 |
|
|
| News archive about antivirus software, virus threats, trojans |
|
December 2003
Kaspersky Labs Releases Kaspersky Anti-Spam Personal for Beta-testing -- Posted by Igor_Donchenko on Monday, December 22 2003
Kaspersky Labs, a leading information security solutions developer invites all interested parties to participate in the beta-testing of our new product - Kaspersky®Anti-Spam Personal. Kaspersky Labs continues to provide users with innovative, high-end protection against the latest computer threats. Today, spam has emerged as the most prevalent cyber threat, as users worldwide are flooded with masses of unsolicited correspondence. Kaspersky Anti-Spam Personal filters unsanctioned correspondence in incoming email traffic on personal computers running under MS Windows.
Kaspersky Anti-Spam, acknowledged worldwide as a highly effective email filter for corporate networks, will now be available to home users, who will be able to take advantage of this unique system of comprehensive protection against spam. Kaspersky Anti-Spam Personal offers superior technology and a user-friendly interface. The program can function totally automatically, and therefore does not require any special knowledge from the user.
Kaspersky Anti-Spam Personal functions as an integrated module with MS Outlook 2000/2002 and MS Outlook Express. When the product is used with Outlook, all functions are accessed, though Outlook Express users access all of the core functionalities as well. Kaspersky Anti-Spam works in tandem with the above email applications filtering incoming emails based on an analysis of the letters' characteristics and also a unique system of linguistic analysis, which allows the solution to inspect the text of the letter, evaluate it and reject unwanted correspondence.
Kaspersky Anti-Spam Personal automatically downloads anti-spam database updates which are available on a regular basis. These updates are developed by linguists, thus ensuring reliable protection against the latest spamming techniques.
The terms and procedures for taking part in beta testing can be found here.
More active participants will be awarded free commercial versions of the programs upon their commercial release.
Source: http://www.kaspersky.com
|
Kaspersky Labs Strikes Another Blow Against Viruses -- Posted by Igor_Donchenko on Monday, December 22 2003
Kaspersky Labs presents Rapid Virus Response - a new technology for updating anti-virus databases.
Kaspersky Labs, an information security software developer, presents Rapid Virus Response. This new technology enables the user to automatically download updates for Kaspersky® Anti-Virus databases over the Internet every three hours. This significantly improves the level of protection against new virus outbreaks.
Up to 300 new viruses appear every day. Viruses are not constrained by geographical boundaries or time zones, and can spread throughout the world in a matter of hours. Therefore, the importance of updating anti-virus databases regularly in order to ward off new attacks cannot be overestimated. The new service from Kaspersky Labs - the release of regular updates every three hours - is a worthy counter move to new information security challenges.
The 'treatment modules', which contain information on how to protect against new malicious programs will be made available at midnight, 3am, 6am, 9am, 12 noon, 3pm, 6pm and 9pm GMT. The updates can then either be automatically or manually downloaded.
Unlike many other anti-virus companies, Kaspersky Labs conducts thorough preliminary testing of updates in order to rule out the possibility of false alarms generated by data which is known to be safe, and also to enable maximum compatibility with commonly used software and hardware. Testing is carried out on a pool of high-end test servers, with over 100 gigabytes of data. This ensures that updates will function reliably with all popular platforms and applications.
Along with regular updates, Rapid Virus Response also offers the user unscheduled additions for Kaspersky Anti-Virus databases. This offers a lightning fast reaction to new global outbreaks: protection against malicious programs is released within 30 minutes of virus activity being detected.
Kaspersky Labs has always been a leader in terms of the frequency with which the company releases anti-virus database updates. In 2000, it was among the first anti-virus companies to release daily updates, while other anti-virus manufacturers were updating their programs weekly at best.
'Over the past few months the intensity at which virus outbreaks appear has become much more frequent. Consequently, we had to release three or four emergency updates rather than the more usual two. The move to three-hourly regular updates therefore seems totally justified. The new system will be convenient for users of Kaspersky Anti-Virus throughout the world as it is not tied to a specific time zone', said Denis Zenkin, Head of Corporate Communications for Kaspersky Labs.
Source: http://www.kaspersky.com
|
European IT product goes head to-head with U.S. industry giants -- Posted by Igor_Donchenko on Monday, December 22 2003
Last months' figures taken from the French market research studies show a steady rise in retail sales for a Romanian-based firm's antivirus product. SOFTWIN's BitDefender Professional climbed steadily in the retail sales charts, going from fourth to second - where it is now - in a matter of months, and seems poised to top the chart and become the best selling software tool in France.
Bogdan Irina, Worldwide Sales & Mktg. Manager at SOFTWIN refused to comment on whether the recent wave of anti-American feeling in France is a factor in the US companies' slumping sales. Bogdan Irina did go on the
record saying "I wish to express my admiration for our French partners - Editions Profil - who made all this possible and also for our French customers, who can tell a good product when they see one, irrespective of what brand or nation makes it".
Irina denied rumors that SOFTWIN will go public, stating: "Our results would enable our owner to float or sell the company at great personal gain, but we are committed to a philosophy of customer care and gradual development, so this is not an option. The recent past has shown that the
market instability is detrimental to the software development process. We, as a company, try to see beyond the much-flaunted bottom line. We achieve quality partly because we aren't being pressured by shareholders to maximize profits at the expense of everything else, like other IT players are".
|
Christmas, malware and PC protection -- Posted by Igor_Donchenko on Friday, December 19 2003
Each year, the festive season brings a deluge of Christmas and New Year e-mail greetings and graphic applications. However, under this seemingly innocent disguise there may lurk some kind of malware, i.e. programs, documents or messages liable to have negative effects on IT systems. In addition, with more people spending time at home, it is also a period of increased recreational use of the Internet (chats, file downloads, browsing, etc.).
These factors all combine to make the holiday season a time in which computers are highly vulnerable to attacks by viruses, Trojans, dialers etc, without users knowing. For this reason, the safest option to avoid costly and unpleasant surprises from malware is to keep your guard up and follow the advise offered by Panda Software below: - Make sure you have a reliable protection solution -like those from the new Panda Software family of products- which as well as boasting the most advanced antivirus technology, include powerful systems for detecting and eliminating all Internet threats. To ensure thorough protection, the solution should have regular updates.
- Don’t run files attached to e-mails until you have scanned them with a good antivirus.
- Be careful when visiting web pages that are in any way dubious.
- Install the updates released by vendors to correct vulnerabilities in the most widely used programs.
- Don’t download programs from non-reliable Internet sites.
- Reject any unsolicited files in chats or newsgroups.
- Close ports with a personal firewall leaving open only those that are strictly necessary.
Source: http://www.pandasoftware.com
|
New Internet threats (VI): hacking tools -- Posted by Igor_Donchenko on Friday, December 19 2003
There is a common misconception that a hacker is some kind of computer genius who, with great diligence and tenacity, is capable of breaking into absolutely any IT system. The truth however, is a touch less romantic. As people have only recently started to become aware of the need to take security seriously and most users’ systems have been left completely unprotected, hackers have until now had a relatively easy task.
However, it was still necessary for hackers to have a basic IT grounding in order to successfully break into users’ computers. Ironically, at the same time as security systems have become both more widespread and more complex, the need for specialized IT knowledge to gain illegal access to computers has decreased. This has been due to the marked increase in use of the Internet, an ideal medium for cyber-delinquents to share everything from tales of their crimes to exploits for the latest Windows vulnerability.
Nowadays, there are even hackers dedicated to developing specific tools which they then pass on to all and sundry across the Internet. Users of these kinds of applications, who despite their limited knowledge can become hackers overnight, are known in hacking argot as "script kiddies".
The tools they use are known as hacking tools: programs that can be used by hackers for malicious ends, such as taking remote control of computers, accessing confidential information, launching denial of service attacks, scanning ports, etc.
Hacking tools are not necessarily designed with malicious use in mind and are, on occasions, created for legitimate purposes. However, hackers often try to insert these tools illegally on victims’ computers in order to gain remote access. Viruses are sometimes used to this end by infecting a computer and then downloading one of these tools, spreading them via instant messaging, chat or e-mail, etc.
Source: http://www.pandasoftware.com
|
Kaspersky Labs Starts Beta-Testing Kaspersky Anti-Virus for Windows Desktops -- Posted by Igor_Donchenko on Friday, December 19 2003
Kaspersky Labs, a leading information security software developer, announces beta-testing of a new anti-virus security system specially developed for computers working under Windows: Kaspersky® Anti-Virus for Windows Desktops.
The program package offers a wide range of functions, providing complete anti-virus protection for personal computers. Kaspersky Anti-Virus for Windows Desktops intercepts all possible sources of virus infection - portable and fixed data carriers, electronic mail and Internet protocols. The program can function in two modes. The first mode provides constant active protection, when all data executed, opened or saved is checked. The second mode is activated either automatically or on user request. In this case, the computer as a whole is scanned, and suspicious objects neutralized, with individual elements ranging from portable data carriers to individual files and directories also being scanned.
Use of Kaspersky Anti-Virus ensures that system functioning is maintained even during a virus attack. The system of anti-virus scanning and neutralization of infected email elements means that incoming and outgoing mail is cleared of viruses in real time. If necessary, the user can also scan the email bases of a variety of mail systems. Automatic updates of the anti-virus database ensure that the computer is protected even from the most recent types of malicious code. Updates are issued by Kaspersky Labs every three hours.
When a suspicious object is detected, the user can move it to a special 'quarantine' folder. Files placed in quarantine can be treated, deleted, the original data can be retrieved in the source directory or sent to Kaspersky Labs for analysis. In addition to the above, it is possible to create a backup copy of any file before processing any infected or suspicious object for easy subsequent retrieval of data.
Kaspersky Anti-Virus for Windows Desktops offers the user a range of functions to simplify work with the program. The program provides set-up and user recommendations, which are always accessible via the main program window.
All statistical data is clearly presented in a detailed log. The log presents the results of the scan, including information on the number of objects scanned, the order in which they were scanned, the way in which each individual object scanned was dealt with.
The beta testing version of Kaspersky Anti-Virus for Windows Desktops includes a built-in utility which automatically detects and describes all failures which occur during program use. This auxiliary program, specially included for ease of beta testing, allows all parameters of the computer on which testing is carried out to be entered into a special register, and includes a special system for the description of program deficiencies.
Find out about the conditions of the beta-testing program and how to participate here. The most active participants will be presented with the commercial version of the program on its release.
Source: http://www.avp.ru
|
FTC Chair to Discuss Anti-Spam Bill Today on Ask the White House -- Posted by Igor_Donchenko on Tuesday, December 16 2003
WASHINGTON, DC-Federal Trade Commission Chairman Tim Muris will appear on "Ask the White House" today at 11:00 a.m. to discuss the anti-SPAM bill. The online chat takes place at www.whitehouse.gov/ask.
The bill would establish a framework of administrative, civil, and criminal tools to help America's consumers, businesses, and families combat unsolicited commercial e-mail, known as spam.
"Ask the White House" is an online forum which gives people an opportunity to correspond with White House and administration officials via the White House web site.
White House Chief of Staff Andy Card kicked off the inaugural online forum in mid-April. Since that time, online visitors have chatted with cabinet secretaries, senior administration officials, and behind-the-scenes professionals at the White House.
Source: http://http://www.whitehouse.gov
|
November Evil Top Ten from BitDefender -- Posted by Igor_Donchenko on Tuesday, December 16 2003
SOFTWIN, a leading provider of security related software and services today released its monthly listing of the top ten viruses reported for November 2003. The report, denominated the "Evil Top Ten", is based on the number of virus occurrences confirmed through BitDefender Response Team tracking.
As you can see below, November did not bring new entries and the August Blaster virus outbreak remains the number one story, leading the evil parade this last month:
| Ranking | Virus Name | Percentage | | 1 | Win32.Msblast.A | 21,82 | | 2 | Win32.Parite.B | 16,6 | | 3 | Backdoor.SDBot.gen | 9,78 | | 4 | Win32.Worm.Welchia.A | 9,53 | | 5 | Win32.HLLP.Hanta.A | 9,07 | | 6 | Win32.Sober.A@mm | 7,59 | | 7 | Win32.Swen.A@mm | 7,03 | | 8 | Win32.P2P.Tanked.B | 6,6 | | 9 | Win32.Msblast.B | 6,15 | | 10 | Win32.BugBear.B@mm | 5,78 |
Mimail saga offered an interesting show throughout November, but it still didn’t manage to make its way into the Top 10. It looks like it’s not going to star our December issue either, as the worst has already passed: Mimail versions still infect users over the world, but things have settled down.
Source: http://www.bitdefender.com
|
Top Ten viruses most frequently detected by Panda ActiveScan in November -- Posted by Igor_Donchenko on Tuesday, December 16 2003
According to the data gathered by Panda ActiveScan, Panda Software's free online scanner, Bugbear.B once again heads the monthly worldwide list of the most virulent malicious code. This worm, which first appeared over a year ago, was identified as the culprit in more than 6 percent of cases in which ActiveScan detected virus activity.
The tenacity of Bugbear.B is largely due to its ability to spread massively by e-mail, and the way that it exploits a vulnerability in Internet Explorer to run automatically.
Another worm, Blaster, also exploits a vulnerability, this time in Windows, in order to infect victims' computers. This technique has seen Blaster, responsible for almost six percent of infections, rise from third to second place in the ranking over the last month.
In third place is the polymorphic Parite.B (5.58%), a virus which uses a number of different infection methods, and which has regularly appeared in the Top Ten list over the last few months.
Gibe.C, responsible for over four percent of infections, is fourth in the ranking. This malicious code also exploits a security flaw in order to run automatically simply when the message is viewed in the preview pane. The main danger of this virus lies in its ability to terminate security applications installed on the victim's machine, leaving it vulnerable to consequent attacks.
Next comes one-time leader of the ranking, Klez.I (4.21%), which by using 'social-engineering' and vulnerability exploits has consistently been one of the most virulent malicious codes for the last year and a half.
Sixth and seventh positions are held by two variants of Blaster: Blaster.E (3,67%) and Blaster.C (3,4%), both of which are similar to the original.
This month's ranking is completed by PSW.Bugbear and the Sober.A and Enerkaz worms, all responsible for around three percent of positive cases.
The obvious conclusion of this month's Top Ten is that many computer users still haven't applied the security patches to remedy the vulnerabilities exploited by malicious code. For this reason, Panda Software once again advises users not only to keep their antivirus software updated, but also to be aware of the latest news regarding security problems, and therefore be able to apply the solutions.
| Ranking | Virus Name | Percentage | | 1 | W32/Bugbear.B | 6.16 | | 2 | W32/Blaster | 5.82 | | 3 | W32/Parite.B | 5.58 | | 4 | W32/Gibe.C.worm | 4.25 | | 5 | W32/Klez.I | 4.21 | | 6 | W32/Blaster.E | 3.67 | | 7 | W32/Blaster.C | 3.40 | | 8 | 3.40 | 3.03 | | 9 | W32/Sober.A.worm | 2.79 | | 10 | W32/EnerKaz | 2.63 |
Source: http://www.pandasoftware.com
Kaspersky Labs presents the Virus Top Twenty for November 2003 -- Posted by Igor_Donchenko on Tuesday, December 16 2003
| Position | Change | Virus Name | Percentage by Occurrence |
|---|
| 1 | New | I-Worm.Mimail.c | 34.57% | | 2 | New | I-Worm.Mimail.g | 15.16% | | 3 | - 2 | I-Worm.Swen | 13.01% | | 4 | + 2 | I-Worm.Sober | 12.14% | | 5 | - 2 | I-Worm.Mimail.a | 4.95% | | 6 | re-entry | I-Worm.Klez.h | 2.18% | | 7 | re-entry | I-Worm.Lentin.m | 1.91% | | 8 | re-entry | I-Worm.Dumaru.a | 1.25% | | 9 | re-entry | I-Worm.Lentin.g | 1.12% | | 10 | New | I-Worm.Mimail.h | 0.97% | | 11 | - 3 | I-Worm.Sobig.f | 0.86% | | 12 | New | I-Worm.Hawawi.g | 0.73% | | 13 | New | I-Worm.Mimail.e | 0.67% | | 14 | - 12 | I-Worm.Tanatos | 0.53% | | 15 | New | I-Worm.Mimail.f | 0.45% | | 16 | New | I-Worm.Mimail.j | 0.42% | | 17 | re-entry | I-Worm.Lovelorn.a | 0.38% | | 18 | - 14 | Worm.Win32.Lovesan | 0.36% | | 19 | - 7 | Backdoor.Agobot.3.gen | 0.33% | | 20 | - 14 | Backdoor.SdBot.gen | 0.18% | | Other Malicious Programs* | 7.84% | | * not included in the Top Twenty |
November's list of the 20 most widespread viruses is marked by the appearance of several new variations of the Mimail network worm, most notable is I-Worm.Mimail.c which heads the chart with 34.57% of all registered incidences. Six new modifications of Mimail made the top twenty in November, and altogether accounted for nearly 62%. This dominating performance is the result of the code from the Mimail family's first variant being published on the Internet.
Mimail managed to crowd the previous month's leader, I-Worm.Swen, down to third place, while the undisputed leader for 2003, Sobig.f, slid down to 11th place. Making their return to the stage are 'old friends' Klez and Lentin.
Other worms making their return to the Top Twenty are Dumaru and Lovelorn, with Dumaru.a quickly taking 8th position.
Boldly moving up two spots is the German worm, Sober, which now maintains fourth place.
November saw Trojan programs lose considerable ground with only two malicious programs of this type (backdoor utilities used to gain unsanctioned access) - Agobot and Sdbot, filling the final two spots and dropping 7 and 14 places respectively from the previous month.
For November, Internet worms virtually monopolized the virus statistics, allowing Trojan programs a bit more than one half of one percentage point, while computer viruses were knocked completely off the list.
Source: http://www.avp.ru
|
New mass mailer looks at the world through a fur seal's eyes -- Posted by Igor_Donchenko on Monday, December 15 2003
Virus Alert Service of DialogueScience, Inc. informs on a new mass-mailer appearance. The new threat is added to the virus definition database of Dr.Web® anti-virus program under the name of Win32.HLLM.Generic.264 (known as Scold with other anti-virus vendors). The executable module of the worm is written in a high-level programming language Microsoft Visual Basic and is packed with UPX compression utility. Its size is 28,160 bytes.
The new aggressor disseminates through the Internet using Microsoft Outlook. Its further mass propagation is made to all the addresses found in MS Outlook address book and files with *.HT* extensions.
The worm may arrive to your computer as a randomly named file with an .SCR extension. The subject of the message - When It's Cold Outside She Gives Me Warm Inside - may be supplied with :RE or :FW, which creates an impression to recieve a reply to your own message or a message spicially forwarded to you.
While inviting to admire a picture concealed in the attached file - Enjoy this great picture - the originator of the worm also tries to make the message look more trustworthy and adds the following strings to the message body:
============= Free Online Virus Scan =============
100% VIRUS FREE
No viruses or suspicious files were found in the attached file.
When the attachment is executed – if launched by an unwary user - the worm displays a photo of a little fur seal, drops its own copy named WARM.SCR to the Windows folder and points to this copy in the autostart registry entry thus securing its automatic launch at every system restart.
Source: http://www.antivir.ru
|
EU ban on spam e-mails -- Posted by Igor_Donchenko on Thursday, December 11 2003
New European laws banning spam e-mails have come into force.
It is now a criminal offence to send unsolicited commercial e-mails or text messages unless the recipient has agreed in advance to receive them.
Firms that continue to send spam face hefty fines and, in certain circumstances, can be sued by the recipients, under the new EU regulations.
The Government described the law as a "step in the right direction" in the fight against the millions of unwanted messages that clog up e-mail servers around the country.
But junk mail is expected to continue to deluge British e-mail accounts as most of it originates from outside the EU.
Firms using tracking devices such as "cookies" on their websites will also have to tell users and provide an opportunity to reject them.
Businesses which have established relationships with their customers are exempt from the new laws, in an attempt to ensure that business-to-business e-marketing is not affected.
Companies or individuals that break the laws can be reported to the office of the information commissioner, which has powers to take them to the courts.
In the first instance, magistrates can levy fines of up to £5,000. The organisation can also be referred up to trial by jury, where there is no limit to fines.
Spam now accounts for an estimated 50% of global e-mail traffic, compared with 8% two years ago.
|
New Internet threats (V): jokes -- Posted by Igor_Donchenko on Thursday, December 11 2003
Some can be funny or used to play a prank on friends. They appear to be harmless, but appearances can be deceiving. They are jokes; small programs that simulate that a virus is attacking a computer.
However, jokes are dangerous; in fact they are classified as malware ('any programs, documents or messages that can have detrimental effects on computers').
But what makes jokes dangerous? Even though they do not cause any real damage to computers, such as eliminating data, or sending out spam, etc., jokes can wreak havoc.
There is a well-known joke that, when it is run, displays a screen that shows the content of the files stored on the hard disk of the computer. Then, a message like the following is displayed: 'The hard disk will be formatted, do you want to continue?: Y/N'.
Imagine a user in a state of panic frantically pressing the 'N' key. It makes no difference which key the user presses, a new window is displayed that indicates that the C: drive is being formatted, and all the user can do is sit there and watch as the files on the hard disk disappear.
Of course, this is not actually happening, but the user doesn't necessarily know this. Users who have been tricked by the one of these jokes before will realize that their data is safe and will not react, but what about users that don't know that it is a joke and believe that it is actually happening? In this case, they could quickly switch off their computer and go off in search of help. If nobody is around to help, they could even run off to the nearest computer repair service.
The result: possible loss of data or system configuration as a consequence of shutting down the computer incorrectly, or a bill to pay… and all for nothing.
Even if this happens in a company, the user would probably contact the systems department and insist they send someone straight away. And it is even possible that the user's colleagues will switch off their computers or disconnect them from the network to prevent the same from happening to them. All in all, this results in loss of time and productivity.
But it doesn't end there, if the technician doesn't realize what has happened, a lot of time could be wasted looking for the problem, or restoring the settings of computers that have been incorrectly disconnected.
Yes, jokes are also malware.
How to protect against jokes
The safest option is not to open unsolicited e-mail messages, as this is usually how jokes reach computers. If you know that you have received a joke, don't forward it to other users.
Source: http://www.pandasoftware.com
|
New Internet threats (IV): the dangers of IRC: nuke and flood attacks -- Posted by Igor_Donchenko on Monday, December 8 2003
IRC (Internet Relay Chat) is one of the most commonly used services by Internet users around the globe. This chat system has become much more popular than anyone expected and is now used by millions of users every day to chat in real-time, with others around the world.
There are thousands of IRC chat channels worldwide, specialized in all most all hobbies, professions and topics of debate. But unfortunately, everything has its disadvantages and that includes IRC. Since someone once had the grand idea that annoying other users could be fun, many others have joined in.
This is how the dangers of IRC came about and these dangers lie in the functioning of the service itself. When users run the IRC client, they are actually asking for permission to enter the IRC server, which contains the mechanisms of the system. This server validates users, prevents two users having the same nickname (alias used by each user to enter the chat), controls the number of users, etc.
At the moment, under certain circumstances the server can expel a user. This can happen when an IRC client sends a lot of information to the server in a short time and in order to avoid saturating the system, the server closes the connection.
This is the basis of IRC attacks. Below is a description of the most common types of attacks:
- Nuke: An IRC nuke attack immediately eliminates a user from an IRC channel. This attack consists of sending false data packets to the user’s IP address, so that the user’s system responds by sending a large amount of information to the IRC server and as a result, the IRC system expels the user. There are different types of nuke attacks, although the most well-known are ICMP (or Denial of Service –DoS-). These are the most common attacks launched through IRC, as there are many tools available on the Internet for launching these attacks.
- Flood: This kind of attack is similar to a nuke attack, but as they are less effective they are not used as much. A flood attack consists of sending large amounts of information to the target computer, so that when it replies, it exceeds the information flow limit allowed by the server.
More and more viruses are also using IRC to allow hackers to gain access to computer systems. An example is a type of Trojan that, when it is installed on a computer, connects to certain IRC channels, where it waits for commands from the author of the Trojan.
How to protect yourself when using IRC
As nuke and flood attacks are based on sending large amounts of information to a computer, they can be avoided using hardware or software-based firewalls. By doing this, if the firewall detects that an unusual data flow is being sent to the computer, it will block the corresponding port.
However, the best way to fight virus attacks is to install an updated antivirus program.
Source: http://www.pandasoftware.com
|
New variant of Win32.HLLM.Foo worm targets anti-spam sites -- Posted by Igor_Donchenko on Thursday, December 4 2003
Virus Alert Service of DialogueScience, Inc. informs on emergence of a new Foo mail worm variant detected as Win32.HLLM.Foo. Its appearance is one more proof the spammers launched a serious struggle against anti-spammer web-sites, which collect and distribute lists of unprincipled Internet providers indulging distribution of unsolicited commercial mails from their servers. The main stroke of the new modification is aimed at web-sites www.spews.org, www.spamhaus.org and www.spamcop.net. As well as a reputed cyber security web-site, which is also on the list of hosts the computers infected with the worm have to launch a DoS-attack.
The new sibling, known also as Win32.Mimail.L, affects computers running under Windows 95/98/Me/NT/2000/XP. As all previous variants it disseminates via e-mail using its own SMTP engine. It stores the addresses harvested in the infected computers, to which it spreads itself, in the file XU298DA.TMP. It spoofs senders' addresses from the list within its body, so they are not actual addresses the worm has been distributed from. Due to the bug in the worm's code it fails to proper spread, as it does not always attach to generated mail messages its viral copies, which considerably decreases its damaging potential.
The worm may arrive enclosed into a mail message with the attachment name WENDY.ZIP. Inside the archive there is an ordinary executable file with a double extension, one of them being .JPG. The size of the program module of the worm, UPX-packed, is 11,296 bytes. The text accompanying the message offers CDs of dubious nature.
The worm drops two of its copies to the Windows folder - XU39REU.TMP and SVCHOST32.EXE, as well as a copy of its archived attachment. Its main payload is supposed to launch DoS – attacks against several anti-spammer web-sites.
Source: http://www.antivir.ru
|
A criminal bunch of spam and viruses -- Posted by Igor_Donchenko on Tuesday, December 2 2003
More than 58% of all unsolicited advertising mail messages – spam - are generated in the USA. This country, as well, falls its greatest victim, which is not surprising at all, taking into account the tremendous potential of its consumer market, the high level of computerization of its population, development of on-line payment systems and the habit, which has already become customary, to shop without leaving houses. A much more decent place in the spam generating countries chart, 5% on average, is occupied by China and Great Britain, Brasil accounts for approximately 5% of global spam.
It is beyond any doubt, that the spam volume will steadily grow and reach its peak in December – the industry will not miss its chance to derive maximum profits from the train of forthcoming Christmas and New Year holidays. Apart from network traffic looses for undesirable incoming of which we pay, and degrade of system performance, spam also brings huge wastes of employees' labour productivity. Besides, one more negative trend connected with spam gives rise to fears among computer security experts.
If just a year ago the words "spam" and "computer viruses" were perceived by many as different notions far apart from each other, the tendency of last months definitely shows, that these two notions purposefully move to meet each other. On the one hand, spam dispatches are more and more often used by virus originators for mass distribution of malicious programs. On the other hand, the technologies of illegal penetration into users’ computers, implemented in mail and internet worms, become incredibly cutie pies for those who would wish to wrap the world up with a net of anonymous mail servers for the spam dispatch. The most vivid example of such symbiosis present mail worms from the Reteras family, also known under the name of Sobig (for news on these worms visit our site). Another obvious proof of the trend originates from the Foo viral family (aka Mimail), some of which were created also for attacks aginst anti-spammers web-sites, Spamhaus.org for example. Such web-sites collect information on unprincipled ISPs, which servers distribute spam and mail bombs, and enter them on black lists. Quite often a procedure of checking for presence of the affected computer in such a list is provided in the code's design.
There is also a rapid growth, especially on the threshold of coming festive occasions, of distribution of malicious programs inside greeting cards. This year is not an exception and several Trojans have already been spotted distributing ill-intentioned codes disguised as messages from greeting cards services, www.123greetings.com for example. If you open such "congratulation" mail the Trojan, which executable module resides inside the attachment, would open a random port on your computer and wait for remote instructions from its creator. Very often such programs steal and dispatch to its masters various system information or just send a notification about the successful infection and its opening to external intrusion.
We can and must fight against spammers. Though, sometimes it comes to funny things. A real cyberwar has been declared to American spam company Customerblast.com by three Dutch web-sites Retecool.com, Volkomenkut.com and Bastard-inc.com after the first of them had been attacked by a mail bomb which brought the site to a halt for some hours. In reply a powerful DOS-attack launched against Customerblast.com almost paralyzed it for some time. The answer was not in coming and in the afternoon, last Friday all three sites sustained a real storm orchestrated by spammers. But the attack fizzled and the second repost of Dutch completely crushed American spammers and they could not have recovered for almost three days.
Spam can make anyone hopping mad. This was demonstrated by an incident occurred the other day with Clifornian programmer from Silicon Valley. Driven to despair by pressing offers to improve one of his organs a 44-year old programmer inundated employees of Canadian spammer company DM Contact Management with menacing mails. Exasperated poor fellow promised to "disable" one employee with a bullet, then torture him with an ice pick and power drill. If these actions will not produce desirable effect he promised to take other employees prisoners and perform a known operation, if his mailing address would not be excluded from their mailing lists. To prove his menace is not a joke he also chose a threatening return mail address, which sounded as Satan@hell.org. The ill-starred programmer face now 5 years in jail and $250,000 penalty.
Source: http://www.antivir.ru
|
|
