Weekly virus report - Downloader.AC, Bookmark.C and Agent.A. Trojans and Exploit/URLSpoof
Posted on 19.01.2004
Exploit/URLSpoof is not cataloged as a virus, Trojan or worm, as it is HTML code which is included in a message or website to exploit a vulnerability in Internet Explorer. This security problem could allow a hyperlink to be crafted which if clicked, would access a different address from the one displayed in the browser address bar.

Over the last few days, there have been a lot of e-mails in circulation exploiting the URLSpoof vulnerability, aimed at tricking users into divulging confidential information, such as account numbers, user names, passwords or other secret codes. These false messages claim to have been sent from banks -like Citibank or Barclays- and tell users that due to an error, they should go to a web page to check their data. However, the web page that they access via the malicious link will channel any information entered to the attacker who will then be able to use it for fraudulent purposes.

Downloader.AC, on the other hand, is sent in spam, and has the subject: "PAYPAL.COM NEW YEAR OFFER", and includes an attachment: "PAYPAL.EXE". When the file is run, the Trojan connects to a web page and downloads a file called "Temp", which it runs and saves in the hard disk root directory.

The second Trojan we're looking at today is Bookmark.C, which carries out a series of actions on the affected computer, such as changing the home page in Internet Explorer and adding links to pornographic websites to the favorites folder. It also redirects the default search page in Internet Explorer and, in some computers, it displays an error message saying it couldn't find a file.

Finally, Agent.A is a Trojan which goes memory resident and listens on port 46204 and another generated at random. It tries to update itself by connecting to web pages, which actually don't exist.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //