From : Panda Software Communication <communication@xxxxxxxxxxxxxxxxx> Reply-To : Virus Alerts <VIRUSALERTSCOM@xxxxxxxxxxxxxxxxxxxxxxxxx> To : VIRUSALERTSCOM@xxxxxxxxxxxxxxxxxxxxxxxxx Subject : Virus Alerts [Panda Software reports the new Sdbot.N Trojan - 10/ 21/03] Date : Tue, 21 Oct 2003 16:01:37 +0200 - Panda Software reports the new Sdbot.N Trojan - Virus Alerts, by Panda Software (http://www.pandasoftware.com) Madrid, October 21, 2003 - PandaLabs has detected the appearance of Sdbot.N (Bck/Sdbot.N) a new and potentially dangerous Trojan. This malicious code could allow hackers to take a series of damaging actions on affected computers. To make matters worse, the creators of Sdbot.N have mass-mailed the Trojan in a message with the subject field: Microsoft Security Update and an attached file called MS03-047.EXE. The message text tries to convince the recipient that the e-mail has been sent by Microsoft, and this has no doubt been the reason why Panda Software's support staff have already received reported incidents involving Sdbot.N. As soon as Sdbot.N is run, this Trojan displays the message "Update complete", and goes memory resident. It also creates a series of Windows Registry entries to ensure it is constantly present on the computer and it copies its code in a file called autoupdate.exe in the Windows system directory. Sdbot.N includes its own IRC client, so the Trojan can connect to a pre-defined IRC channel even if the user doesn't have an IRC application installed. This connection could allow a hacker to send instructions to the computer under attack, including orders to scan ports, update the Trojan, or launch denial of service attacks. To prevent possible incidents involving this Trojan, Panda Software advises users to treat e-mails received with caution, and to update their antivirus solutions as soon as possible. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Sdbot.N. Those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com. Users can also scan their computers using the free, online antivirus, Panda ActiveScan, which is available on the company's website at http://www.pandasoftware.com. For further information about these and other malicious code, visit Panda Software's Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/. Additional information - Resident / Resident virus: A program or file is referred to as resident when it is stored in the computer's memory, continuously monitoring operations carried out on the system. - DoS / Denial of Service: This is a type of attack, sometimes caused by viruses, that prevents users from accessing certain services ( in the operating system, web servers etc.). More definitions of virus and antivirus terminology at: http://www.pandasoftware.com/virus_info/glossary/default.aspx NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. --------------------------------- Do you Yahoo!? The New Yahoo! Shopping - with improved product search ************************************************************* You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx or MicrosoftOffice@xxxxxxxxxxxxxxxx To send mail to the group, simply address it to mso@xxxxxxxxxxxxx To Unsubscribe from this group, send an email to mso-request@xxxxxxxxxxxxx with the word "unsubscribe" (without the quotes) in the subject line. Or, visit the group's homepage and use the dropdown menu. This will also allow you to change your email settings to digest or vacation (no mail). //www.freelists.org/webpage/mso To be able to use the files section for sharing files with the group, send a request to mso-moderators@xxxxxxxxxxxxx and you will be sent an invitation with instructions. Once you are a member of the files group, you can go here to upload/download files: http://www.smartgroups.com/vault/msofiles *************************************************************