Jeg tror der et større hacker angreb i gang i øjeblikket.
- Weekly virus report -
Virus Alerts, by Panda Software (
http://www.pandasoftware.com)
Madrid, August 8, 2003 - This week's report looks at a Trojan called
Autorooter and two worms, Panol and Mimail.
Autorooter is a Trojan that uses a vulnerability exploit known as DCOM-RPC.
Whenever this malicious code finds a valid IP address, it connects to the
computer and checks if it can exploit this security flaw. If it can,
Autorooter uses the FTP server TFTPD.EXE to download a file containing a
backdoor Trojan called LOLX.EXE or DCOM.EXE. This file allows a hacker to
gain remote access to the affected computer and perform the following
actions, among others: reformat the hard drive, add new users, etc.
Autorooter spreads in a file called WORM.EXE, which reaches computers
through many different means (e-mail messages sent by malovent users, files
downloaded from the Internet, etc.). When this file is run, Autorooter
creates several files in the computer, including RPC.EXE, which is the file
that exploits the DCOM-RPC vulnerability.
Panol is a worm with destructive effects that spreads via e-mail in a file
called VIRUS_BLOCK.EXE, which is attached to a message with the subject:
"Protects against viruses, worms, Trojan & hackers". When this malicious
code is run, it ends processes belonging to several antivirus programs and
security applications.
This worm formats the C: drive when the affected computer is restarted.
Panol also changes the home page of Internet Explorer and, on September 2
and September 11, it displays a message on screen.
Panol sends itself out via e-mail to all of the contacts in the Outlook
Address book. In addition, it searches for e-mail addresses in all the files
with an ASP, HTM or HTML extension.
We are going to finish this report with Mimail, a worm that does not have
any destructive effects, which spreads via e-mail in a message with clearly
defined characteristics. Mimail tricks the user into thinking that the
message has been sent from the mail server administrator. In addition, in
order to run its code in the local zone of the effected computer, this
malicious code exploits the following vulnerabilities: Internet Zone, an
Internet Explorer vulnerability and MHTML, an Outlook Express vulnerability.
For further information about these and other viruses, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/
Additional information
- Format: Define the structure of a disk, removing any information that was
previously stored on it.
- Vulnerability: Flaws or security holes in a program or IT system, and
often used by viruses as a means of infection.
More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx
NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
To unsubscribe from Virus Alerts:
Send a message to the following address: virusalertscom-SIGNOFF-REQUEST@virusalerts.pandasoftware.com
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
Mane9933