Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 29th, 2008, 5:28pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   W32/Mapson, W32/Lentin.R & W32/Naco.F		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: W32/Mapson, W32/Lentin.R & W32/Naco.F  (Read 390 times)
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
W32/Mapson, W32/Lentin.R & W32/Naco.F
« on: Jun 13th, 2003, 9:40pm »		 Quote Quote  Modify Modify
Here are a few more to watch out for...
 
It seems that P2P (KaZaA et al) is becoming a favourite transfer channel - many of the recent worms use it. Plus, check your firewalls - one of this week's batch is a DoS-bot.
 
Three worms Mapson (W32/Mapson), Lentin.R (W32/Lentin.R) and Naco.F (W32/Naco.F)
 
Mapson is a malicious code that originated in Mexico and spreads via e-mail, using what has been dubbed 'social engineering'. The e-mail carrying Mapson has variable subjects, message texts, sender's address and attached files.
 
Mapson can also spread through P2P (peer to peer) file-sharing applications such as KaZaA or Morpheus. In order to do this, in the shared directories of these programs, it creates a large number of files that suggest they contain images of celebrities, computer programs, etc. When it first appeared, Mapson caused a large number incidents in Spanish-speaking countries.
 
Lentin.R is a dangerous worm, as it can end the active processes in affected computers and send confidential information to the virus author via e-mail. This worm spreads in an e-mail message with highly variable characteristics and is automatically run when the message carrying the worm is viewed through the preview pane in Outlook. In order to do this, it exploits a vulnerability in Internet Explorer (versions 5.01 and 5.5).
 
It is also programmed to launch denial of service attacks (DoS) against five websites. This worm also checks if the compromised computer is an IIS (Internet Information Server). If it is, this malicious code modifies the files with an HTM or HTML in the root directory by adding two links to a web page created by the author of the worm.
 
Naco.F is a worm that is designed to end the processes and delete the files associated to different antivirus and security applications. In order to spread, it sends a copy of itself to all the contacts in the Windows address book in an e-mail message with variable subjects and message texts. However, the attached file is usually called CSRSS32.exe.
IP Logged
... but crap arrives pretty much straight away.
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register