AnTiViRuS NewS
August 6
- Weekly report on viruses and intruders - Virus Alerts, by Panda Software http://www.pandasoftware.com


Madrid, August 6 2004 - This week's report on viruses and intruders looks at
three worms -Mydoom.P, Mydoom.O and Amus.A-, and two Trojans called
Downloader.OG and Brador.A.

Mydoom.P spreads via email in a message that simulates an error messages.
Every five seconds the worm checks to see if in the memory there are any
active processes with the text strings av, AV, can, cc, ecur, erve, iru,
java, KV, mc, Mc, nti, nv, ort, scn, SkyNet, sss, sym, Sym, uba and xp.exe.
If so, Mydoom.P will terminate the process. Sometimes, the first time the
worm is executed it opens Notepad.

Mydoom.P tries to use the two methods below in order to collect email
addresses:

- Searching in all files with any of the following extensions: ADB, ASP,
CFG, DBX, DHTM, EML, HTM, HTML, JS, JSE, JSP, MMF, MSG, ODS, PHP, PL, SHT,
SHTM, SHTML, TBB, TXT, WAB and XML.

- Making HTTP requests to the email.people.yahoo.com website, to use the
people search feature in Yahoo mail.

Mydoom.O spreads via an email with variable characteristics. It installs a
file that opens and listens on backdoor in TCP port 1034. This can give
access to the compromised computer, though which confidential data can be
stolen or users' can be prevented from using the computer properly.

The third worm we're looking at today is Amus.A, which uses its own SMTP
engine to spread via email. It creates several copies of itself and a
registry entry in the computer to ensure it is run every time Windows starts
up. Sometimes, Amus.A can create a small white square in the top left-hand
corner of the desktop.

The first Trojan in today's report is Brador.A, which affects PDAs (Personal
Digital Assistant) running the Windows CE operating system. Its actions
include opening a port that allows outside connections, and copying itself
-as Svchost.exe- to the Start directory. When Brador.A affects a system it
sends its creator a message saying that the device is available.

We finish of today's edition with Downloader.OG, a Trojan which periodically
installs the adware Adware/Wupd, downoading it from a series of
predetermined websites. Downloader.OG also creates on the victim's computer
-in the Windows system directory- the BRIDGEX.DLL, file which is really a
copy of itself.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Backdoor: a backdoor can be used to allow an attacker to take control of a
computer without the user's knowledge.

- Download: This is the process of obtaining files from the Internet (from
Web pages or FTP sites set up specifically for that purpose).

More technical definitions at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

What kind of windows are u running on?
What kind of windows are u running on?

view results


Panda ActiveScan - Free Online Virus Check





Supports Internet Explorer & Netscape







Google
WWW http://alanlim.htmlplanet.com

© Copyright 2004 Alan Lim. All Rights Reserved