Weekly Virus Report - Laroux Macro Virus, Napp, Lioten, Prestige and Lentin Worms
Posted on 20.12.2002
The malicious code described in this week's report include a macro virus called Laroux.MW (X97M/Laroux.MW) and the following computer worms: Napp (W32/Napp), Lioten (W32/Lioten), Prestige.B (W32/Prestige.B) and Lentin.G (W32/Lentin.G).

Laroux.MW spreads through previously infected spreadsheets, which automatically infect Excel templates (files with an XLS extension). Through this process it manages to infect all the Excel files that use this template or that are generated with it.

Laroux.MW contains one module called "xl5galary" and reaches computers through various means (e-mail messages, computer networks, CD-ROMs, Internet downloads, FTP, floppy disks, etc.).

Napp is a worm that modifies the files with an EXE extension that are stored on the A: drive, preventing them from functioning correctly. A clear indication that this worm has reached a computer is a fake Windows error message displayed on screen.

The second worm we will look at today is Lioten, which stands out for its capacity to spread rapidly across networks. In order to do this, it uses IP addresses and Windows passwords selected at random. Although this worm does not carry out any destructive actions, its large capacity to reproduce and spread can affect the performance of infected servers.

The third worm in this week's report is Prestige.B, which reaches computers in an e-mail message that is easy to recognize because its subject is: "Nuevas grietas del Prestige nos amenazan!", and the sender is: "Greenpace boletin@greenpace.org". The effects of variant B of Prestige are more annoying than damaging, as once it has carried out its infection it displays a message which prompts users to install a Plug-In (program update) that will allow them to view exclusive images of the Prestige oil tanker.

We are going to close this virus report with Lentin.G, a worm that spreads through e-mail messages with variable subject headings and includes an attached file, which carries out the infection. This file usually has a double extension. The first extension can be any of the following: PDF, GIF, PPT, JPG or DOC, whereas the second is always SCR the extension of screensavers, which this malicious code uses to disguise itself.

Lentin.G terminates several processes in affected computers, preventing various programs from functioning, such as antiviruses and firewalls. It also creates several files in the Windows system directory and creates entries and modifies a key in the Windows Registry.





Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //