Spyware, viruses, & security forum: VIRUS \ Spyware ALERTS - April 12, 2008

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpoisonu.html?_log_from=rss

Category Viruses and Spyware

Type Malicious Behavior

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/malbehav218.html?_log_from=rss

OLE2 a popular malware delivery mechanism?

12 April 2008

OLE2 (Object Linking and Embedding v2) is a Microsoft container file format which can hold objects of various types in a similar fashion to that files on in a file system. Due to the complex nature of this document format many vulnerabilities in software which opens these files have been found (see CVE-2007-0913, CVE-2007-0870) and are being used by malware authors.

In recent weeks Ive noticed an increase of exploited Word, Excel and Powerpoint files being dealt with by SophosLabs and decided to graph the results. The graph indicates the number of unique samples of OLE2 files being detected by either the Troj/Maldoc or Exp/1Table.

More: http://www.sophos.com/security/blog/2008/04/1300.html

Category Viruses and Spyware

Type Trojan

Troj/IRCBot-ABJ is a Trojan with IRC backdoor functionality for the Windows platform.

Troj/IRCBot-ABJ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run Troj/IRCBot-ABJ copies itself to <System>\msmsgs.exe.

The following registry entries are created to run Troj/IRCBot-ABJ on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Oftice
<System>\msmsgs.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Oftice
<System>\msmsgs.exe

More: http://www.sophos.com/security/analyses/viruses-and-spyware/trojircbotabj.html