Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jan 8th, 2009, 12:52pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Sinala.A, SdBot.BL and Webber.C		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Sinala.A, SdBot.BL and Webber.C  (Read 337 times)
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2913
Sinala.A, SdBot.BL and Webber.C
« on: Nov 17th, 2003, 9:06pm »		 Quote Quote  Modify Modify
A worm -Sinala.A-, and two Trojans -Sdbot.BL and Webber.C-. Sounds like Sinala is returning to origins, infecting floppy disks, plus the last one obviously written by a Varajet Carburettor fan, since it only attacks cars fitted with twin-downdraft 40's... Grin

Sinala.A spreads by exploiting the MHTML vulnerability in Outlook Express, which allows a hacker to send and run programs on the affected computer. It also spreads through P2P programs, in files with an EXE or SCR extension that have the same icon as AVI video files. This worm reaches computers in a message from demionklaz@hotmail.com, or from an address that it takes from the Outlook address book or MSN Messenger contact list on the affected computer. The file attached to this message, which infects the computer when it is run, is called ALANIS.EXE.
 
A clear indication that Sinala.A has infected a computer is a fake Windows error message displayed on screen. This malicious code also regularly checks if there is a floppy disk in the floppy disk drive and if there is, it copies files to it.  
 
Sdbot.BL mainly spreads via e-mail and IRC channels, in a message with an attached file. When this file is run, the Trojan goes memory resident and connects to a specific IRC channel. By doing this, it allows a hacker to carry out different actions on the affected computer, such as scanning and redirecting ports, downloading and running files and changing the security parameters in the Windows Registry and launching Denial of Service (DoS) attacks.
 
Sdbot.BL is difficult to identify, as it does not display any messages or warnings that indicate that it has reached a computer. However, if netshares are disabled or if certain programs that are running on the computer stop for no apparent reason, Sdbot.BL might have reached the computer.
 
Webber.C, when it is installed on a computer, downloads a file from the Internet. This files steals the passwords for accessing different services that are stored on the affected computer.
 
Webber.C has been spammed in an e-mail message that seems to have been sent from a financial entity. The subject of this message is always: "RE: Your credit application" and it includes an attachment called WWW.CITIBANKHOMELOAN.HTM.PIF. This file has a double extension, and is designed like a web page in order to trick the user into opening it, allowing Webber.C to infect the computer.
« Last Edit: Nov 17th, 2003, 9:07pm by Ian » IP Logged
... but crap arrives pretty much straight away.
claire
Stole All the Forum Stars
********



carpe diem

   


Gender: female
 Posts: 3479
Re: Sinala.A, SdBot.BL and Webber.C
« Reply #1 on: Nov 17th, 2003, 9:16pm »		 Quote Quote  Modify Modify
Thanks for the info Ian
IP Logged
Claire
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register