KRYNOS.B worm - appears as a Microsoft Security update
Posted
Tuesday, March 29, 2005 8:32 AM
by
hwaldron
This worm uses email and P2P techniques to spread. It also has backdoor capabilities, allowing remote users to access and perform malicious tasks on affected machines. It can also prevent affected users from accessing certain antivirus and security Web sites by modifying the HOSTS file. Microsoft never distributes security updates by email.
KRYNOS.B worm - appears as a Microsoft Security update - Select Links Below:
Secunia Information on Krynos B
Trend Micro
Sophos
EMAIL FORMAT USED
From: security@microsoft.com
Subject: Microsoft Security Update
Message body:
* "Vulnerability in Windows Explorer Could Allow Remote Code Execution (612827)"
Affected Software:
* Impact of Vulnerability: Remote Code Execution
* Importance: High
* Maximum Severity Rating: Critical
* Recommendation: Customers should apply the attached update at the earliest opportunity
* Summary:
* Who should read this document: Customers who use Microsoft Windows
* X-Mailer: Secure Microsoft Client, Build 2.1
* X-MimeOLE: Produced By Secure Microsoft Client V2.1
* X-MSMail-Priority: High
* X-Priority: 1 (Highest)
Attachment: UPDATE.ZIP
This worm has the following backdoor capabilities:
* Get, upload, download, or delete a file
* List files in a folder
* Disconnect current user
* Restart the system
* Run a program
* Create or delete a folder