Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 888

Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 1913

Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 1985
Nukulus.A, Winko.A, Addon.A - Panda's Weekly Report - 2007/07/13 - DownloadForge
 
Home » News » Security » Nukulus.A, Winko.A, Addon.A - Panda's Weekly Report - 2007/07/13


Nukulus.A, Winko.A, Addon.A - Panda's Weekly Report - 2007/07/13

Security News | 16-Jul-2007
Views 819 | Rating 
 | Rate it! 

This weeks' PandaLabs report looks at Nukulus.A, a Trojan designed to steal users' data, and the Winko.A and Addon.A worms. Also, this week Microsoft has published six security patches to fix several vulnerabilities in the company's products.

Nukulus.A is a dangerous Trojan capable of stealing all types of confidential information: banking data, information entered in Web forms, local certificates, etc.

It can also redirect certain Web addresses to malicious web pages designed to perform online fraud. This way, the Trojan tries to obtain users’ confidential data.

“This is an attempt to combine the Trojan’s capability to steal passwords with a phishing attack. By doing this, cyber-crooks try to increase the probability of success”, explains Luis Corrons, Technical Director of PandaLabs.

The Trojan is also designed to download updates of itself from the Internet, as well as other malicious files. Plus, it creates several Windows registry entries, one of which makes sure it is run on every restart.

Winko.A is a worm designed to download other malicious codes onto the affected computer, including dangerous password stealing Trojans like QQRob and Lineage. It also downloads adware, like Alexa, onto infected computers.

The worm creates several copies of itself on the system and tries to spread by copying itself to all drives available (hard disks, USB, etc.)

Addon.A is a worm that spreads in a file called Foto_celular.zip. When run, it installs another malicious file and a vulnerable version of the ntoskrnl.exe file, which replaces the one on the system. This vulnerability could be exploited by an attacker to take control of the infected computer with administrator rights. Addon.A runs whenever the computer is restarted.

As with every second Tuesday of the month, Microsoft has published a series of security patches. This time, the company has released six bulletins (MS07-036 to MS07-041): three ‘critical’, two ‘important’ and one ‘moderate’. The fixes apply to such widely used services as Microsoft Excel or the Windows Vista firewall.
 


Todays's Headlines
Related news:
 
 
 
Copyright @2005-2011 InsideMedia SRL. All rights reserved.
Copyright informations | Terms of use | Privacy policy | Contact us | Help center | Gazduire web