03-01-06

06 01 more WMF virus files

map.wmf
the downloaded file as BKDR_AGENT.AXO
http://uk.trendmicro-europe.com/consumer/vinfo/encycloped...
and the emailattack is described here
A new WMF exploit file was spammed from South Korea to a targeted list of a few dozen high-profile email addresses.
The email urged recipients to open the enclosed MAP.WMF file - which exploited the computer and downloaded a backdoor from www.jerrynews[dot]com  BLOCK THIS
http://www.f-secure.com/weblog/#00000762
 
uses hacked php site
http://69.{BLOCKED}.171.122/test1.php, and download the file ID.EXE. The said file is detected by Trend Micro as TROJ_DLOADER.BIK.
http://uk.trendmicro-europe.com/consumer/vinfo/encycloped...
 
stupid to gives it file the name of the bot
Once successfully exploited, the said vulnerability allows this Trojan to download the file SDBOT05B.JPG from the following URL:
http://charmedma{BLOCKED}e.fr/sdbot05b.jpg
Trend Micro detects the downloaded file as WORM_SDBOT.DIC.
http://uk.trendmicro-europe.com/consumer/vinfo/encycloped...

0601 http://uk.trendmicro-europe.com/consumer/vinfo/encycloped...
Once exploited successfully, the said vulnerability allows this Trojan to open and listen to port 4444. Remote users can take advantage of this open port and have virtual control over the compromised system
 
runosk.wmf.
http://uk.trendmicro-europe.com/consumer/vinfo/encycloped...
 

01:36 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.