shtaps
Čuven
- Učlanjen(a)
- 25.12.2003
- Poruke
- 733
- Poena
- 619
Veceras sam skinuo dva maila od Kasperskog. Mozda ce njihova sadrzina nekome odgovoriti na neka pitanja:
I. Don't Believe Your Browser - It Could Be Dumaru
Kaspersky Labs (...) warns users about three new modifications of Dumaru, an email worm: versions j, k and l. The unusual propagation techniques and high dissemination rate have resulted in infections worldwide, causing a new global outbreak.
Dumaru was first detected in September 2003 and has remained among the most active malicious programs ever since. The original worm was written in Russia, but subsequent versions appears to come from Germany.
The latest versions of Dumaru contain only minor modifications. However, the multi-tier propogation method used to disseminate the malicious program has caused a worldwide outbreak within a matter of days.
Initial propagation was assured by the mass mailing of a message purportedly originating from Microsoft in which users were offered updates to their virus protection.
In reality, the message contains the Trojan program UrlSpoof. Once the link in the letter is activated, a new Internet window opens onto a Microsoft look-alike web site. Moreover, "UrlSpoof" utilizes a vulnerability in Internet Explorer, which allows the worm to display www.microsoft.com in the address bar, even though the user is actually on another site.
While the user is browsing this site, the victim machine is transformed into a Dumaru carrier and the worm then initiates the mailing process from the new computer.
"This outbreak has once again demonstrated that virus writers and spammers are joining forces", comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs, "Viruses are using spamming techniques more and more in order to increase propagation speed, whereas spammers are using viruses to create networks of infected machines for use in mass mailing campaigns".
Kaspersky Labs anti-virus databases have already been updated with protection against the new versions of Dumaru.
A detailed description of these versions of Dumaru can be found in the Kaspersky Virus Encyclopedia (http://www.viruslist.com/eng/viruslist.html?id=836347).
II. Mimail.q: The Return Of A Calculating Email Blackmailer
Kaspersky Labs, a leading information security software developer has detected a new version of the notorious Internet worm Mimail. Mimail.q has a built in encrypted key against anti-virus programs and reports of infections are already coming in. Kaspersky Labs predicts that the outbreak will gain momentum over the next few days and recommends that all users update their anti-virus protection immediately.
Mimail.q spreads via email in messages with varying content (there are about 30 variations) with random attachment names. The worm consists of two components: the dropper (the module which installs the core) and the carrier (the core).
If a user is thoughtless enough to launch the file attached to the infected email, the dropper proceeds to open a window with a fake error message. The dropper copies itself into the Windows registry under the name sys32.exe and registers itself in the system registry auto run key. Finally, the dropper unpacks the main component, a file named outlook.exe and launches it in order to execute it.
The most important modification in Mimail.q are the polymorphic encryption keys inbuilt to fool anti-virus programs. Every time the infected machine is restarted Mimail.q changes the encryption key so that the copies of itself that Mimail sends look different every time. This means that anti-virus programs must have a decryption routine in order to contend with Mimail.q successfully.
The main component of the worm performs several functions at once. Firstly, it sends copies of Mimail.q by scanning the contents of disks and extracting email addresses. Infected messages are then sent to these addresses by using the inbuilt mailing mechanism.
Secondly, the main component opens the infected computer to the creator of the worm using ports 80, 1433, 1434, 3000, and 6667. The worm receives commands via these ports and sends information about the execution of these commands to a variety of public email system addresses.
Thirdly, Mimail.q gathers information about PayPal and E-Gold accounts on the computer in exactly the same way as previous versions of Mimail do, and sends the information needed to access these accounts to the addresses mentioned above.
Finally, the worm's code contains the following text, which is addressed to public email services as a threat if email addresses used by Mimail.q should be closed by the service provider.
*** GLOBAL WARNING: if any free email company or hosting company will close/filter my email/site accounts, it will be DDoS'ed in next version.
WARNING: centrum.cz will be DDoS'ed in next versions, coz they have closed my mimail-email account. Who next? ***
Protection against Mimail.q using a decryption routine has already been added to the Kaspersky Anti-Virus databases.
A fuller description about this malicious program can be found in the Kaspersky Virus Encyclopedia (http://www.viruslist.com/eng/alert.html?id=836443).
Posebno mi je zanimljiv ovaj drugi - budite dobri ili duvacu, duvacu i oduvacu vam kucu! Koristi port 6667? Jesu li na tom portu vecina irc programa, ili sam ja pomesao pojmove?
U svakom slucaju jos jednom proverite kada ste uradili zadnji update.
Mozda ne bi bilo lose kada bi s vremena na vreme dodali temu ovakve sadrzine. Uvek se jave desetorica kada neko zatrazi pomoc, sto je skroz ok, ali u nekim situacijama moze se i predvideti katastrofa.
-----------------------------------------------------------------------------------------------------------
The Return Of The Fellowship Of The Ring je najbolja epizoda South Park-a na svetu!!!
I. Don't Believe Your Browser - It Could Be Dumaru
Kaspersky Labs (...) warns users about three new modifications of Dumaru, an email worm: versions j, k and l. The unusual propagation techniques and high dissemination rate have resulted in infections worldwide, causing a new global outbreak.
Dumaru was first detected in September 2003 and has remained among the most active malicious programs ever since. The original worm was written in Russia, but subsequent versions appears to come from Germany.
The latest versions of Dumaru contain only minor modifications. However, the multi-tier propogation method used to disseminate the malicious program has caused a worldwide outbreak within a matter of days.
Initial propagation was assured by the mass mailing of a message purportedly originating from Microsoft in which users were offered updates to their virus protection.
In reality, the message contains the Trojan program UrlSpoof. Once the link in the letter is activated, a new Internet window opens onto a Microsoft look-alike web site. Moreover, "UrlSpoof" utilizes a vulnerability in Internet Explorer, which allows the worm to display www.microsoft.com in the address bar, even though the user is actually on another site.
While the user is browsing this site, the victim machine is transformed into a Dumaru carrier and the worm then initiates the mailing process from the new computer.
"This outbreak has once again demonstrated that virus writers and spammers are joining forces", comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs, "Viruses are using spamming techniques more and more in order to increase propagation speed, whereas spammers are using viruses to create networks of infected machines for use in mass mailing campaigns".
Kaspersky Labs anti-virus databases have already been updated with protection against the new versions of Dumaru.
A detailed description of these versions of Dumaru can be found in the Kaspersky Virus Encyclopedia (http://www.viruslist.com/eng/viruslist.html?id=836347).
II. Mimail.q: The Return Of A Calculating Email Blackmailer
Kaspersky Labs, a leading information security software developer has detected a new version of the notorious Internet worm Mimail. Mimail.q has a built in encrypted key against anti-virus programs and reports of infections are already coming in. Kaspersky Labs predicts that the outbreak will gain momentum over the next few days and recommends that all users update their anti-virus protection immediately.
Mimail.q spreads via email in messages with varying content (there are about 30 variations) with random attachment names. The worm consists of two components: the dropper (the module which installs the core) and the carrier (the core).
If a user is thoughtless enough to launch the file attached to the infected email, the dropper proceeds to open a window with a fake error message. The dropper copies itself into the Windows registry under the name sys32.exe and registers itself in the system registry auto run key. Finally, the dropper unpacks the main component, a file named outlook.exe and launches it in order to execute it.
The most important modification in Mimail.q are the polymorphic encryption keys inbuilt to fool anti-virus programs. Every time the infected machine is restarted Mimail.q changes the encryption key so that the copies of itself that Mimail sends look different every time. This means that anti-virus programs must have a decryption routine in order to contend with Mimail.q successfully.
The main component of the worm performs several functions at once. Firstly, it sends copies of Mimail.q by scanning the contents of disks and extracting email addresses. Infected messages are then sent to these addresses by using the inbuilt mailing mechanism.
Secondly, the main component opens the infected computer to the creator of the worm using ports 80, 1433, 1434, 3000, and 6667. The worm receives commands via these ports and sends information about the execution of these commands to a variety of public email system addresses.
Thirdly, Mimail.q gathers information about PayPal and E-Gold accounts on the computer in exactly the same way as previous versions of Mimail do, and sends the information needed to access these accounts to the addresses mentioned above.
Finally, the worm's code contains the following text, which is addressed to public email services as a threat if email addresses used by Mimail.q should be closed by the service provider.
*** GLOBAL WARNING: if any free email company or hosting company will close/filter my email/site accounts, it will be DDoS'ed in next version.
WARNING: centrum.cz will be DDoS'ed in next versions, coz they have closed my mimail-email account. Who next? ***
Protection against Mimail.q using a decryption routine has already been added to the Kaspersky Anti-Virus databases.
A fuller description about this malicious program can be found in the Kaspersky Virus Encyclopedia (http://www.viruslist.com/eng/alert.html?id=836443).
Posebno mi je zanimljiv ovaj drugi - budite dobri ili duvacu, duvacu i oduvacu vam kucu! Koristi port 6667? Jesu li na tom portu vecina irc programa, ili sam ja pomesao pojmove?
U svakom slucaju jos jednom proverite kada ste uradili zadnji update.
Mozda ne bi bilo lose kada bi s vremena na vreme dodali temu ovakve sadrzine. Uvek se jave desetorica kada neko zatrazi pomoc, sto je skroz ok, ali u nekim situacijama moze se i predvideti katastrofa.
-----------------------------------------------------------------------------------------------------------
The Return Of The Fellowship Of The Ring je najbolja epizoda South Park-a na svetu!!!
![][V][ATRIX™](/data/avatars/m/1/1662.jpg?1612629387){kind=avatar}
