Weekly Report on Viruses and Intruders

By | October 13, 2006

This week´s report looks principally at the latest security bulletins released by Microsoft as part of its policy to publish security updates every second Tuesday of the month. These bulletins offer solutions for a range of errors and vulnerabilities in the company’s systems and applications. The report also takes a look at two malicious codes: Nedro.B and Haxdoor.NJ.

Microsoft has made ten security bulletins available to users. These address vulnerabilities rated as “critical” (six), “important” (one), “moderate” (two) and “low” (one) according to their severity:

* MS06-056: Fixes a vulnerability (cross site scripting) in servers with .Net Framework 2.0. This flaw has been rated as “moderate”.

* MS06-057: Updates Windows Shell to avoid remote code execution. Affects Windows 2000, XP and Server 2003. Rated as “critical”.

* MS06-058: Fixes six vulnerabilities in PowerPoint and is rated as “critical”.

* MS06-059: Resolves four vulnerabilities in Microsoft Excel also rated as “critical”.

* MS06-060: Update to fix a “critical” vulnerability in Microsoft Word.

* MS06-061: Includes an update to solve two Microsoft XLM Core Services vulnerabilities. Microsoft rates this bulletin as “critical”. It applies to Windows NT4 SP6, 2000, XP and Server 2003.

* MS06-062: Update to fix Microsoft Office vulnerabilities. It affects Microsoft Office, Project and Visio. Rated as “critical” by Microsoft.

* MS06-063: Resolves two vulnerabilities in the Windows Server service. Rated as “important”, it affects Windows 2000, Server 2003 and XP.

* MS06-064: Fixes three denial of service vulnerabilities on TCP/IP IPv6 systems. Microsoft gives this bulletin a “low” severity rating. It applies to Windows XP and Server 2003 systems.

* MS06-065: Fixes a vulnerability affecting Windows XP and Server 2002, more precisely, “Windows Object Packager. Rated as “moderate”.

The first malicious code in this week’s report is the W32/Nedro.B.worm worm, designed to affect Windows operating systems. It spreads across IRC and the Yahoo! instant messenger.

Haxdoor.NJ is a backdoor Trojan that gathers different types of passwords from the infected computer, such as those for logging in to a session and for using the Outlook and The Bat mail clients. Haxdoor.NJ also tries to steal any passwords to eBay, e-gold and paypal systems. If it gets this information, it sends it to the creator of the malicious code using a rootkit detected as Rootkit/Haxdoor.NJ.

Haxdoor.NJ needs to be spread by an attacker as it cannot spread itself automatically. This rootkit also opens three random ports to enable the creator to collect the data.

In order to spread, Haxdoor.NJ injects its code in the Windows explorer.exe process, thereby ensuring it is run on every system startup. To prevent the Windows XP SP2 firewall from doing its job, it alters the firewall settings so that it is treated as an authorized application.

Leave a Reply

Weekly Report on Viruses and Intruders

By | October 6, 2006

This week’s report from Panda Software once again looks at the numerous variants of Spamta that continue to appear. In addition, PandaLabs reports on other malicious codes including Bck/WebMic.A and Trj/Rizalof.KD.
Continue reading

Leave a Reply

Weekly Report on Viruses and Intruders

By | September 15, 2006

This week’s report from Panda Software looks at the BarcPhish phishing attack, the Spamta.X worm and the MS06-052, MS06-053 and MS06-054 vulnerabilities affecting some of Microsoft’s products. BarcPhish is a large-scale phishing attack targeting clients of Barclays Bank’s online services and involving at least 70 variants of a spoof email. The scale of this attack saw the number of fraudulent emails detected daily by PandaLabs increase by 30 percent in just a few hours.
Continue reading

Leave a Reply

Weekly Report On Viruses And Intruders

By | August 25, 2006

Goldun.KR is a Trojan that monitors Internet traffic generated when the user accesses web pages related with several online banks. In this way, it steals the user names and passwords for these services and sends them to its creator.
Continue reading

Leave a Reply

Weekly Report On Viruses And Intruders

By | August 7, 2006

This week’s report from Panda Software on viruses and intruders clearly reflects the new dynamic influencing malware creators. The three examples of malicious code detailed in the report are aimed at spying, hijacking computers and stealing bank details.
Continue reading

Leave a Reply