Spyware Warrior

[wawadave]

M WORM CRAWLS THROUGH JPEG HOLE
Attack largely unsuccessful, but security experts warn of more to
come.
http://www.net-security.org/news.php?id=6191

LARGE SCALE IM VIRUS ATTACK FEARED
Security researchers are seeing the first signs of a large-scale
virus attack taking advantage of a known flaw in the way JPEG images
are processed in Microsoft Windows products.
http://www.net-security.org/news.php?id=6187

slow week so far!
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

1. 10/4: Korgo-Q Worm Hits Windows
W32/Korgo-Q is a network worm for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,15le,1,hgz6,gbb3,9s3s,a9gz

. 10/4: Rbot-LD Worm Enables Access
W32/Rbot-LD is a worm that attempts to spread to remote network shares and allows
unauthorized remote access to the computer via IRC channels.
http://nl.internet.com/ct.html?rtr=on&s=1,15le,1,gpda,4wg3,9s3s,a9gz
------------------------------------------------------------
4. 10/4: Rtkit-B Trojan Allows Hacking
Backdoor.Rtkit.B is a backdoor server program that allows a remote attacker to perform
various actions on an infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,15le,1,ijuw,bspv,9s3s,a9gz
------------------------------------------------------------
5. 10/4: Sdbot-PV an IRC Backdoor Trojan
W32/Sdbot-PV is an IRC backdoor that can spread via IPC shares protected by weak
passwords.
http://nl.internet.com/ct.html?rtr=on&s=1,15le,1,abcf,9il5,9s3s,a9gz
------------------------------------------------------------
6. 10/4: Bagz a Mass-Mailing Worm
W32.Bagz@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email
addresses gathered from the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,15le,1,6vxw,m61s,9s3s,a9gz
------------------------------------------------------------
7. 10/4: XM97/Crex-C an Excel Macro Virus
XM97/Crex-C is an Excel Macro virus that will spread to any open workbooks after the
viral macro is loaded.
http://nl.internet.com/ct.html?rtr=on&s=1,15le,1,d4mh,eaaf,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

Madrid, October 4 2004 - For the fourth month running, the Downloader.GK
Trojan has infected more computers than any other malicious code, according
to the data gathered by Panda ActiveScan the free, online scanner.

In September, the Downloader.GK Trojan was responsible for 21.32 percent of
infections. Next came Mhtredir.gen (6.64%) a generic detection for a large
family of Trojans. In third and fourth place came two well-known worms:
Netsky.P (5.78%) and Sasser.ftp (5.53%) -which includes all the Sasser worms
that download to computers via ftp. Gaobot.gen (4.62%) the generic detection
of this family of worms was in fifth place while sixth and seventh place
were filled by the Trojans Briss.A (4.01%) and StartPage.FH (3.96%). The
final places in the ranking included Mabutu.A (3.25%) and the Trojans
Qhost.gen (3.19%) and Downloader.JH (2.9%).

The following conclusions can be drawn from the data collected by Panda
ActiveScan last month:

- Trojans still going strong. The trend of recent months continues with
Trojans occupying more than half of the ranking. This is symptomatic of an
increase in the activity of cyber-criminals on the Internet using Trojans as
tool.

- Software vulnerabilities are once again a threat. Four of the Top Ten use
vulnerabilities in commonly used applications to infect computers, which
highlights the number of users that haven't applied the corresponding
patches. This is particularly concerning now with the discovery of the
Exploit/MS04-028 vulnerability, which affects the viewing of JPEG files and
will no doubt be used by numerous malicious code in the future.

To help as many users as possible keep their systems virus free, Panda
Software offers Panda ActiveScan, free of charge, at
http://www.pandasoftware.com/.Webmasters who would like to include
ActiveScan on their websites can get the HTML code, free of charge, from
http://www.pandasoftware.com/partners/webmasters/

Panda Software also offers users Virus Alerts, an e-bulletin in English and
Spanish that gives immediate warning of the emergence of potentially
dangerous malicious code. To receive Virus Alerts just visit Panda
Software's website (http://www.pandasoftware.com/) and complete the
corresponding form in the Virus Alerts section.

For more information about these and other viruses, visit Panda Software's
Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's
free online scanner: 1)Downloader.GK; 2)Mhtredir.gen; 3)Gaobot.gen;
4)Mabutu.A; 5)Sasser.ftp.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

10/5: PWStealLdpinch-C Trojan Steals Info
PWSteal.Ldpinch.C is a password stealing Trojan horse program that attempts to steal
information from an infected computer and send it to a remote attacker.
http://nl.internet.com/ct.html?rtr=on&s=1,15oy,1,db6g,afkz,9s3s,a9gz
------------------------------------------------------------
4. 10/5: Forbot-AV a Network Worm, Trojan
W32/Forbot-AV is a network worm and backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,15oy,1,f5zh,15np,9s3s,a9gz
------------------------------------------------------------
5. 10/5: Downloader.Lunii a Trojan Horse
Downloader.Lunii is a Trojan horse program that attempts to download remote files,
terminate adware products, and delete files.
http://nl.internet.com/ct.html?rtr=on&s=1,15oy,1,ll65,273,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

10/6: Bagz-B a Mass-Mailing Worm
W32.Bagz.B@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the
email addresses gathered from an infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,15sx,1,juyn,de4d,9s3s,a9gz
------------------------------------------------------------
5. 10/6: W97M.Prece-A a Macro Virus
W97M.Prece.A is a macro virus that modifies Microsoft Word configuration settings,
deletes files, and infects Microsoft Word documents and the Normal.dot template.
http://nl.internet.com/ct.html?rtr=on&s=1,15sx,1,lbh8,57fh,9s3s,a9gz
------------------------------------------------------------
6. 10/6: Webus-B Trojan Kills Security Apps
Trojan.Webus.B is a Trojan horse program that kills antivirus services and launches
Distributed Denial of Service (DDoS) attacks against a list of remote servers.
http://nl.internet.com/ct.html?rtr=on&s=1,15sx,1,kzn4,e09f,9s3s,a9gz
------------------------------------------------------------
7. 10/6: Agobot-ZV a Network Worm, Trojan
W32/Agobot-ZV is a network worm and backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,15sx,1,2fwi,dqby,9s3s,a9gz
------------------------------------------------------------
8. 10/6: JPGTrojan-C Exploits JPEG Flaw
JPGTrojan.C is a program that allows a person to create images in JPG format that exploit
the vulnerability described in the Microsoft bulletin MS04-028, Buffer Overrun in JPEG
processing.
http://nl.internet.com/ct.html?rtr=on&s=1,15sx,1,d3q8,ficv,9s3s,a9gz
------------------------------------------------------------
9. 10/6: Rbot-LT Worm Has Trojan Functions
W32/Rbot-LT is a network worm that contains IRC backdoor Trojan functionality, allowing
unauthorized remote access to the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,15sx,1,4jvq,b57e,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

[wawadave]

hree Worms Run Top 20 Virus Report
The Bagle, Netsky and MyDoom families of worms still are so powerful that they account
for 16 out of the 20 viruses in one company's monthly report.
http://nl.internet.com/ct.html?rtr=on&s=1,15x0,1,43jw,ed82,9s3s,a9gz
3. 10/7: Keylogger-Pro a Hacking Tool
Keylogger-Pro is a hacking tool.
http://nl.internet.com/ct.html?rtr=on&s=1,15x0,1,5p49,18nk,9s3s,a9gz
------------------------------------------------------------
4. 10/7: Bagz-A is a Mass-Mailing Worm
Worm_Bagz.A is a memory-resident, mass-mailing worm that uses SMTP (Simple Mail Transfer
Protocol) to propagate.
http://nl.internet.com/ct.html?rtr=on&s=1,15x0,1,ku75,a8k2,9s3s,a9gz
------------------------------------------------------------
5. 10/7: Fili VB Worm Spreads Via Outlook
W32.Fili@mm is a generic Visual Basic worm that propagates via Microsoft Outlook and
through peer-to-peer file-sharing networks.
http://nl.internet.com/ct.html?rtr=on&s=1,15x0,1,2q8k,ikj3,9s3s,a9gz
------------------------------------------------------------
6. 10/7: Darby-G a Multi-Lingual Worm
W32/Darby-G is a multi-lingual email, IRC and peer-to-peer worm.
http://nl.internet.com/ct.html?rtr=on&s=1,15x0,1,bdh8,jj8x,9s3s,a9gz
------------------------------------------------------------
7. 10/7: Rbot-LY a Worm and Backdoor Trojan
W32/Rbot-LY is a network worm and backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,15x0,1,3u10,6vfh,9s3s,a9gz
------------------------------------------------------------
8. 10/7: Forbot-AY Worm Hits Remote Shares
W32/Forbot-AY is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,15x0,1,330f,b2qb,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

Madrid, October 8, 2004 - Today's report will focus on JPGTrojan.C and
Keylogger-Pro.

JPGTrojan.C is a program that allows JPG images to be created which exploits
the Buffer Overrun in JPEG processing vulnerability (described in the
Microsoft bulletin MS04-028).

The malicious JPG images generated JPGTrojan.C are distributed through
different means. When one of these images is opened using a vulnerable
application, the code it contains is run. The effects of opening an image
created by JPGTrojan.C include the following:

- Add a new user and assign this user administrator rights.

- Specify that a port must be opened, allowing remote access to the affected
computer.

- Specify a remote IP address and port and establish a connection.

- Download an executable file from the Internet and run it on the affected
computer.

However, some of these actions can only be carried out if the English
operating system is used or if a specific version of the Dynamic Link
Library GDIPLUS.DLL is installed.

Keylogger-Pro is a hacking tool that allows keystrokes to be captured
(allowing it to capture passwords, chat conversations, data entered in
specific windows, etc.). It sends the information it obtains to an email
address.

Keylogger-Pro can be installed on a computer without the user realizing.
This program does not pose a danger in itself but can be used for malicious
purposes.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/.

Additional information

- Hacking tool: Program that can be used by a hacker to carry out actions
that cause problems for the user of the affected computer (allowing the
hacker to control the affected computer, steal confidential information,
scan communication ports, etc.).

More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

1. 10/8: Trojan.AdRmove Deletes Files
Trojan.AdRmove is a Trojan horse program that attempts to delete files and registry
entries of known adware programs.
http://nl.internet.com/ct.html?rtr=on&s=1,160k,1,gyxp,4wg2,9s3s,a9gz
------------------------------------------------------------
2. 10/8: Nemsi-A Virus Infects EXE Files
Nemsi.A is a virus that infects EXE files using the prepending method.
http://nl.internet.com/ct.html?rtr=on&s=1,160k,1,azd,f2q4,9s3s,a9gz
------------------------------------------------------------
3. 10/8: Pikis-B Worm Spreads in Attachments
W32/Pikis-B is a worm that spreads by emailing itself is an attachment to addresses
harvested from the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,160k,1,9cyg,cqhw,9s3s,a9gz
------------------------------------------------------------
4. 10/8: Sdbot-PZ a Network-Aware Worm
W32/Sdbot-PZ is a backdoor Trojan and network aware worm that runs in the background as a
service process and allows unauthorized remote access to the computer via IRC channels.
http://nl.internet.com/ct.html?rtr=on&s=1,160k,1,k8vq,a76g,9s3s,a
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

Madrid, October 9, 2004 - This week, Oxygen3 24h-365d has focused on the
news summarized below, which can be accessed at:
http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp.

- Top Ten viruses most frequently detected by Panda ActiveScan in September
(10/04/04).
For the fourth month running, the Downloader.GK Trojan infected more
computers than any other malicious code, according to the data gathered by
Panda ActiveScan the free, online scanner. In September, the Downloader.GK
Trojan was responsible for 21.32 percent of infections. This Trojan was
followed a long way off byMhtredir.gen (6.64%) Netsky.P (5.78%) and
Sasser.ftp (5.53%).

- Update for Firefox (10/05/04).
The Mozilla Foundation has released an update for the Firefox browser to fix
a serious security problem. The corrected vulnerability could allow an
attacker to delete files from the download directory of the affected
computer. User interaction is needed to exploit this security problem.

- Buffer overflow in QuickTime Streaming Server (10/06/04).
A vulnerability has been detected in QuickTime Streaming Server, which could
allow arbitrary code to be run on affected systems. In order to resolve this
problem, Apple has released an update that is included in Security Update
2004-09-30.

- Contents disclosure in ColdFusion MX 6.1 on IIS (10/07/04).
According to SecuriTeam, a vulnerability has been detected in input
validation in ColdFusion MX 6.1 -on Internet Information Server(IIS)-.
Macromedia has published an update to correct the problem, which could make
it possible to view the content of files stored under the web root,
bypassing access restrictions configured in the ISS management system.

- Microsoft investigates a reported vulnerability in ASP.NET (10/08/04).
Microsoft is studying a security problem in ASP.NET that could allow an
attacker to access protected web content, without needing authentication.
The vulnerability would affect all versions of ASP.NET, regardless of the
version of Internet Information Server (IIS) installed or the version of the
IIS components.

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd