[virusinfo] Weekly report on viruses and intrusions - 05/30 /04

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Sun, 30 May 2004 11:35:16 -0700

From; Oxygen3 24h-365d:

"The best way to make your dreams come true is to wake up."
               Paul Val=E9ry (1871-1945); French poet and writer.

                 - Weekly report on viruses and intrusions -
     Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 30 2004 - This week's report on viruses and intrusions will deal
with three worms: Bobax.D and the variants A and B of Korgo.

The D variant of the Bobax worm spreads via the Internet by exploiting the
security holes mentioned below in those computers that have not been
properly patched:

- RPC DCOM vulnerability, critical for Windows 2003/XP/2000/NT operating
systems.

- LSASS vulnerability. When it exploits the LSASS vulnerability, Bobax.D can
only affect and spread automatically to Windows XP/2000 computers that have
port 5000 open. However, computers with other Windows operating systems 
can also be a source of transmission when a malicious user runs the file
containing the worm in any of these computers.

Bobax.D carries out the following actions: it restarts the affected
computers and opens several random ports through which a remote user can 
use the affected computer as an SMTP mail server in order to send spam. 

The other two worms in this report are Korgo.A and Korgo.B, which like
Bobax.D, spread via the Internet by exploiting the LSASS vulnerability.

These two worms open and listen on the TCP ports 113, 3067 and 2041. In
addition, both worms attempt to connect to different IRC servers through
port 6667 and they are designed to prevent the system from shutting down.
Korgo.A and Korgo.B are 10,240 bytes in size when compressed with 
UPX v1.24, and 16,896 bytes in size once decompressed.

For further information about these and other computer threats, visit 
Panda Software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Compressed: Files, or groups of files, are compressed into another file
 so that they take up less space.

- Spam: Unsolicited e-mail, normally containing advertising. These messages,
usually mass-mailings, can be highly annoying and waste both time and
resources.

More technical definitions at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see ~ http://www.mwn.ca 
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
See my Anti-Virus pages
<http://www3.telus.net/mikebike/mikes_virus_page.htm>
<virusinfo-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
A Technical Support Alliance & OWTA Charter Member

Other related posts:

• » [virusinfo] Weekly report on viruses and intrusions - 05/30 /04

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---