 3/29: Krynos-B Worm Drops Copy of Itself |
 |
|
|
|
|
|
3/29: Krynos-B Worm Drops Copy of Itself
March 29, 2005
Worm_Krynos.B propagates via peer-to-peer applications by dropping a .ZIP copy of itself in a certain folder. It may also spread via email by sending itself as an attachment. It gathers target recipients from files with the following extensions:
HTM
TXT
Users must be wary of the email it sends with the following details:
From:
security@microsoft.com
To:
(recipient email address harvested from affected system)
Subject: Microsoft Security Update
Message body:
"Vulnerability in Windows Explorer Could Allow Remote Code Execution (612827)"
Affected Software:
Impact of Vulnerability: Remote Code Execution
Importance: High
Maximum Severity Rating: Critical
Recommendation: Customers should apply the attached update at the earliest opportunity
Summary:
Who should read this document: Customers who use Microsoft Windows
X-Mailer: Secure Microsoft Client, Build 2.1
X-MimeOLE: Produced By Secure Microsoft Client V2.1
X-MSMail-Priority: High
X-Priority: 1 (Highest)
Attachment:
ARC
ARJ
GZ
LZH
TGZ
ZIP
ZOO
It avoids sending email to addresses containing any of several strings.
This worm also has backdoor capabilities, allowing remote users to access and perform malicious tasks on affected machines. It can also prevent affected users from accessing certain antivirus and security Web sites by modifying the HOSTS file.
Technical details can be found at Trend Micro page.
|
|
|
|
|
2/3: Trojan.Comxt-B Downloads Remote Files
9/7: MyWife-C a Mass-Mailing Worm
Information Theft Reaches Estimated $59 Billion
More Fortification For Code
Sony Bundles Backup and Disaster Recovery Solutions
12/7: Banker-BG Trojan Targets Brazilian Banks
Microsoft to Strike IE URL Passwords
FTC: Identity Theft, Fraud on the Rise
9/3: Worm Ends Antivirus Processes
IT Budget Woes Hampering Real-Time Responsiveness
10/29: Beagle@mm!CPL Detects Worms
Security Camera Product
 |
