Add a computer worm taking advantage of the error MS06-040
Yesterday, Symatec warned of a new computer worm targeting the security bug MS06-040 that appeared on the Internet.
The new computer worm - named " Randex.gel " - belongs to the ' network-ware ' computer worm line. The network-ware worm is a worm that can be remotely controlled via IRC (Internet Rely Chat) channels and automatically scans the internal network for infection. Therefore, the main function of the worm Randex.gel is to open a back door on infected systems to wait for the control command from their 'owner' via IRC channel.
Oliver Friedrichs - Symantec's director of security response group - said this could be a variant of the Randex worm. The only difference with that computer worm line is Randex.gel that can exploit the security bug MS06-040.
Previous variations of the Randex worm line targeted other security vulnerabilities in Windows such as MS04-007, MS05-017, and MS05-039 - these errors have been fixed by Microsoft.
Friedrichs stated that the code that plays the role of exploiting security bugs mainly in the depth of Randex.gel is very different from other variants. In fact, this code is very similar to the code of HD Moore security researcher released two weeks ago.
Symantec said the Randex worm could spread in a lot of different ways like through MSN Messenger, AOL Instant Messenger, Yahoo Messenger, and ICQ. The Randex.gel worm can also be distributed through Microsoft SQL servers. If the Randex.gel worm finds a SQL server, it will immediately infect all databases located on that server.
Another function of the worm Randex.gel is to steal personal account information of eGold electronic payment service users when users log into egold.com website.
Although there are many such malicious functions, the Randex.gel worm cannot cause much damage because Microsoft has released the above security patch update.
Hoang Dung
You should read it
- Deep new computer: unexpectedly simple?
- The new worm attacked AIM and caused heavy damage
- Will the Kama Sutra worm come back next week?
- Koobface worm exploded in the Christmas season
- There are worms to fake Microsoft patches again
- Nugache threatened the throne of Storm
- New depths appear to attack Nokia phones
- D32 Virus Removal Software updates new viruses on December 25, 2004
May be interested
- Trojans hide themselves under SPAM pornsecurity experts claim that the main goal of this attack by cyber criminals is to trick recipients into downloading malicious software to help them control the system or steal personal information. their secret.
- 90% of computers infected with spyware ?!webroot software (www.webroot.com), an antispyware software company has just announced their research, whereby the level of spyware infection is at its highest level ever.
- Appeared worm computer attack AMD processor chipsymantec's security researchers have discovered a computer worm that can directly attack amd processors, instead of attacking windows operating systems. with two different versions, the worm type
- 9/10 PC infected with spywarethe latest anti-spyware report by webroot software shows that after the decline in 2005, the rate of spyware infection has started to rise again and reach a record high since 2004 back here.
- Zcodec - New threat for Net userspanda software has announced the recognition of a new malicious piece of software called zcodec, 'disguised' as an application that can install standard video code for various multimedia formats.
- People chat again because of the 'internal' virus of FunniYMin the afternoon of august 31, 2006, there was a new 'made in vietnam' virus spread through yahoomessenger with a tremendous speed. show that the most popular online chat tool in the world has become an effective tool for bad guys to spread 'internal' virus in vietnamese n community.