Ian
Stole All the Forum Stars
Good things come to those who wait ...
Posts: 2913
|
 |
Mimail.B, Gaobot.L, variants 'A' and 'B' of Neroma
« on: Sep 19th, 2003, 10:03pm » |
 Quote  Modify
|
Mimail.B, Gaobot.L, variants 'A' and 'B' of Neroma.
Mimail.B is a worm with Trojan characteristics that spreads via e-mail in a message with the subject 'Fraudulent escrow service' and the attached file 'INFO.ZIP'. Mimail.B also logs keystrokes.
In order to infect as many computers as possible, Mimail.B exploits the Internet zone (Internet Explorer) and MHTML (Outlook Express) vulnerabilities. These flaws allow hackers to run code in the local area of the affected computer.
Gaobot.L is a worm with backdoor characteristics that only infects Windows XP/2000/NT computers. It exploits the RPC DCOM and WebDAV vulnerabilities to infect as many computers as possible. Gaobot.L also spreads by attempting to copy itself to network shared resources. It gains access to these shared resources by using passwords that are typical or easy to guess. Once it is run, Gaobot.L connects to a specified IRC server through the port 9900 and waits for control commands.
As a backdoor, Gaobot.L could allow an attacker to obtain information on the affected computer, run files, launch distributed denial of service (DDoS) attacks, upload files by FTP, etc. It also ends processes belonging to Nachi.A, Autorooter.A, Sobig.F and several variants of Blaster.
Neroma.A and Neroma.B are two worms that spread via e-mail. They send themselves out to all the contacts in the Outlook Address Book in the affected computer. The e-mail message is written in English and it refers to the attacks in New York on September 11 2001. In addition, both worms modify an entry in the Windows Registry, in computers with Windows XP/2000/NT.
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register