Posted in GD as a public service.
The poster is not an employee of, or in any way associated with Panda Software.
---
Weekly virus report
Virus Alerts, by Panda Software (
http://www.pandasoftware.com)
Madrid, October 31, 2003 - This week's report on malicious code will focus on three worms -Sober.A, Lohack.D and Sexer.B-, and two Trojans called Alof.A and Initsvc.D.
Sober.A spreads via e-mail in a message with a variable subject and message body, in either English or German. This worm sends itself out to all the addresses it finds in a large number of files on the affected computer using its own SMTP engine. The message includes an attached file that, when it is run, displays a false error message.
When Sober.A infects a computer it creates two memory resident copies of itself which are constantly running. If one of the processes associated to the worm is ended, the other will restart it, and if one of the copies is eliminated, the other will create a copy of the deleted file.
The second worm in today's report is Lohack.D, which spreads via e-mail, computer networks and the P2P file sharing program KaZaA. In order to trick users, it sends itself in messages in Spanish that seem to have been sent from the Spanish Ministry of Science and Technology or Panda Antivirus and refer to the Spanish law on Information Society Services and Electronic Commerce.
Lohack.D automatically activates when the message carrying the worm is viewed through the Preview Pane in Outlook. It does this by exploiting a vulnerability -known as Exploit/Iframe- that affects versions 5.01 and 5.5 of Internet Explorer and allows e-mail attachments to run automatically.
Today's third worm, Sexer.B, also spreads via e-mail in a message written in Cyrillic characters and includes an attachment called KAVUTIL.EXE. Sexer.B sends a copy of itself to all the contacts it finds in the Windows address book on the affected computer and changes the Windows wallpaper for a text with Cyrillic characters.
We are going to finish this week's report with Alof.A and Initsvc.D, two Trojans that allow hackers to gain remote access to computers, allowing them to perform actions that compromise user confidentiality and interfere with the user's work. Alof.A has been spammed in a message with an attached file called WMDVM.EXE. Alof.A connects to an IRC server and opens 24653.
For further information about these and other malicious code, visit Panda Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopediaAdditional information
- SMTP (Simple Mail Transfer Protocol): This is a protocol used on the Internet exclusively for sending e-mail messages.
- Spam: Unsolicited e-mail, normally containing advertising. These messages, usually mass-mailings, can be highly annoying and waste both time and resources.
More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspxNOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
