myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron - My IT Forums Blog

Sharing Security Developments, and Best Practices for corporate and home users

Banwarum Worm - Offers Tickets for the WORLD CUP?

There are no free lunches or World Cup tickets available by email offers of this type.  The text of the message is in German and this new worm exploits vulnerabilities in MS04-007.  Users should be cautious with all email messages.

Banwarum Worm - Offers Tickets for the WORLD CUP?
http://www.f-secure.com/weblog/archives/archive-052006.html#00000885
http://secunia.com/virus_information/29439/banwarum/
http://secunia.com/virus_information/29440/banwarum.dll/
http://secunia.com/virus_information/29438/ranchneg.a/

Diagram of worm behavior 
http://www.trendmicro.com/vinfo/images/WORM_RANCHNEG_A_BD.gif

W32.Banwarum@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm also spreads through the network by exploiting the Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability (as described in Microsoft Security Bulletin MS04-007). The worm also opens a back door via HTTP access.

Published May 26 2006, 03:20 AM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems