[virusinfo] Panda Software's weekly report on viruses and intruders - 06-24-05
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Fri, 24 Jun 2005 16:14:11 -0700
From: Panda Software's weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
MADRID, June 24, 2005 - This week, Panda Software's report will focus on
three worms: W32.Semapi.A, W32.Codbot.AL, and W32.Mytob.GV.
W32.Codbot.AL is a worm that has been detected a significant number of
times since it appeared. According to the online anti-malware solution,
Panda ActiveScan, it is one of the top five most active threats this week.
This malware spreads using known vulnerabilities in the SQL Server LSASS
and RPC-DCOM processes. In order to install itself on the computer, it
registers itself as a system process, which is run whenever the computer is
started up. When it is running, it connects to various IRC servers and
waits for commands. It can receive all types of commands such as commands
to obtain information from the computer, enable keylogging or FTP services
or even download and run other types of malware. This worm was blocked by
TruPreventTM Technologies, even before the signature file was made
available.
The second worm, W32.Semapi.A, spreads via email in a message with a
variable subject, sender and other characteristics, included in an
attachment with a variable name and extension. When it is installed on the
computer, it copies several files to the hard disk and creates a series of
entries in the Registry in order to ensure that it is run whenever the
computer is started up. Then it looks for addresses in files with certain
extensions on the affected computer and sends itself out to the addresses
it finds. This worm is easy to recognize, as when it is run, it displays a
dialog box informing the user that the file 'semapi.dll' cannot be found.
The final worm in today's report is a member of the Mytob family, or to be
more precise the GV variant. This worm opens a backdoor and spreads via
email (sending itself to all the addresses it finds on the affected
computer with a spoofed sender's address) and through shared resources
protected with weak passwords. What's more, it ends certain processes on
the affected computer, the majority of which belong to antivirus
applications, and blocks access to the websites of IT security companies.
As a result, it leaves computers vulnerable to infection from other types
of malware.
To prevent these malware or any other malicious code from affecting your
computer, Panda Software recommends keeping antivirus software up-to-date.
Panda Software clients can already access the updates to detect and
disinfect these malicious code.
For further information about these and other computer threats, visit Panda
Software's Encyclopedia.
------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Panda Software's weekly report on viruses and intruders - 06-24-05
