 |
|
|
| News archive about antivirus software, virus threats, trojans |
|
October 2004
Bagle's new variant ready to open ports 81 and UDP -- Posted by Igor_Donchenko on Saturday, October 30 2004
Bagle worm, which had caused havoc in the Internet World has once again hit the Internet community with its latest variant, Bagle.AS. Bagle.AS arrives as an email attachment with one of the following subject lines:
Re:
Re: Hello
Re: Thank you!
Re: Thanks :)
Re: Hi
And carries an attachment titled Price, price, Joke, with an extension .exe, .scr, .com, .cpl.
Bagle.AS harvests email addresses from the local disk. It then uses own SMTP engine to send out infections. The messages sent out have spoofed sender address. While constructing the spoofed sender's address Bagle.AS ignores addresses, which contain the strings like: @hotmail, @msn, @Microsoft, kaspadmin, cafee etc.
The worm locates the folders containing "shar" and copies itself on the user's system using one of the following names: - ACDSee 9.exe
- Adobe Photoshop 9 full.exe
- Ahead Nero 7.exe
- Kaspersky Antivirus 5.0
- KAV 5.0
- Matrix 3 Revolution English Subtitles.exe
- Microsoft Office 2003 Crack, Working!.exe
- Microsoft Office XP working Crack, Keygen.exe
- Microsoft Windows XP, WinXP Crack, working Keygen.exe
- Opera 8 New!.exe
- Porno pics arhive, xxx.exe
- Porno Screensaver.scr
- Porno, sex, oral, anal cool, awesome!!.exe
- Serials.txt.exe
- WinAmp 5 Pro Keygen Crack Update.exe
- WinAmp 6 New!.exe
- Windown Longhorn Beta Leak.exe
- Windows Sourcecode update.doc.exe
- XXX hardcore images.exe
This variant of Bagle listens on TCP port 81 and a UDP port.
MicroWorld warns the Internet Users to take a suspicious look on any such files found on their systems, as the worm once downloaded on the system would terminate the security applications, making them fall prey to the mal-intentions of cyber criminals.
Source: http://www.mwti.net
|
Spyware/Spydeleter, malware that tries to blackmail users online -- Posted by Igor_Donchenko on Thursday, October 28 2004
Over the last few days, some media -such as USA TODAY- has reported a civil lawsuit filed in the USA against Stanford Wallace, known as the Spam King, ordering him to disable a malicious application -Spyware/Spydeleter- that blackmails users into paying to remove the application from their computers.
Spyware/Spydeleter is a script that can download up to nine spyware programs to the computer. It is also installed on users computers when they visit web pages, either through links or Java scripts that do this automatically.
Once it has reached the system, Spyware/Spydeleter downloads the spyware programs through FTP connections. Similarly, it creates several processes and leaves them memory resident. These processes have names like sd.exe or sd3.exe and ensure that the script is running at all times.
Finally, Spyware/Spydeleter creates several entries in the Windows Registry. The most visible symptom of these entries is that they change the home page of Microsoft Internet Explorer for another page warning the user that the computer could be infected by spyware. This page also includes a link where the user can supposedly find help to clean the computer. If the user clicks on this link, a page opens from which the application Spy Deleter is downloaded, which will remove the spyware from the computer for the "modest" price of 29 dollars. The situation is made worse by the fact that Spy Deleter has apparently been programmed by the same person that created and distributed the malicious script.
What's more, affected users may also find that two links called Click to Remove Spyware and Remove Spyware Now have been created on their desktop which point to this purchase page.
According to Luis Corrons, head of PandaLabs, "it could be said that this is the start of a new era for malware, in as far as many of the authors of these kinds of programs are not just trying to prove that they can create damaging code better than the rest, but are trying to make a profit out of doing so. The number of fraud attempts through phishing is growing and many Trojans are circulating that try to steal confidential data, above all, bank account details. Now more than ever, it is vital to take precautions in the Internet, especially as they can hit where it most hurts: users' pockets."
However, while this lawsuit is settled, computers could be affected by this malicious script. Panda Software recommends users to take precautions when they browse the Internet and to keep their antivirus updated.
Source: http://www.pandasoftware.com
|
Panda Software reports the appearance of Famus.B, a new worm that exploits the conflict in Iraq to spread. The email carrying Famus.B tries to trick the user into believing that it contains a file with photographs of events occurring in this country -- Posted by Igor_Donchenko on Thursday, October 28 2004
PandaLabs has detected a new worm called Famus.B, which uses so-called social engineering techniques to spread to users' computers. Famus.B spreads via email in a message in English and Spanish referring to the conflict in Iraq. To be more specific, it tries to trick users into believing that the file contains photographs of these dramatic events. This message has the following format:
Subject:
Iraq and the crime
Message body:
what is really happening in Iraq?
the pictures of the soldiers and prisoners in Iraq
foward this message.
everybody should know the truth.
The attached file, which actually contains the worm’s code, is called Iraq.scr. What’s more, the source code of this file contains the following message from the author of this malicious code:
Esta computadora ha sido infectada
por el virus LIBERTAD.
Como protesta por la violación del
derecho a la libertad de expresión en
Cuba.
En estos momentos toda la información de
su
disco duro esta siendo borrada
El Hobbit
If the user runs this file, Famus.B displays a false error message on screen with the text: File corrupted or bad format. The worm also sends itself out to all the addresses it finds in the files with a DOC, EML, HTM, and HTT extension on the affected computer. To do this, it uses an SMTP engine that it creates on the affected computer in the form of an OCX library file.
Finally, Famus.B creates an entry in the Windows Registry in order to ensure that it is run whenever the affected computer is started up.
Even though Panda Software's Tech Support services have not received any reports of incidents involving this worm, as it uses a current issue like the conflict in Iraq, this worm is likely to start causing incidents soon. For this reason, Panda Software advises users to take precautions and update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.
Source: http://www.pandasoftware.com
|
Pssst, Want to see David Beckham in the nude -- Posted by Igor_Donchenko on Sunday, October 24 2004
This time it is not the poor beleaguered David Beckham's fault. Now, hackers have sent thousands of messages on chat rooms and news groups, claiming that users can see pictures of the England football captain in a "compromising" position with a Spanish hooker by clicking a link.
When 'curious' users click on the link that they presume will show them the sleazy pictures, they will end up downloading a Trojan. Once the Trojan infects the computer then hackers can gain easy access the PC.
We spoke to Govind Ramamurthy, MD of MicroWorld Technologies Inc. He said 'of late, virus authors and hackers are using all means to stay ahead. With the advances in anti-virus software and increased awareness of viruses, these people are constantly evolving new means to spread viruses'.
He further added that the Trojan that is downloaded when the link to the images is clicked is called the 'Hackarmy' Trojan. This Trojan is a backdoor IRC type and first appeared in January 2004. After infecting a computer, it then logs on to a predefined IRC server and waits for backdoor commands from the hacker.
Govind also said that in the past, Hackarmy authors have used similar tricks to lure curious users into downloading the Trojan. They tried the same trick by claiming that Arnold Schwarzenegger and Osama Bin Laden had been found dead.
As for David Beckham, lets wait and see if his temperamental wife Posh Spice hands him a red card. Hackers really know how to catch David's (eye)balls.
Source: http://www.mwti.net.
|
Press release: Manage Computer Resources and Improve Security with WinTasks 5 Pro -- Posted by Igor_Donchenko on Wednesday, October 13 2004
Uniblue Systems has released WinTasks 5 Professional, a powerful Windows application that makes your PC more secure by monitoring the programs that are running, and making it easy to identify trojans and spyware. To supplement must-have applications such as firewalls and antivirus software, WinTasks 5 Pro protects your PC by helping you eliminate programs that run silently in the background and steal your resources, and even your confidential data.
New features in WinTasks 5 Pro include a searchable process library which gives you access to information about viruses and trojans, as well as information about the harmless processes that may be running on your computer. The new automatic update feature keeps both the program and the information in the process library up to date. The program also includes a Block list and an Allow list; these user-controlled lists let you custom select the programs which are allowed to run on your computer.
In a typical PC, there are 20 or 30 processes running, even if you're only using one or two of your favorite programs. While many of these processes are operating system programs, some of them might be spyware programs that are transmitting your private information to people who want to hurt you. Some of these processes could be trojans that are making your computer vulnerable to attack. Still other processes are leftover programs from software that you uninstalled months or years earlier.
WinTasks 5 Pro lets you monitor all of these processes, and identify which ones you want to keep, and which should be eliminated. With its intuitive scripts, you can create protection against new virus and worm attacks, even before your anti-virus definitions have been updated. WinTasks 5 Pro lets you identify and terminate any program, even if it is invisible in Windows' task manager.
In addition to protecting your computer, WinTasks 5 Pro also lets you tweak system performance by assigning priorities to tasks that are running. You can ensure that additional resources are allocated to important tasks, while less important jobs run quietly in the background.
While firewalls and anti-virus programs help to keep the bad guys from getting into your computer, WinTasks 5 Pro helps you identify and eliminate the intruders that have already gotten in. The program provides a wealth of real-time information, combined with simple explanations for thousands of processes. You can monitor CPU and memory usage, and even select the programs that Windows loads when it starts.
Whether you're a business person who wants to ensure that no trojans are transmitting your passwords or credit card information to the bad guys, a computer enthusiast who wants instant access to information about all possible Windows processes that might be running in the background, or a parent who wants an extra layer of protection to ensure that the kids haven't downloaded and installed spyware, WinTasks 5 Professional has the answers.
Source: www.liutilities.com
|
|
