Weekly Virus Report - Halfint, Nolor Worms and Optix.Pro Trojan
Posted on 02.05.2003
In this report we'll take a look at Aurity, a Word macro virus, two worms: Halfint and Nolor, and a Trojan called Optix.Pro.

Aurity (W97M/Aurity) is a macro virus belonging to the W97M family, which infects Microsoft Word 97 documents as well as the global template they use. The virus first infects the document which in turn, when it is opened, infects the NORMAL.DOT template. As the template is infected, all documents that then use it also become infected.

Aurity causes the following effects:

· It disables the antivirus protection in Word macros. This means that when a document is opened, Word doesn't ask for confirmation to enable or disable macros in the document.
· It infects Word documents Word (files with a DOC extension).
· It infects Word's global template which in turn infects all documents that use it.

Halfint (W32/Halfint) is a worm without destructive effects that spreads via KaZaA, a peer-to-peer file sharing program. When it runs, it creates 36 copies of itself in the KaZaA shared directory. All these files have names referring to computer programs and games such as Age of Empires 2 - Crack.exe, Playstation 2 Emulator Downloader.exe or Windows Key Generator (all versions).exe.

In this way other users are tricked into installing the virus onto their computers.

Nolor (W32/Nolor) is a worm that spreads rapidly via e-mail. Once it has infected a computer, it sends copies of itself, using its own SMTP engine, to all addresses in the address book on the computer. The message used by Nolor is highly variable, all though it often claims to contain photos of Bin Laden, greetings cards or passwords for accessing certain programs.

Nevertheless, Nolor is easily recognized as the message always contains one of the following attached files: LOVE_LORN.KIS.OK.EXE, LOVELORN.KIS.OK.EXE, THUYQUYEN.KIS.OK.EXE, LOVE_LORN.HTM, LOVELORN.HTM o THUYQUYEN.HTM.

Finally today we'll look at Optix.Pro (Bck/Optix.Pro.13) a dangerous Trojan that opens communication port 3410, allowing an attacker to access remotely resources on the affected computer. It also installs and runs another backdoor Trojan (detected by Panda antivirus as Bck/Sub7.22), disables antivirus programs and terminates processes connected with firewalls.

Optix.Pro does not use any specific method of spreading. In fact, it spreads via any of the normal channels used by viruses: floppy disks, CD-Rom, e-mails with infected attachments, Internet downloads, FTP, etc.





Spotlight

What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //