Be On Guard for a False Klez Fix
Posted on 16.05.2002
Bookmark and Share
Kaspersky Labs warns computer users about a distribution by an unknown malicious person of the Trojan program "TrojanDownloader.Win32.Smokedown", which is hidden under the guise of a cure for the Klez Internet-worm.

This malicious program was distributed via email. The infected message has an HTML format and harbors the following characteristics:



Subject:

You're under a serious threat!

Message Text:

Kaspersky Labs urging users to take the necessary measures to protect themselves against the mounting threat from the latest version of the Internet-worm Klez, most users lightly regarded the problem of securing their personal data, resulting in a global Internet virus epidemic. Over the past several days our technical support services have received over twelve thousand inquiries concerning Klez Internet worm infections.



The sender is shown as "Kaspersky Labs" and the address shown is "support@kaspersky.com". In actuality the anonymous evildoer sent out this malicious program from a mail server located in Australia and the aforementioned sender information was deliberately falsified.

The message body also contains a disguised Java script that imperceptibly loads the Trojan horse "Smokedown" from a remote server and installs it on the user's computer. To complete this the malicious code exploits a vulnerability in the Internet Explorers security system that was first revealed in March 2001 and described in the Microsoft bulletin found here:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.

The patch for this vulnerability can be downloaded from the following address: http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp

At this time Kaspersky Labs has not registered actual contaminations from "Smokedown", regardless we recommend users proceed with extreme care if they receive an email containing the contents described above.





Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //