[virusinfo] Oxygen3 24h-365d [Weekly report on viruses and intrusions - 04/18 /04]
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Sun, 18 Apr 2004 13:56:06 -0700
From Panda Oxygen3 24h-365d:
"For it is far better to know something about everything
than to know all about one thing. This universality is the best."
Blaise Pascal (1623-1662); French scientist and philosopher.
- Weekly report on viruses and intrusions -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, April 18, 2004 - Today's report focuses on two variants of Netsky -V
and U-, and a hacking tool called Hideout.A.
Nesky.V spreads via e-mail in a message with variable characteristics that
does not include an attached file. Instead, it contains HTML code with an
ObjectData exploit. When this code is run, the worm is downloaded.
Nesky.V carries out various actions in the computers it infects, including
the following:
- It creates a backdoor that listens in on TCP ports 5556 and 5557.
- From April 22 to 28, 2004 -inclusive- it launches Denial of Service (DoS)
attacks against different websites.
- It looks for e-mail addresses in the files it finds with the following
extensions: ADB, ASP, CFG, CGI, DBX, DHTM, DOC, EML, HTM, HTML, JSP, MBX,
MDX, MHT, MMF, MSG, NCH, ODS, OFT, PHP, PL, PPT, RTF, SHT, SHTM, STM, TBB,
TXT, UIN, VBS, WAB, WSH, XLS and XML. Then it sends itself out to the
addresses it has obtained using its own SMTP engine.
- It creates the mutex _-=oOOSOkOyONOeOtOo=-_ in order to avoid being run
several times simultaneously.
The U variant of Netsky spreads via e-mail in a message with variable
characteristics, which always includes an attached file with a PIF
extension. It creates a backdoor that listens in on TCP port 6789 and like
the variant described above, it sends itself out to the addresses it obtains
from the affected computer using its own SMTP engine. Netsky.U creates a
mutex to avoid being run several times simultaneously and from April 14 to
23, 2004 -inclusive- it tries to launch Denial of Service (DoS) attacks
against different websites.
We are going to finish today's report with Hideout.A, a program that is run
from the command line. This program allows several actions to be carried out
on the services in a remote computer, such as making a list of the services
running, displaying information about them or stopping them.
For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/
Additional information
- Exploit: This can be a technique or a program that takes advantage of a
vulnerability or security hole in a certain communication protocol,
operating system, or other IT utility or application.
- Hacking tool: Program that can be used by a hacker to carry out actions
that cause problems for the user of the affected computer (allowing the
hacker to control the affected computer, steal confidential information,
scan communication ports, etc.).
More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx
NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Oxygen3 24h-365d [Weekly report on viruses and intrusions - 04/18 /04]
