A worm, Blaster.H, and a spam message designed to
download a Trojan to the computer.

The four new variants of Netsky are very similar to one another. They are
all designed to spread in files attached to e-mail messages with variable
characteristics.

The actions carried out by Netsky.W include deleting entries from the
Windows Registry that are generated when some variants of the Mydoom, Mimail
and Bagle worms attack computers. The X, Y and Z variants try to launch
denial of service attacks against certain web pages.

The I variant of the Mydoom worm spreads via e-mail in a message with
variable characteristics. This worm also launches Distributed Denial of
Service (DDoS) attacks against a web page.

As well as e-mail, Mydoom.J also spreads through the peer-to-peer file
sharing program KaZaA. A characteristic of this worm that can be highlighted
is that it uses a dynamic link library (DLL) which was also used by the
Bugbear.B worm and is detected by Panda Antivirus as Trj/PSW.Bugbear.B.

It is easy to know whether a computer has been infected by either of
Mydoom.I and Mydoom.J, as when they are run, they open Windows Notepad and
display junk data.

Zafi.A is a worm that spreads via e-mail in a message written in Hungarian,
which always has the subject 'kepeslap erkezett!'. This worm ends the
processes belonging to antivirus and firewall programs, among others,
leaving the computer vulnerable to attack from other types of malware.

Zafi.A stops spreading on May 1, 2004 and from this date on, it displays a
window on screen with a political message.

Like its predecessors, Blaster.H exploits a Windows vulnerability known as
'Buffer Overrun In RPC Interface' discovered last July. This worm can get
into computers that have not been correctly patched directly through the
Internet.

When Blaster.H reaches a computer, it creates a backdoor in one of the
communications ports, which it uses to carry out a large number of actions.

Finally, this week a spam message has been detected which tries to get
recipients to visit an advertising page and which also downloads a Trojan to
users computers.

The characteristics of the message are:

Sender: the name of the sender is variable, although it tries to make
recipients think it has been sent by the BBC or CNN.

Subject: Osama Bin Laden Captured,

Message text: Hey, Just got this from CNN, Osama Bin Laden has been
captured! Goto the link below to view the pics and to download the video if
you so wish: (Internet address) Murderous coward he is. God bless
America!.

The address indicated in the message takes users to what appears to be an
advertising page. However, the page actually contains code that exploits a
vulnerability (detected by Panda antivirus as Exploit/MIE.CHM). This code
downloads and runs a file (detected as VBS/Psyme.C). Finally, a file called
EXPLOIT.EXE, which contains the Trojan Trj/Small.B is downloaded from
Internet to users' computers.

For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Dynamic Link Library (DLL): A special type of file with the extension,
DLL.

- Backdoor: This can allow a hacker, for example, to enter and take control
of the affected system without the user realizing.

More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
Posted on Monday, 26 April 2004 @ 07:53:03 UTC by phoenix22 (1510 reads)
[ Trackback ]		image

"Weekly Summaries: Weekly report on viruses and intrusions" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· CNN.com
· Microsoft
· HotScripts
· W3 Consortium
· Spam Cop
· More about Viruses
· News by phoenix22

Most read story about Viruses:
Xupiter Virus!
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
97ppm 0.109s (0.006s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer