 3/29: Krynos-B Worm Drops Copy of Itself |
 |
|
|
|
|
|
3/29: Krynos-B Worm Drops Copy of Itself
March 29, 2005
Worm_Krynos.B propagates via peer-to-peer applications by dropping a .ZIP copy of itself in a certain folder. It may also spread via email by sending itself as an attachment. It gathers target recipients from files with the following extensions:
HTM
TXT
Users must be wary of the email it sends with the following details:
From:
security@microsoft.com
To:
(recipient email address harvested from affected system)
Subject: Microsoft Security Update
Message body:
"Vulnerability in Windows Explorer Could Allow Remote Code Execution (612827)"
Affected Software:
Impact of Vulnerability: Remote Code Execution
Importance: High
Maximum Severity Rating: Critical
Recommendation: Customers should apply the attached update at the earliest opportunity
Summary:
Who should read this document: Customers who use Microsoft Windows
X-Mailer: Secure Microsoft Client, Build 2.1
X-MimeOLE: Produced By Secure Microsoft Client V2.1
X-MSMail-Priority: High
X-Priority: 1 (Highest)
Attachment:
ARC
ARJ
GZ
LZH
TGZ
ZIP
ZOO
It avoids sending email to addresses containing any of several strings.
This worm also has backdoor capabilities, allowing remote users to access and perform malicious tasks on affected machines. It can also prevent affected users from accessing certain antivirus and security Web sites by modifying the HOSTS file.
Technical details can be found at Trend Micro page.
|
|
|
|
|
AT&T on DoS: Early Detection Equals Prevention
Feinstein Tightens ID Theft Proposal
5/11: Ifbo-A Worm Exploits LSASS Flaw
1/12: Kobot-B Worm Uses 3 Windows Flaws
Under the Radar: IM Emerging as a Stealth Threat
12/7: Banker-BG Trojan Targets Brazilian Banks
4/4: Mytob-C Worm Looks For Flaw
Network Security Management Market Heats Up
4/5: Mytob-W Worm Takes Remote Orders
nCipher Offers Shareable Hardware Security Module
4/12: Mytob-AR Yet Another Variant
Security Camera Industry Information
 |
