Latest news
This week’s report looks at four malicious code: the worms, Sory (W32/Sory), Kickin (W32/Kickin) and Winur (W32/P2P.Winur.C), and the Trojan AOL.Aim (Trj/PSW.AOL.Aim). Sory obtains confidential information from the affected computer and sends it out to an Internet address. The data sent out by Sory includes the operating system version, the CPU number, type and speed, the amount of RAM and the e-mail address of the affected user. Similarly, Sory logs the keystrokes entered by the user of the infected computer and saves them in a file, which it also sends out. By doing this, the recipient of the message can access confidential information belonging to the user, such as the passwords for accessing certain services.
This worm spreads across networks and through computers with an English or Turkish operating system installed.
Winur.C is designed to spread rapidly through P2P (peer-to-peer) file sharing programs, such as WinMX, KaZaa or Edonkey. Once a machine is infected, the worm carries out a DoS (denial of service) attack against the www.whitepower.org web page, as well as deleting certain antivirus programs.
It also copies a lot of personal files from the infected computer to the P2P program shared directories. In this way, these files could be accessible to the virus author or any other user of these applications.
The Kickin worm spreads via e-mail using its own SMTP engine, although it also spreads via IRC and P2P applications. W32/Kickin infects Win9x, NT, 2000 and XP and is programmed in Microsoft Visual C 6.00. This worm scours the computer’s memory for a particular series of processes (related to security and antivirus software) and terminates those that it finds active.
The messages used by W32/Kickin try to trick users into running the infected file with references to topics such as SARS (Severe Acute Respiratory Syndrome), patches, love letters, games, photos of celebrities, etc.
W32/Kickin creates a script.ini file containing its code so as to spread via mIRC. It also copies itself to P2P application shared directories (KaZaA, Bearhsare, Edonkey2000 and Morpheus).
Finally, AOL.Aim is a Trojan that steals the access data of the users of the America On Line (AOL) instant messaging service. The data it obtains is the user name and password. It then sends this information to the virus author.
AOL.Aim uses various means to spread: e-mail messages with an infected document, computer networks, CD-ROMs, Internet downloads, FTP, floppy disks, etc.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
