FYI, This is for your information and does not need to be discussed on the
list.
Thanks
Jenny Kernan
List Mom
----- Original Message -----
From: "Oxygen3 24h-365d" <oxygen(a)PANDASOFTWARE.COM>
To: <OXYGEN3COM(a)OXYGEN3.PANDASOFTWARE.COM>
Sent: Friday, January 04, 2002 8:40 AM
Subject: Oxygen3 24h-365d [Weekly Virus Report - 01/06/02]
"One may say the eternal mystery of the world is its
comprehensibility."
Albert Einstein (1879-1955); German-born U.S. physicist.
- Weekly Virus Report -
Oxygen3 24h-365d, by Panda Software (
http://www.pandasoftware.com)
Madrid, January 6 2002 - Our first weekly virus report of 2002 looks at
two
variants of the W32/Madal worm and a Trojan - Bck/NetSpy.10.E.
W32/Maldal's two variants -D and G- spread via e-mail in a message with a
variable subject field and with the attached file, DEFAULT.EXE. Both worms
create an entry in the Windows registry to ensure that they are run when
the
system is started up or restarted. They also send themselves to
other
addresses and delete certain files or directories.
W32/Maldal.G is compressed with conASPack and when run, copies itself to
the
Windows system directory under the name ZACKER.EXE.
The second malicious code we will look at today is Bck/NetSpy.10.E, a
Trojan
which gives remote access to the affected system from any other
computer,
allowing a client-server type connection which the victim will not notice.
The attacker would be able to access all hard disk drives and also send
messages.
When the Bck/NetSpy.10.E server program is run, it saves a copy of itself
in
C:\WINDOWS\SYSTEM under the name NETSPY.EXE. It also creates a
Windows
registry key to run on future start-ups. Finally, the Trojan opens TCP
communication port 7306 through which it listens to the service requests
coming from the client program.
For more information on these and other viruses, go to Panda Software's
Virus Encyclopedia at:
http://www.pandasoftware.com/enciclopedia/
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d:
Send a message to the following address:
oxygen3com-SIGNOFF-REQUEST(a)oxygen3.pandasoftware.com .
Or click on: mailto:oxygen3com-SIGNOFF-REQUEST@oxygen3.pandasoftware.com
and send
the message.
To contact with Panda Software, please visit:
http://www.pandasoftware.com/com/pandacorp/pandaworldwide.asp
------------------------------------------------------------
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at
http://mail.yahoo.com