Network Services

September 30, 2009
W32. Pilleuz Spreads via File-Sharing
Threat Rank: HIGH

Type: Worm
Systems Affected: Windows 2000, Windows Server 2003, Windows Vista, Windows XP
INFO:

When executed, the worm copies itself as the following file:
%SystemDrive%\RECYCLER\[SID]\sysdate.exe

It also creates the following file: %SystemDrive%\RECYCLER\[SID]\Desktop.ini

It then creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Taskman" = "%SystemDrive%\RECYCLER\[SID]\sysdate.exe"

The worm spreads by copying itself to removable drives as the following file:
%DriveLetter%\Resources\sEtuP64.exe

It also copies the following file so that it runs when the removable drives are connected to another computer: %DriveLetter%\autorun.inf

VBS.Invadesys.B Spreads to All Drives
Threat Rank: HIGH
Type: Worm
Systems Affected: Windows XP, Windows Me, Windows Vista, Windows Server 2003, Windows 2000
INFO:

When the worm executes, it creates the following copies of itself if the system drive is NTFS-formatted:
%Windir%\explorer.exe
%System%\smss.exe

Note: The worm uses the Alternate Data Stream (ADS) feature of the NTFS file system to hide its code inside the legitimate explorer.exe and smss.exe executable files. The worm creates the following copies of itself if the system drive is not NTFS-formatted:

%Windir%\.vbs
%System%\.vbs

The worm then modifies the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"Load" =
"%SystemRoot%\system\svchost.exe %System%\[smss.exe:.vbs OR .vbs]
Recent Malware Threat List

-OSX_JAHLAV.M
-TROJ_FAKEVIME.AG
-WORM_ASPXOR.AB

September 22, 2009
The ABCs of Safely Shopping Online
Threat Rank: HIGH

A. A first step is to make sure you have up-to-date, comprehensive security software before you do any online shopping. This will greatly reduce the risk of contracting a virus or some other form of malware and help you avoid dangerous web sites.

B. Don’t use debit cards for online purchases, use credit cards. With credit cards, you can dispute fraudulent charges and by law your liability is limited. With debit cards, the money comes directly out of your account and getting the cash back can be difficult.

C. Encryption is another key to secure Internet purchases. Secure sites have a key or closed lock displayed in the web browser. Another way to know if a site is secure is by checking the web address (URL). It should begin with "https" not just "http." If you are at all unsure, then phone the company and provide your sensitive information via voice communication.

Yahoo Mail users warned of brute force attacks
Threat Rank: HIGH

Yahoo Mail users are being warned that a two-year-old hole in the service could be allowing hackers to gain easy access to their accounts, according to new reports.

Once hacked, the accounts can be used to send out spam and malware that stand a better chance of bypassing traditional filters. Hackers may also choose to use the account details to try to access banking accounts, as many people use the same or similar passwords on multiple accounts. Yahoo is understood to be investigating the vulnerability.

Apr09     Jun09    Jul09    Aug09    Sep09    Oct09    Nov09    Dec09    Jan10