New Virus's, etc... Aug 5 2007| Special thanks to my friend Rich Morris
Owner/Administrator
www.trafficheroes.com
If you are not a member of this good exchange, please use my referral link and send me a support ticket and I"ll add 200 credits to your Medieval account.
http://www.trafficheroes.com/index.php?referer=leroya2424a
New Viruses
Here's a weekly section to our weekly newsletter that has
become popular.
1) PayRob.A is a Trojan designed to steal data from PayPal
accounts. Like
most Trojans, PayRob.A cannot spread by itself, but needs
intervention
from a malicious user to reach computers. If the targeted
user runs the file carrying PayRob.A, it gives itself
hidden file attributes and modifies the Windows Registry to
ensure it is run whenever the system is restarted.
The Trojan creates two files on the infected computer in
the temporary
Internet files folder and in C:\WINDOWS\MSAPPS\. If the
latter folder is
not found on the system, an error message is displayed. It
also copies a file called modeexpinovo.txt to the temporary
Internet files folder. This text file stores all of the
PayPal passwords that it finds on the affected system. This
file can be
accessed remotely by hackers from a certain Internet host.
2) The Chasnah.A worm displays messages in Indonesian when
the user logs on
and opens a web page from an Indonesian organization from
time to time. This worm uses shared folders and USB devices
to
spread. When run, Chasnah.A creates several files on the
infected system and entries in
the Windows registry. From then on, a screen is displayed
in English and Indonesian whenever
the user logs on. Furthermore, it periodically opens the
web browser, displaying the page mentioned earlier.
Chasnah.A reduces the system protection level by preventing
certain security applications from being run, and from
time to
time, it checks if there are any USB devices connected to
the computer in order to infect them.
3) IcePack is a malicious tool for installing malware
through exploits. Icepack infects computers through the
following
process: the application accesses a web page to which it
adds an iframe reference pointing to the server where the
application is installed. The main innovation in Icepack is
that the tool adds the iframe. Previous
applications like Mpack needed a hacker to manually access
the web pages in which to insert it.
When a user visits one of these malformed pages, the iframe
activates Icepack, which looks for vulnerabilities on the
user's
computer. If it finds one, it will download the exploit for
this vulnerability to the computer. An important feature
of Icepack
is that it uses exploits corresponding to the latest
vulnerabilities to appear. The reason is that as they are more
recent, users
are less likely to have updated their computers to resolve
these security flaws. From then on, the cyber-crook can
download
any type of malware to the affected computers. Another
innovation of Icepack is that it combines an
ftps checker and an iframer. The first helps cyber-crooks
to exploit the information about the FTP accounts they have
stolen
from affected computers. The data from these accounts is
passed through the checker to verify if it is valid. The
valid data
will be passed to the iframe, which will insert the iframe
pointing to Icepack in the account. By doing this, the
application
can start its "lifecycle" again.
|
Return to F.A.Q. Page
|
