March 19, 2010
Hot topics :

Trojan Allows Unauthorized Computer Access

Troj/Prorat-D is a backdoor Trojan that may allow unauthorized access and control of the computer from a remote network location.

Upon execution, Troj/Prorat-D drops copies of itself into the Windows System or System32 folder using one or more of the filenames FSERVICE.EXE, FFSERVICE.EXE, DSERVICE.EXE, LSERVICE.EXE, SSERVICE.EXE and WSERVICE.EXE.

Troj/Prorat-D adds the following registry entries so that it is run on startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Reg Services = C:\\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Reg Services = C:\\
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell = Explorer.exe C:\\
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
Windows Reg Services = C:\\
DirectX for Microsoft Windows = C:\\
HKLM\Software\Microsoft\Active Setup\Installed Components\
[A75aed00-d7bf-11d1-9947-00c0Cf98bbc9]\
StubPath = C:\\
HKLM\Software\Microsoft\Active Setup\Installed Components\
[5Y99AE78-58TT-11dW-BE53-Y67078979Y]\
StubPath = C:\\

Threat Alerts
More »
Latest Malware
Most Dangerous Malware

This Trojan may also attempt to download and install the file http://members.lycos.co.uk/kabloboy/XP_Update v1.5.3.exe. This will be copied into the Windows folder under WINLOGON.EXE.

This program will drop the file WINKEY.DLL into the Windows System folder and create the following registry entry:

HKCU\Software\Microsoft DirectX\WinSettings\
Troj/Prorat-C is embedded within WINKEY.DLL.

More information is at this Sophos page.

Worm Uses Outlook, mIRC or File Sharing to Spread

W32.HLLW.RedDw@mm is a worm that spreads by email using Microsoft Outlook, by mIRC, or by peer-to-peer file sharing. The scripts dropped by this worm, are detected as BAT.RedDw@mm.

More information is at this Symantec page.

Trojan Sends Spam Mail From Microsoft

Spy-Idwi is a Trojan with multiple versions. This family bears similarity to Spy-Tofger, bearing the following characteristics:

  • consists of dropper, DLL and EXE components
  • monitors windows with certain titles to capture keystrokes in sessions concerning online financial services

    A new variant is known to have been spammed to users via an email such as that detailed below.

    The spammed out email is likely to be formatted as follows:
    From: (some username)@microsoft.com
    Subject: MS Security
    Body: Welcome to Windows Update!
    There are 10 critical updates available at this time.
    Get the latest updates available for your computer's operating system, software, and hardware.
    Windows Update scans your computer and provides you with a selection of updates tailored just for you.
    Checking for the latest version of the Windows Update software...
    Depending on your connection speed, this might take a minute.
    During this time, you may receive one or more security warnings.
    Review each security warning to ensure that the content is signed by Microsoft, and then click Yes to install the software.
    Follow the link :Windows Update
    Open the fail,and new updates are installed.
    Sincerely,
    www.microsoft.com.

    The link within the message body leads to the following URL:
    (omitted w w w)
    microsoft-security-updates(dot com)

    A dropper is downloaded from this site, MSTASKS.EXE (7,168 bytes). When run the dropper installs certain files. View them and other information at this McAfee page.

    --Compiled by Esther Shein

    • 1
    IT Offers

    Partners



















    The Network for Technology Professionals

    Search:

    About Internet.com

    Legal Notices, Licensing, Permissions, Privacy Policy.
    Advertise | Newsletters | E-mail Offers

    Solutions

    Whitepapers and eBooks

    Intel Whitepaper: 2010 Intel Core vPro Processors Overview
    Article: Adobe Helps PHP Developers Create Rich Internet Applications
    Case Study: Microsoft IT Strengthens Security with Data Loss Prevention Solution
    Article: Reduce Your Infrastructure Costs with Microsoft System Center
    Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
    Article: Security Enhancements Abound in Windows Server 2008
    Article: Enterprise Social Computing with Microsoft SharePoint 2010
    Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
    		 Microsoft Whitepaper: Improve Communications and Collaboration
    Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
    Microsoft Personalized Whitepapers and Resources for You
    Microsoft Articles: Visual Studio 2010
    Adobe Article: Java Developers Finding a Home at Adobe Flex
    Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
    MORE WHITEPAPERS, EBOOKS, AND ARTICLES

    Webcasts

    Video: How System Center Helps Reduce IT Costs
    IBM Cloud Computing for Developers Virtual Event, April 6-8
    Intel Video: 2010 Intel Core Processor Technologies
    		 Microsoft Video: OCS and Exchange: Platform Futures
    MORE WEBCASTS, PODCASTS, AND VIDEOS

    Downloads and eKits

    Adobe Download: Tour de Flex Application and Explore Flex
    HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
    		 Iron Speed Designer Application Generator
    MORE DOWNLOADS, EKITS, AND FREE TRIALS

    Tutorials and Demos

    Free Adobe Online Flex Training: Check Out this Video Training Course Here
    Learn Unified Communications
    Learn SQL Server 2008
    Learn Windows Server 2008 R2
    Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
    		 Learn Forefront
    Learn System Center
    All About Botnets
    Learn SharePoint
    MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES