Posts Tagged ‘Instances’
July 19th, 2010 | 
Author: Just recently, reports were released about a new kind of malware propagating through removable drives. The said malware exploits a newly-discovered vulnerability in shortcut files, which allows random code to be executed on the user’s system. Microsoft has officially acknowledged the vulnerability and released a security advisory.
Our engineers were able to take hold of a sample of this malware, which is now detected as WORM_STUXNET.A, and analyze its routines. Here is a summary of their findings:
Propagation
Instead of dropping an AUTORUN.INF file and a copy of itself into removable and fixed drives, WORM_STUXNET.A drops a .LNK file—a shortcut file that points to an executable file—into the drives instead. The dropped .LNK file exploits this vulnerability to drop a new copy WORM_STUXNET.A onto other systems. Trend Micro detects these .LNK files as LNK._STUXNET.A.
Stealth Capabilities
Apart from dropping copies of itself onto removable drives, this worm also drops a rootkit, which is now detected as RTKT_STUXNET.A, which it uses to hide its routines. This enables the worm to remain unnoticed by the user and to make analysis harder for researchers.
Football Connections
WORM_STUXNET.A was also found attempting to connect to certain websites, which were, interestingly enough, related to football. The purpose of the said routine remains undetermined, as our engineers found no trace of malicious activities on the said sites.
This new method of dropping .LNK files is yet another development in terms of how worms propagate through removable drives. Just recently, we reported about the use of the AUTORUN.INF Action Key to automatically execute malicious files.
Despite the numerous potential techniques for proliferation being offered by the Web, USB malware continue to be distributed by cybercriminals, which only proves their effectiveness. This type of malware was further discussed in the article “Understanding USB Malware.”
Because the vulnerability has to do with how Windows processes the shortcut icons, one suggested workaround is to disable displaying icons for all shortcuts. Procedures on how to do this are contained in the Microsoft security advisory.
Trend Micro users are already protected from this type of malware through the Trend MicroTM Smart Protection NetworkTM. Other users may also use our free cleanup tools such as HouseCall.
Post from: TrendLabs | Malware Blog - by Trend Micro
USB Worm Exploits Windows Shortcut Vulnerability
Posted in Uncategorized | 
Tags: 1 Billion, 6 Digits, Adobe Flash Player, Adult Content, Affected Systems, Attempts, Autorun Inf, Backdoor Programs, Backdoors, Bad Guys, Badness, Best Guess, Bifrost, Billing Statement, Blackhat Seo, Bonus, Botnet, Bp, Bp Oil Spill, British Actress, Business Users, Clue, Code Execution, Competitions, Compromise, Confusion, Creators, Credentials, Credit Card Information, Credit Debit, Criminal Underworld, Criminals, Cybercriminals, Daily Basis, Debit Cards, Dedication, Dela Vega, Email Account, Email Accounts, Email Addresses, Email Contacts, Enter Key, Executable File, Existence, exploit, Exploits, Explosion Rocks, Explosions, Explosives, facebook, Flash Memory, Followers, Football Match, Free Web Hosting Sites, Gaza, Hassle, Holly Davidson, Honda, Implementation, Initial Price, Instances, Interesting Fact, Internet Activities, Internet Hoaxes, Internet Tutorials, Investigations, June 21, Keen Eye, Key Role, Lenovo, Lnk File, Lnk Files, Localization Techniques, Magnetic Strip, Malicious Activities, Malicious Files, Malicious Programs, Malicious Purposes, malware, Massive Explosion, Medium Sized Business, Mel Gibson, Memory Sale, Microsoft Office, Microsoft Windows 2000, Minded Friends, Mms, Network Accounts, New Malware, News Flash, News Reporter, Nickname, Nikkon, Office Xp, Official Forum, Online Games, Optimization Seo, Os Users, Outlook 2002, passwords, Pc Manufacturer, Personal Identification Number, Phone Number, Phrase, Pin Code, Point Of Sale, Poison Ivy, Pornography, Pos Hardware, Pos Terminal, Potential Victims, Ppi, Prc, Previous Versions, Profile Company, Proliferation, Prominence, Proof, Propagation, Proxy, Pub In London, Python Libraries, Python Script, Query Results, R2, Random Code, Real World, Reality Tv, Receipt, Recent Developments, Removable Drives, Researcher, rootkit, Russian Origin, S System, Sancho, Scams, Scooter Honda, Search Engine Optimization, Search Engines, Search Keywords, Search Terms, Security Bulletins, Security Updates, Send Spam, Sending Messages, Service Pack 3, Shortcut Files, Sms Content, Social Engineering, social networking, Social Networks, Sole Purpose, Sp2 Systems, Stealth Capabilities, Sunday Afternoon, Support Materials, Swipe, These Patches, Time In Moscow, Tool Kit, Top Internet, Trend Micro, Tv Celebrity, Tweets, Twitter, Two Windows, Unauthorized User, Underground Forum, Unpopulated Areas, Urgent News, User Names, Variants, Virtual Currency, vulnerability, Web Hosting Sites, Web Page, Weird Concept, Windows Security, worm, Worms, Youtube, Zbot, zero-day | 
No Comments »
Text scams are increasingly becoming common again due to the forthcoming Philippine national and local elections, as political campaigns take to rampant text messaging for faster political mobilization. Earlier, I received a text message with the following content:
May GOD bountifuly bles u & ur family. Have a blissful day Fr Frends of UNI-MAD Party List, United Movement Against Drugs no.181′Luv ur famly, say NO 2 drugs.
According to the Philippine National Statistical Coordination Board, the National Telecommunications Commission (NTC) reported an average of 250 million text messages sent daily in 2005. A more updated study reported an upsurge, which more than doubled the said figure in 2009, along with a growth in the number of mobile phone users (i.e., over 63 million).
Numbers such as these in a country known as the “text capital of the world” set the stage for the proliferation of texts scams such as one that features the following message:
CONGRATULATIONS!!!Your # WON TOYOTA AVANZA car w/ 300thou via electronic last Dec.21,2009. For details,please call now Rene Samonte. of Phil. Info. Center on this #.
As similar instances of text scams have already occurred in the past, it is best to take heed and be wary of your mobile phone activities before you fall prey to potential text scams.
Posted in Security, Technology |
Tags: Bles, Frends, Instances, Local Elections, Mad Party, Mobile Phone Users, National Statistical Coordination Board, National Telecommunications, Ntc, Political Campaigns, Political Mobilization, Proliferation, Scams, Statistical Coordination, Telecommunications Commission, Text Message, Text Messages, Text Messaging, Toyota Avanza, Ur Family |
No Comments »
Apple is working already on a fix for various problems Snow Leopard users ran into after updating to the new operating system. Only a week after introducing Snow Leopard, Apple began seeding to developers an update addressing stability and compatibility issues.
Read the rest of this entry »
