Archive for December, 2006

New Years Emails install Rootkits

Saturday, December 30th, 2006

A newly spammed email sending users New Year’s Greeting is being spammed out from over 160 servers worldwide at a rate of 5 per second from some servers. The email contains a greeting and an executable file which when run installs malware hidden via 2 rootkits on the users PC.

The email can arrive with the subject “Happy New Year!” or newly created versions have “Fun Filled New Year” or “Sender Happy 2007!” as the subject.

There is no text in the message only an attachment. The attachment names vary from “postcard.exe” to ”greeting card.exe”.

When the attachmnt is run it installs malicious code variants of Tibs, Nuwar, Banwarum, Mixor and Glowa onto users PC’s.

Two rootkit files are installed to prevent the malware from being discovered.

The malware then infects many files and searches the users hard drive for email addresses and sends itself out to these email addresses hoping again to infect more people.

Beware New Year Greetings even from friends as they could be infected and because your email address is on their computer it may seem like a legitimate email.

Keep Safe,
regards

Steo
www.antirootkit.com

Posted in News, New Rootkits | No Comments »

Big Yellow worm is coming to get you….

Sunday, December 17th, 2006

A worm alert has been issued by Eeye Research. Dubbed Big Yellow the worm targets a vulnerability in the following Symantec products..Symantec AntiVirus 10.0.x for Windows (all versions)
Symantec AntiVirus 10.1.x for Windows (all versions)
Symantec Client Security 3.0.x for Windows (all versions)
Symantec Client Security 3.1.x for Windows (all versions)

Quote:
Overview:
The eEye Research honeypot network has recently detected a new worm that is actively exploiting a remote Symantec vulnerability originally discovered by eEye Research on May 24, 2006 and patched by Symantec on June 12, 2006. This vulnerability has been publicly exploited as early as November 30, but this is the first example of a worm leveraging this vulnerability for self-propagation. Generally, patch processes are not in place for non-Microsoft applications such as Symantec AntiVirus/Client Security, so many Symantec users may be at risk for this vulnerability throughout their networks. All enterprises running such software should assess their posture against this worm as soon as possible by validating that they have the latest version of Symantec AntiVirus/Client Security as well as blocking port tcp/2967 at the gateway to minimize attackable surface area.

More on this interesting development along with an indepth analysis of the worm code can be found on the Eeye Research Site http://research.eeye.com/html/alerts/AL20061215.html

Eeye provide a free copy of Blink Personal Edition to home users…

Blink® Personal EditioneEye Digital Security’s Blink® Personal Edition combines intrusion prevention, application and network firewall, identity theft protection, and vulnerability assessment into a single, unified client security solution. With Blink, you are ensured both proactive and reactive protection against the broad methods of attack and compromise used by hackers to gain access to your system and personal data.

Keep Safe,

regards
Steo

www.antirootkit.com

Posted in News, Other Malware | No Comments »