Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > other security issues & news
Reload this Page Panda Weekly - viruses and intruders - 09/08/05
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old September 8th, 2005, 12:43 PM
Randy_Bell's Avatar
Randy_Bell Randy_Bell is offline
Updates Team
  
Join Date: May 2002
Location: Santa Clara, CA
Posts: 3,053
Default Panda Weekly - viruses and intruders - 09/08/05
- Panda Software's weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, September 8 2005 - This week's report looks at a worm -SdBot.EXG-, a Trojan called Cimuz.X and two hacking tools called GuardMon and SpyEx.

SdBot.EXG is a worm that spreads by exploiting the five following security problems (the number in brackets refers to the Microsoft bulletin dealing with each vulnerability): buffer overflow in SQL Server 2000 (MS02-039); vulnerability in Workstation Service (MS03-049); LSASS (MS04-011); RPC-DCOM (MS04-012); and remote code execution in Plug and Play -PnP- (MS05-039). In order to send itself out, this worm also has its own FTP and TFTP server.

Sdbot.EXG connects to certain IRC servers from which it can receive commands, such as to update itself, download and execute files, consult the list of shared resources and add or remove some, etc.

Cimuz.X is a Trojan which when installed on a computer, carries out a series of actions including the following:

- Opening a random port, allowing the computer to be used as an HTTP proxy.

- Executing PHP scripts from several web addresses in order to inform the creator that it has infected PC.

- To avoid firewalls, it injects its process in the processes of other programs which don't have Internet restrictions. It also adds its associated process to the list of authorized applications in the Windows XP firewall.

- It creates several Windows registry entries with different purposes (to run every time Windows starts up, to see if the computer had previously been infected, etc.).

Cimuz.X uses several DLLs and code other than its own. Its author has probably reused components from other Trojans.

The next example of malware we are looking at is GuardMon, a hacking tool that logs the keystrokes typed by the user. This can be used to capture passwords or other kind of sensitive information and represents a serious threat.

GuardMon creates the GPS.DLL file on the infected computer, which exports the function WSPStartup. This function controls the process of monitoring the keystrokes.

We end today's report with SpyEx, a hacking tool that monitors users' keystrokes, the applications used on the PC and Internet activity. The information compiled is then sent by email in an attachment to an address specified during installation.

More information about these and other IT threats in Panda Software's Encyclopedia, available at: http://www.pandasoftware.com/virus_info/encyclopedia/
 

Wilders Security Forums > Other Security Topics > other security issues & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 05:06 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums