Latest news
This week's virus report looks at three Trojans and two variants of Linux/Slapper The first Trojan we will refer to today is Bck/RBackdoor, which, by default, opens communication port 4820 and assigns the password "redkod" to communications. When Bck/RBackdoor reaches a computer, it goes memory resident and waits for a Telnet connection -or a connection carried out with a similar program- to be established. Furthermore, Bck/Rbackdoor inserts an entry in the affected computer's Windows Registry in order to ensure it is run every time Windows is started up, and saves a file that contains the Trojan's code to the system.
The second Trojan is Trj/Nidra, which modifies the system configuration in order to activate every time a file with an EXE or TXT extension is run. When Trj/Nidra activates, it creates a process in memory which might cause affected computers to slow down. Finally, it saves two copies of itself - NOTEPAD.EXE and WINNDOW386.EXE- to the Windows system directory.
Trj/Nidra modifies several Windows Registry entries and creates others in order to ensure it is run every time the system is started up. Once Trj/Nidra has carried out its actions, it displays a message on screen.
The last Trojan we will deal with today is Inwi (Trj/Inwi), which, like the previous one, makes changes in the system to ensure that it is run every time a file with an .EXE or .TXT extension is opened. This Trojan also creates several files in the computer, including copies of itself, in order to steal data from the affected computer and send it to a certain e-mail address. Finally, the Trojan changes the Internet Explorer settings, including the default URL.
We will finish today's report with two variants (B and C) of Linux/Slapper, which appeared at the beginning of this week. Like their predecessor, these two new worms use a known buffer overflow vulnerability in the OpenSSL component of Apache Web servers installed on certain Linux distributions (some versions of Mandrake, SuSe, Slackware, RedHat, Debian and Gentoo). However, they differ from Linux/Slapper in the UDP port number they use to carry out attacks on affected computers (Linux/Slapper.B uses port UPD 1978 and Linux/Slapper.C port UPD 4156), and the Linux distributions subject to infection.
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
