Panda Software´s weekly report on viruses and intruders
Panda Software´s weekly report on viruses and intruders
08/05/2005. Today’s report looks at three worms: Infober.A, Incef.A and Bobax.AU.
Infober.A spreads via computer networks, making a list of shared resources and copying itself in them. It creates four files, two of which are called MMSOFTCPL.CPL and DEATHLOG.TXT, while the names of the other two are generated by searching through the .cpl, .exe and .doc files on all disk drives. One of the files executes the worm when the computer is started up, importing the “systems” function from mmSoftCPL.cpl and running it.
Infober.A opens port UDP 45075, acting as a backdoor in order to allow remote access to the computer and thereby enabling actions that could compromise confidentiality of user data or impede working with the computer. It creates the “SQL Script” mutex to prevent two copies of itself being executed simultaneously on the system.
The second worm we are looking at today is Incef.A, which spreads via IRC -using mIRC-, and the KaZaA P2P file sharing program.
Incef.A takes several actions on infected computers including:
- Altering KaZaA settings to facilitate its propagation. It shares the C: drive root directory and a subfolder of the Windows directory. It also disables the firewall and the virus filter.
- It modifies the MIRC.INI file, so that it runs a certain script.
We close today´s report with Bobax.AU, a worm that spreads via e-mail, in a message with variable characteristics including an attachment with a two-part name made up of: a text which could be either ˝BUSH˝, ˝FUNNY˝, ˝JOKE˝, ˝PICS˝, or ˝SECRET˝-, and an extension which can be either-.exe, .pif or .scr-. When the file is run, Bobax.AU searches the computer for e-mail addresses to which to send itself. It also takes several actions:
- It modifies the HOSTS file to prevent access to certain web pages, in particular those belonging to antivirus companies.
- It creates several files, one of which is a DLL (Dynamic Link Library) to prevent the associated process from being displayed in the task manager.
For further information about these and other computer threats, visit Panda Software´s Encyclopedia.
About PandaLabs
On receiving a possibly infected file, Panda Software´s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/.
Oxygen3 24h-365d, by Panda Software
© Panda Software 2003
Back
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel