Weekly Report on Viruses and Intruders - Saros.C worm and ComWar.M hostile mobile code
Posted on 10.03.2006
This week's report from Panda Software on the malicious code that has attracted most attention during the week focuses on three radically different examples of malware. One is a Trojan and the other two are worms, although with markedly different characteristics.

The first of these is the Saros.C worm, which, like others of its kind, causes security programs installed on systems to stop. This technique, by preventing antiviruses, firewalls and other security programs from operating, allows the malicious code to carry out its actions. It also prevents users from connecting to web pages (including those of antivirus companies).

In order to spread, Saros.C uses the now classic system of sending itself out by email; as well as using P2P file-sharing programs and the mIRC chat program. It can also spread across computer networks, which represents an additional risk for companies without protection in workstations and for the ever-increasing number of home networks.

The second malicious code in today's report, another worm, is called ComWar.M. This code is designed to spread via cell phones, although only those using the Symbian 60 series operating system.

To spread from phone to phone, ComWar.M uses MMS messages. Unlike the SMS system (which only uses text), MMS can be used to transmit multimedia files, such as images, text messages, videos, etc. In this case, this feature is exploited to attach and resend the infected file. Another system used by ComWar.M is transmission via Bluetooth, taking advantage of the direct connection between two phones.

Propagation of ComWar.M is very limited, as in order to receive the infected messages, users have to voluntarily accept them. This security measure is implemented in Symbian 60 series to prevent the spread of possible malicious code and therefore the classic precaution for PCs of not opening files from unknown or unreliable sources is particularly relevant for cell phones.

Finally, today's report looks at the Banking.G Trojan, which opens and listens on a random communication port. It also logs user keystrokes. The potential consequences of these actions are extremely serious, as Banking.G could enable the details that the victim uses to access online banking services to fall into the hands of hackers. All passwords (and other information, such as email addresses, IP addresses, etc) collected are sent to different servers for the hackers to collect.

This malware is yet another example of the danger inherent in the new types of malware, which are directly related to the world of cyber-crime. Hackers are no longer content with intruding on computers or deleting information, but are now engrossed in illicit use of IT resources.





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //