Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Weekly virus report

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU
 
Prisoner_Number_Six Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Oct-18-03 09:08 AM
Original message
Weekly virus report
Posted in GD as a public service.

The poster is not an employee of, or in any way associated with Panda Software.
---

Weekly virus report

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, October 17, 2003 - Today's virus report will focus on three Trojans -Esepor.A, Mafia.A and the 'K' variant of Istbar-, and a worm called Logpole.A.

Esepor.A is a Trojan that reaches computers in a file called TMKSRVL.EXE. When this file is run, this Trojan checks if there is an open connection to the Internet and, if there is, it automatically downloads and runs a file called XPINSTALL.EXE. This file creates and registers a dynamic link library called XPLUGIN.DLL, which is an Internet Explorer plugin, and goes memory resident when the user connects to the Internet through this browser. Esepor.A is easy to recognize, as it displays a pop-up ad with pornographic content.

The second Trojan in today's report is Mafia.A, which looks for password for Outlook Express mail accounts (SMTP, POP3 and HTTP-Mail) in the Windows Registry and obtains information on the hard disks, memory installed, operating system, user name, microprocessor, etc. In computers running Windows .NET Server/XP/2000/NT it also looks for passwords in the memory cache. This malicious code then sends out the information it has obtained via e-mail.

Istbar.K is a Trojan that when the user visits certain web pages, displays a message on screen prompting the user confirm if ActiveX code can be run on the computer. If the user clicks on Yes, the ActiveX code downloads and installs several spy programs and malicious dialers and displays advertising web pages with pornographic content. Istbar.K also adds a toolbar to Internet Explorer and changes the home page of this browser.

The last malicious code in today's report is Logpole.A, a worm that spreads through the peer-to-peer (P2P) file sharing program KaZaA. When it is run, this malicious code goes memory resident. Logpole.A is difficult to recognize, as it does not display any warnings or message that indicate that it has infected a computer.

For further information about these and other malicious code, visit Panda Software's Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia

Additional information

- Cache: This is a small section of the computer's memory.

- Dynamic Link Library (DLL): A special type of file with the extension DLL.

- Resident: A program or file is referred to as resident when it is stored in the computer's memory, continuously monitoring operations carried out on the system.

More definitions of virus and antivirus terminology at: http://www.pandasoftware.com/virus_info/glossary/default.aspx

NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
Printer Friendly | Permalink |  | Top
newyawker99 Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Oct-18-03 01:19 PM
Response to Original message
1. kick
Printer Friendly | Permalink |  | Top
 
Prisoner_Number_Six Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Oct-18-03 09:10 PM
Response to Original message
2. kick
One more for the heck of it...
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Thu Dec 26th 2024, 02:05 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC