Latest news
The malicious code described in this week's report include a macro virus called Laroux.MW (X97M/Laroux.MW) and the following computer worms: Napp (W32/Napp), Lioten (W32/Lioten), Prestige.B (W32/Prestige.B) and Lentin.G (W32/Lentin.G).Laroux.MW spreads through previously infected spreadsheets, which automatically infect Excel templates (files with an XLS extension). Through this process it manages to infect all the Excel files that use this template or that are generated with it.
Laroux.MW contains one module called "xl5galary" and reaches computers through various means (e-mail messages, computer networks, CD-ROMs, Internet downloads, FTP, floppy disks, etc.).
Napp is a worm that modifies the files with an EXE extension that are stored on the A: drive, preventing them from functioning correctly. A clear indication that this worm has reached a computer is a fake Windows error message displayed on screen.
The second worm we will look at today is Lioten, which stands out for its capacity to spread rapidly across networks. In order to do this, it uses IP addresses and Windows passwords selected at random. Although this worm does not carry out any destructive actions, its large capacity to reproduce and spread can affect the performance of infected servers.
The third worm in this week's report is Prestige.B, which reaches computers in an e-mail message that is easy to recognize because its subject is: "Nuevas grietas del Prestige nos amenazan!", and the sender is: "Greenpace boletin@greenpace.org". The effects of variant B of Prestige are more annoying than damaging, as once it has carried out its infection it displays a message which prompts users to install a Plug-In (program update) that will allow them to view exclusive images of the Prestige oil tanker.
We are going to close this virus report with Lentin.G, a worm that spreads through e-mail messages with variable subject headings and includes an attached file, which carries out the infection. This file usually has a double extension. The first extension can be any of the following: PDF, GIF, PPT, JPG or DOC, whereas the second is always SCR the extension of screensavers, which this malicious code uses to disguise itself.
Lentin.G terminates several processes in affected computers, preventing various programs from functioning, such as antiviruses and firewalls. It also creates several files in the Windows system directory and creates entries and modifies a key in the Windows Registry.
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
