'Playboy' Virus Dropping Dangerous Backdoor

[Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>]

**************************************************************
-- Educational CyberPlayGround Community 
http://www.edu-cyberpg.com/

-- Network Newsletters Mailing List ©1994
-- Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html

-- Advertise on Network Newsletters Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html

-- Mailing Lists
http://www.edu-cyberpg.com/Community/index.html
**************************************************************

**************************************************************************
Education Vendor Directory - Advertise Your Services.
Helps educators make the most efficient use of your resources
Get your products or services noticed
through support of the Educational CyberPlayGround,
a clearinghouse of educational resources.
  <http://www.edu-cyberpg.com/Community/Subguidelines.html>
**************************************************************************

http://www.eweek.com/article2/0,1759,1738912,00.asp

By Ryan Naraine
December 10, 2004

Anti-virus vendors have raised the alarm for a new mass-mailing worm
with a dangerous backdoor component.

The worm, called W32.Maslan.C@mm, arrives as an attachment promising
naked photos of Playboy models but, if executed, drops an IRC (Inter
Relay Chat) bot capable of transmitting passwords and sensitive
information back to the virus writer.

According to an alert from McAfee, the backdoor is powerful enough to
terminate the processes of various anti-virus security applications.

The worm also spreads itself via poorly secured network shares and
weak passwords and takes advantage of two known exploits=97LSASS and
RPC-DCOM=97affecting Microsoft Windows users. Patches for both exploits
have been available for some time, but unpatched machines are
vulnerable to worm infection.

According to Sophos, Maslan-C copies itself to the Windows system
folder and creates a number of other files on the computer which make
up the components of the worm.

It constructs messages using its own SMTP engine and harvests target
e-mail addresses from the victim's machine. The worm uses several
masking techniques including spoofed sender addresses and has been
programmed to monitor Internet Explorer browser sessions to capture
data relating to various financial sites.

An advisory from Symantec rates the risk as low, but distribution
remains high.

The use of naked celebrity images as a virus infection tactic is
nothing new. In the past, virus writers have attached the names of
celebrities such as Anna Kournikova, Britney Spears and Halle Berry to
mass-mailing worms.


<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND 
http://www.edu-cyberpg.com

Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html

FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp

HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp

Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>

Other related posts:

'Playboy' Virus Dropping Dangerous Backdoor