Weekly Report on Viruses and Intrusions

Jun 01, 2004 Channel Talk Comments (0)

The D variant of the Bobax worm spreads via the Internet by exploiting the security holes mentioned below in those computers that have not been properly patched:

* RPC DCOM vulnerability, critical for Windows 2003/XP/2000/NT operating systems.

* LSASS vulnerability. When it exploits the LSASS vulnerability, Bobax.D can only affect and spread automatically to Windows XP/2000 computers that have port 5000 open. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

Bobax.D carries out the following actions: it restarts the affected computers and opens several random ports through which a remote user can use the affected computer as an SMTP mail server in order to send spam.

The other two worms in this report are Korgo.A and Korgo.B, which like Bobax.D, spread via the Internet by exploiting the LSASS vulnerability.

These two worms open and listen on the TCP ports 113, 3067 and 2041. In addition, both worms attempt to connect to different IRC servers through port 6667 and they are designed to prevent the system from shutting down. Korgo.A and Korgo.B are 10,240 bytes in size when compressed with UPX v1.24, and 16,896 bytes in size once decompressed.

For further information about these and other computer threats, visit

Panda Software's Virus Encyclopaedia at: <http://www.pandasoftware.com/virus_info/encyclopedia/>

Additional information

Compressed: Files, or groups of files, are compressed into another file so that they take up less space.

Spam: Unsolicited e-mail, normally containing advertising. These messages, usually mass-mailings, can be highly annoying and waste both time and resources.

More definitions at: <http://www.pandasoftware.com/virus_info/glossary/default.aspx>

About PandaLabs

On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.

Add a Comment

No messages on this article yet

Other Resources

IT Reseller

Established since 1997, IT Reseller is the industry-leading journal for the channel, dedicated to providing cutting-edge news and advice on a wide variety of vertical technology sectors. The editorial comprises exclusive reports on technological and market trends, together with contributions by leading solutions vendors and research analysts; helping resellers, VARs, systems integrators and distributors to secure a competitive edge by running their business more efficiently and more profitably. Regular technology themes include: Automatic Data Capture, RFID, Convergence Technology/Comms, Cloud Computing, Printing & Labelling, Document Management, Networking and UPS.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter

Find us on Social Networks

Useful links

Weekly Report on Viruses and Intrusions

Add a Comment

Related Channel Talk Articles

How to contact us

Other Resources

IT Reseller

Find us on Social Networks

Useful links

Channel News

Technologies

Verticals

Weekly Report on Viruses and Intrusions

Add a Comment

Related Channel Talk Articles

Let the news come to you!

How to contact us

Other Resources

IT Reseller