http://www.eweek.com/article2/0,1759,1738912,00.asp By Ryan Naraine December 10, 2004 Anti-virus vendors have raised the alarm for a new mass-mailing worm with a dangerous backdoor component. The worm, called W32.Maslan.C@mm, arrives as an attachment promising naked photos of Playboy models but, if executed, drops an IRC (Inter Relay Chat) bot capable of transmitting passwords and sensitive information back to the virus writer. According to an alert from McAfee, the backdoor is powerful enough to terminate the processes of various anti-virus security applications. The worm also spreads itself via poorly secured network shares and weak passwords and takes advantage of two known exploits—LSASS and RPC-DCOM—affecting Microsoft Windows users. Patches for both exploits have been available for some time, but unpatched machines are vulnerable to worm infection. According to Sophos, Maslan-C copies itself to the Windows system folder and creates a number of other files on the computer which make up the components of the worm. It constructs messages using its own SMTP engine and harvests target e-mail addresses from the victim's machine. The worm uses several masking techniques including spoofed sender addresses and has been programmed to monitor Internet Explorer browser sessions to capture data relating to various financial sites. An advisory from Symantec rates the risk as low, but distribution remains high. The use of naked celebrity images as a virus infection tactic is nothing new. In the past, virus writers have attached the names of celebrities such as Anna Kournikova, Britney Spears and Halle Berry to mass-mailing worms. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Mon Dec 13 2004 - 07:23:14 PST