Heads Up
Results 1 to 5 of 5

Thread: Heads Up

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Exclamation Heads Up

    The following was posted on the SANS Internet Storm Center.

    We have a report that a new virus may be making the rounds being distributed via AOL chat.

    Details are sketchy so far but we have the following thanks to Alan and Chris.

    McAfee deletes the viruses but every time the user logs of and back onto the system it regenerates the batch file.

    User gets a chat via AOL

    "Checkout this JPEG" with a link

    After clicking the link it sends to everyone on their buddy list and creates the file

    C:xz.bat

    Contents of the file: it is set to disable MS security, firewall

    Creates 3 registry entries one of which is a service

    Hkey_local_machineSoftwareMicrosoftWindowsCurrent VersionRun

    Name :Strtax Data: lock.exe (Delete)

    Hkey_local_machineSoftwareMicrosoftWindowsCurrent VersionRun Services

    Name :Strtax Data: lock.exe (Delete)

    Hkey_UserSoftwareMicrosoftWindowsCurrent VersionRun Services

    Name :Strtax Data: lock.exe (Delete)

    After deleting those three keys and a reboot the xz.bat file stopped trying to reload itself.

    We have plenty of copies! Thanks!
    I haven't found any other info on this (but I haven't looked very hard)

    Cheers:
    DjM

  2. #2
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    People are going back to batch files.... interesting.

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    Yes, cuz it is very simple to create them. (and disassemble, and understand, and modife)


    //It is first step to creating of first prog//
    // too far away outside of limit

  4. #4
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    What would be a reason to go back ???

    When AV systems update, and the 'old' signatures are also updated, then does the AV no longer check for that particular vuln ??

    That is, is there a time limit on signatures, or else how do they stop the D/B for your AV going into multi GB size ???

    I know what I mean to say, the trick is ............. do YOU

    DAMN that wine :hic:
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  5. #5
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    There is an update on ISC, and they say the infection is an SDBot or Opanki worm variant(s). Both McAfee and Symantec pick 'em up, so far.

    Foxy, you just need better wine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides