Wednesday, June 02, 2004

A worm that uses seven mechanisms to spread itself.

Kibuv Worm, Bobax Trojan Try Many Methods:
"Security experts are tracking two new threats that have emerged in the past few days, including a worm that uses seven mechanisms to spread itself.

The worm is known as Kibuv, and researchers first noticed its presence Friday. Kibuv affects all versions of Windows from 98 through Windows Server 2003 and attempts to spread through a variety of methods, including exploiting five Windows vulnerabilities and connecting to the FTP server installed by the Sasser worms. "

Once it's installed on a PC, Kibuv starts its own FTP server that can be used to distribute copies of the worm. It also connects to a remote IRC chat server and listens for commands, according to an analysis done by Symantec Corp. Kibuv also listens on TCP port 420 for commands.

The worm has not spread too widely as of yet, but with its variety of infection methods, experts say the potential exists for it to infect a large number of machines.

The second piece of malware that has surfaced is a Trojan that is capable of spreading semi-automatically. Known as Bobax, the Trojan can only infect machines running Windows XP and seems to exist solely for the purpose of sending out large amounts of spam, according to an analysis by LURHQ Corp., a managed security services provider.

http://securityresponse.symantec.com/avcenter/venc/data/w32.kibuv.b.html

http://www.eweek.com/article2/0,1759,1594848,00.asp?kc=ewnws051904dtx1k0000599

No comments: