False
‘Korean Worm‘ Spreads to Middletown |
Wednesday, May 7, 2003 12:34:32 PM - Middletown Ohio |
|
CSN1 Networking is warning all users against the new Internet worm "Winevar" (also known as "Korean Worm"). This malicious program was detected last week and was added to the CSN1 Networking Anti-Virus programs database. Recently we have received registered incidents of infections by this worm in Middletown. Up to now, CSN1 Networking anti-virus experts have received messages about Winevar infections from users in South Korea, Russia and from the Baltic States.
Winevar spreads through e-mail. An infected message can have different subjects, bodies and names of attached files. When the worm gets into a potential victim‘s e-mail box, it tries to penetrate the computer unnoticed, using the following vulnerabilities in the MS Internet Explorer security system: Microsoft VM ActiveX Component IFRAME Vulnerability Thus allowing an infection of the computer immediately upon reading the message.
Having penetrated a system, the worm modifies Windows booting files to activate upon system restart and to initiate its spread. Therefore it scans all HTM and DBX files found on the computer and extracts e-mail addresses. To these addresses the worm sends its copies using a direct connection to the default SMTP e-mail server.
Winevar has several extremely dangerous payloads, which can lead to the irrecoverable loss of data. Firstly, the worm removes anti-virus programs, debuggers and firewalls form the memory and from the disks. In some cases Winevar can also delete all other files on the computer. Secondly, the worm infects the computer with the virus Win32.Funlove. Thirdly, Winevar carries out DoS-attacks on Symantec‘s Web-site by launching an endless cycle of HTTP-requests sent to it.
Taking into account the spread of the worm in more and more countries, CSN1 Networking Labs recommends: immediate installation of the latest updates for your anti-virus programs; extreme caution when opening emails; installation of patches for the above mentioned vulnerabilities in the security system of MS Internet Explorer. Useful links: Description of Winevar in the CSN1 Networking Virus Encyclopedia CSN1 Virus Encyclopedia |
|
|