Panda Software´s Weekly Report on Viruses and Intruders
Panda Software´s Weekly Report on Viruses and Intruders
6/30/2006. - The Kelvir.EO worm, the virus Kukudro.A and the Downloader.JIH Trojan are the subject of this week’s PandaLabs report.
Kelvir.EO is a worm with backdoor functions. It spreads by exploiting certain Windows vulnerabilities in the LSASS, RPC DCOM, Workstation Service and Plug and Play services, and then transfers a copy of itself using its own FTP server. Once it has infected a computer it installs a rootkit, detected as Ruffle.A, in order to disguise its actions. The worm connects to an IRC server which, in turn, connects to a certain channel in order to run commands that, among other things, can obtain passwords stored in Protected Storage, which contains the passwords for programs including Outlook and Internet Explorer. Kelvir.EO also allows attackers to terminate processes, get data about the infected system, and update or eliminate the worm´s code.
Kukudro.A is a macro virus that drops the Downloader.JIH Trojan on infected computers, creating a file called 66INSE_1.EXE, a copy of the Trojan, in the hard disk root directory. It does this using an old vulnerability, described in bulletin MS01-34, to avoid the security warning about macros included in Word documents and run its own code automatically. Kukudro.A cannot propagate automatically by itself and therefore needs user interaction in order to spread. The virus spreads in emails with an attachment called My_notebook.doc. This file includes the specifications of a range of different laptop computers.
Finally, Downloader.JIH is a Trojan that downloads the Sality.S virus onto computers. This virus infects executable files and can terminate security processes and capture system information. Once the Trojan is run, it connects to a series of web pages to download an executable file which it then saves on the infected computer under a random name. Downloader.JIH cannot spread by itself, but has to be dropped by other malware, in this case Kukudro.A, or executed by users as an email attachment or a file downloaded from the Internet or P2P networks.
For further information about these and other computer threats, visit Panda Software´s Encyclopedia.
Find out more about the company at: http://www.pandasoftware.com/about_panda/companyprofile/15years.asp.
About PandaLabs
Since 1990, PandaLabs’ mission has been to analyze new threats as soon as possible to ensure that our clients are safe. Several teams specialized in each specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.) work 24x7 to offer global coverage. To do this they are supported by TruPrevent™ Technologies, a truly global early warning system made up of sensors that are strategically distributed and neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is the fastest in the industry to offer complete updates (more information at www.pandasoftware.com/pandalabs.asp).
Oxygen3 24h-365d
by Panda Software
Back
- Chrome comes to Android, but only for the 1 percent
A beta version of Chrome for Android is available to people running Ice Cream Sandwich.
- Microsoft to roll out wave of native mobile apps for its CRM software
Windows Phone 7, iOS, Android and BlackBerry will all be represented.
- Apple to sell 60m iPads in 2012 - analyst
- Cloudyn monitors and optimizes AWS usage
- Micron appoints COO Durcan as CEO after Appleton´s death
- Kinect for Xbox 360 Teams With NFL PLAY 60 and Drew Brees to Unveil ´Kinect for Xbox 360 Super Sunday Challenge´
- Profitero Named IBM Global Entrepreneur of the Year
- IBM Completes Acquisition of Emptoris to Expand Smarter Commerce Initiative
- Lease program would offer users new phone every year
- 162,000 sign petition targeting Apple\'s Chinese factory conditions
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel