Gusano que se propaga a todas las unidades activas del sistema comprometido, bien sean unidades extraibles o unidades mapeadas de red.
También establece comunicación con un servidor remoto utilizando una conexión HTTP.

• 0 Comments

Gusano que se propaga mediante unidades compartidas de red y que proporciona una puerta trasera en el sistema comprometido por la que un usuario remoto podrá ejecutar comandos en el sistema afectado.

• 0 Comments

Este gusano se intenta propagar a otros equipos mediante los dispositivos de almacenamiento externos conectados al equipo y las unidades compartidas de red.

• 0 Comments

Gusano que se propaga por correo electrónico. Consta de al menos tres componentes diferentes; dos decargadores y un emisor masivo. El primer descargador es un troyano que probablemente es enviado en forma de spam, y que descarga otro de los componentes del gusano.

• 0 Comments

Gusano que se propaga a las unidades con las letras C a F del sistema comprometido.
Además infecta los ficheros ejecutables del sistema.

• 0 Comments

Gusano de red, que infecta los SMB y WebDav y cambia el fondo de pantalla de Windows.

• 0 Comments

Gusano que contiene una función para robar credenciales de ciertos juegos en línea.

• 0 Comments

Gusano que deshabilita el centro de seguridad de Windows, deshabilita la protección de ficheros de Windows (WFP) y la comprobación de dichos archivos al iniciar sesión.
Se propaga a través del programa de mensajería instantanea MSN Messenger.

• 0 Comments

Four days after news of the recent Apple QuickTime vulnerability began to spread, a new proof-of-concept exploit, with a twist, has been published. While the shell code in the previous exploit was contained within a malicious RTSP data stream, this time the shell code is sent via JavaScript, separate from the stream.

Let’s break down how this might play out. A client requests a Web page from a malicious site. The page that is sent contains malicious shell code and a request for a QuickTime movie. If the client is using Internet Explorer, the shell code is written to a heap area for later use. Meanwhile, the browser receives the QuickTime movie and then opens it with QuickTime, creating an RTSP stream to the malicious server. Only the RTSP server in this scenario is hosting a hacked version, which actually sends back a stream that overwrites the stack in the client’s QuickTime install. The end of the buffer overflow then calls the shell code that was previously written to the heap, and voila!, the malicious code is executed.

This method of exploiting the vulnerability has its advantages and disadvantages. On the plus side, the server hosting the exploit must have a hacked RTSP server for this to work, since standard RTSP servers will not operate in this way. On the downside, this new exploit makes it much easier for attackers to use their own shell code in an attack using this vulnerability.

The good news is that this exploit is easily enough avoided by taking a few precautionary measures. Symantec antivirus products with the latest definitions will detect this threat as Trojan.Quimkids. We also recommend the following options if you’d like to further protect yourself from such attacks:

Prohibit the RSTP protocol on your networks
Unless there is a need for using this protocol, it is best to avoid it for the time being.

Disable QuickTime browser objects
If QuickTime ActiveX controls in Internet Explorer and plug-ins in Firefox are disabled, the exploit will not work.

Disable JavaScript where possible
If the script cannot execute, it cannot write shell code to the heap.

Avoid untrusted QuickTime files
If you’re unsure of the source of a QuickTime file, do not execute it.

Domo arigato to Kazumasa Itabashi for his work in analyzing this new exploit.

• 0 Comments

Gusano que una vez instalado intenta copiarse a sí mismo en todas las unidades removibles y en aquellas compartidas con contraseñas débiles.

También es capaz de cambiar la página de inicio del navegador Internet explorer.

• 0 Comments