VIRUS ALERTS
Waych out this malicious virus that is out to infect yoursystem stealthily
Googbot
It has been observed that a mass-mailing worm named Googbot is circulating in the wild. It propagates by exploiting software vulnerabilities. The worm is exploiting Trend Micro ServerProtect multiple stack-based buffer overflow vulnerability described in CIVN-2007-80 and Windows LSA (Local Security Authority) Service Stack-Based Buffer Overflow vulnerability described in CVE-2003-0533 . Further it opens a backdoor on the infected system on TCP port 7001 to connect to domain io.phatnet.biz and listen for malicious commands from the remote attacker.
The worm has its own SMTP engine to send mass e-mails. It harvests the e-mail addresses from the infected system and sends malicious e-mails to the collected addresses. The e-mail body contains a malicious link which entice the users to click upon using social engineering technique.
Aliases : WORM_AGENT.AAWD [Trend], W32 Duce.a@mm [McAfee], Backdoor.W32.GoogBot.A [Kaspersky]
The e-mail contains the following :
Subject : (any of the following)
Someone has sent you a Private Message!
You have just recieved a NEW message!
You have (1) NEW messages!
Body : (any of the following)
You have just recieved a new Google Message!
You can view your message here: http://www.google.com/gmsgid=4289472
Note: If you do not already have Google Message Viewer installed, you will be prompted to install it. want to know more? it's here
No comments:
Post a Comment
We Appreciate Your Feedback