Welcome in here.. Indonesian Blogsite by FUNderSec
Technologist [Umbrella of CyberUnderground Portal]

Macam - Macam Virus dari Tahun 2003 - 0day [Part 1]

Berikut macam-macam virus dari tahun 2003 sampai sekarang [/.part 1]

  • W32/Sober.C, a new Sober variant
first detected on 20 December 2003. This worm has gained
considerable momentum in recent days, particularly in German
speaking areas.

Risk:

Due to its distribution W32/Sober.C@mm is estimated to be
medium risk.

Recommended Reactions:

Users of F-Prot Antivirus should update their virus signature
files immediately. W32/Sober.C is detected by F-Prot
Antivirus using virus signature files dated 20 December 2003
and later. 

  • Common name: Jitux.A

Technical name: W32/Jitux.A.worm

Threat level: High


Type: Worm


Subtype: Trojan


Effects:

It spreads via MSN Messenger. It goes memory resident and sends messages every five minutes.



Affected platforms: Windows 2003/XP/2000/NT/ME/98/95



First appeared on: Dec. 30, 2003


In circulation? Yes



Brief Description





Jitux.A is a worm that spreads via the instant messaging program MSN Messenger in a message that only contains a link to the web page . When the user visits this web page, a file called JITUXRAMON.EXE is downloaded.


Once the file JITUXRAMON.EXE is run, the computer is affected. Jitux.A goes memory resident and sends the message specified above to all the active contacts in Messenger's Contact list every five minutes.



Visible Symptoms


Jitux.A is easy to recognize, as it reaches the computer when the user visits a link contained in a message received via MSN Messenger

  • Win32.HLLM.Foo.25632
(W32.Paylap@mm, Win32/Mimail.Variant.Worm, JS.Mimail.I)

The worm spreads as an attachment to a mail message.
The worm is using its own SMTP server.
To secure the launch of the attachment containing the worm's body named PATPAL.ASP.SCR the aggressor employs the so-called social-engineering technique. The subject YOUR PAYPAL.COM ACCOUNT EXPIRES and the message body, sent as if by the administrator of the on-line payment company PayPal, serve to persuade the user to open the infected file.

Mail format:

From:PayPal.com
To:donotreply@paypal.com
Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
Mail text:
Dear PayPal member,

PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address

<your@EMail.Address.is.here>

will be expiring within five business days....

Attached file: www.paypal.com.scr


The worm will be activated only if the user will open the false form!



Win32.HLLM.Foo.25632 is detected and disinfected by Dr.Web since November 14, 2003.
If the SpIDer Mail module is active, it protects against all messages infected by this worm.
INFORMATION COURTESY OF DR WEB SOFTWARE

  • Trojan.Xombe 
is a Trojan horse that has at least two components: a 4,096 byte downloader and a 27,136 byte Trojan. The downloader component will retrieve the Trojan file from a predetermined Web site.

The download component has been distributed in an unsolicited email, purporting to be a security update for Windows XP, sent by Microsoft.

The email has the following characteristics:

From: windowsupdate@microsoft.com
Subject: Windows XP Service Pack 1 (Express) - Critical Update.
Attachment: winxp_sp1.exe(4,096 KB)

The Trojan is packed with UPX.


Also Known As: Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x

INFORMATION COURTESY OF NORTON
Please note
Microsoft never send patches or updates via email. So users should become aware that any such message and related file attachment is probably an attempt to compromise the security of their systems.

  • W32/Bagle.A@mm 
a new mass-mailing
worm first detected on 18 January 2004. This worm has rapidly
gained momentum over the past 24 hours and has spread
considerably.

Risk:
Due to its distribution W32/Bagle.A@mm is estimated to be
medium risk.

Recommended Reactions:
Users of ALL Antivirus should update their virus signature
files immediately. W32/Bagle.A is detected by
Antivirus using virus signature files dated 19 January 2004
and later.

  • W32/Mydoom.A@mm,
a new mass-mailing
worm first detected on 26 January 2004. This worm has rapidly
gained momentum in the last few hours and has spread
considerably.

Risk:
Due to its distribution W32/Mydoom.A@mm is estimated to be
medium risk.

    0 komentar:

    Poskan Komentar

    FUNderSec Blogsite. Diberdayakan oleh Blogger.
     

    [.// FUNderSec Blogsite //.] Copyright © 2010 - 2012 | Template design by O Pregador | Powered by Blogger Templates

    Thanks For Visiting My Simple Blog, ^0^ I Love You All My Visitors And FUNderSec Fans. Dont Forget Come Here Again | FUNderSec |