Panda Weekly - viruses and intruders - 11/12/04

- Weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com) ​

Madrid, November 12 2004 - This week's report on viruses and intruders looks at the IFRAME.BoF exploit, as well as the Mydoom.AE, Mydoom.AF and Gavir.A worms.

IFRAME.BoF is an exploit for a buffer overrun vulnerability that occurs in Internet Explorer v6.0 and allows an attacker to remotely execute arbitrary code on the vulnerable computer. This vulnerability is rated as extremely critical.

The exploit can be included in a malicious web page or in an email message in HTML format, which contain executable code. This executable code is automatically run when a buffer overflow occurs. The executable code can be of any kind, which means that any kind of malicious action can be taken on affected computers.

As no patch is yet available to resolve the problem, it is advisable to keep antivirus software as up-to-date as possible. It is also a good idea to disable 'Active Scripting' in the browser and change the configuration of the email client so that messages are viewed as plain text.

In fact, the new AE and AF variants of the well-known Mydoom already use the IFRAME.BoF exploit. Both worms -which are similar to each other- spread via email in messages that they generate themselves. To do this they create an HTTP server in communications port 1639.

The messages that Mydoom.AE and Mydoom.AF send include a link to files that contain the IFRAME.BoF exploit in other computers. If the user that receives the email clicks directly on the link and the computer is vulnerable to the exploit, the worms will be downloaded and run automatically on the computer.

Mydoom.AE and Mydoom.AF also try to establish connection with a large number of IRC servers via port 6667.

Finally, Gavir.A is a worm with the exclusive aim of downloading a variant of the Legmir family of Trojans. Gavir.A spreads across shared network resources, creating copies of itself in IPC$ and ADMIN$ resources that it accesses.

Gavir.A also generates a script in a temporary folder in order to delete itself once it has been run.

For further information about these and other computer threats, visit Panda Software's Encyclopedia: http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Exploit: This can be a technique or a program that takes advantage of a vulnerability or security hole in a certain communication protocol, operating system, or other IT utility or application.

- Script: The term script refers to files or sections of code written in programming languages like Visual Basic Script (VBScript), JavaScript, etc.

More technical definitions at: http://www.pandasoftware.com/virus_info/glossary/default.aspx

 

I believe generally a cold week for viruses they were resting in their beds having a good time

 

Now isn't it possible one of these beasts or a variant thereof, then unfixable, or detectable by standard AV providers, may have bitten me recently Executing controlling actions on my PC without my being able to stop it?? It sure seems as if this sort of invasive monkey business was ravaging me.....

Now I am free (it appears) of that sort of disturbing potentiality- I am running blessedly smoothly, incident-free so far, and amply protected ( I think). But only since I begged off XP Home two days ago (out of exasperation) and reverted to lowly ME has the system again behaved "normally" like this.

I truly believe Home is so fraught with inherent susceptibilities that when coupled with SP2 (and its as yet not quite explicated, but rumored security flaws) , it really IS believable that one could be terrorized like I was, by malware and/or outsider manipulations, as unlikely as that may seem within the context of PAST OS behaviors or its assumed integrity.

Just greasing the fire again, kids, for I am yet unconvinced "misconfiguration" or "software conflicts" were wholly responsible for the chaos I witnessed on my PC so recently.

 

still_longhorn....I've removed your posts as they were off-topic to the discussion in this thread.

Regards,

Bubba

 

No problem Bubba but can't a guy post a little sarcasm?

 

3 posts in a row full of em

Nah....not on a Friday night....unless it's in Ten Forward....where almost anything goes

 

Well I'll be damned! I really thought this thread just turned to "Fantasy Island!"