New Download.Ject worm variant appears
It infects vulnerable systems with a Trojan horse and keystroke logger
IDG News Service - Users who have not yet installed the three out-of-cycle patches contained in Microsoft Corp.'s July 30 security bulletin MS04-25 now have another reason to do so immediately.
A new version of a worm called Download.Ject takes advantage of one of the flaws fixed by the patches and has begun circulating online, according to Thor Larholm, a researcher at PivX Solutions Inc.
Like its predecessor, the new version of Dowload.Ject infects vulnerable systems with a Trojan horse and a keystroke logger. But unlike the original worm, which was designed to capture sensitive information such as credit card numbers and ATM codes from infected systems, the new worm generates pop-up advertisements to pornographic sites, Larholm said.
The worm also changes the Web home page and the Internet Explorer search pane on infected systems, Larholm said. A user's regular home page is replaced with a site called TargetSearch and several browser windows with adult advertisements and links to adult sites, a PivX advisory said.
"The worm is still using the same vulnerabilities and the same attack vectors" as its predecessor, Larholm said. Those who have already installed the recently released Service Pack 2 for Windows XP or the patches contained in MS04-25 should be safe.
A link to the Web site hosting the worm arrives as an instant message on AOL Instant Messenger or on ICQ from either a known or unknown source. The message contains a reference and a link to a personal home page. Users who click on the link are directed to a Web site that proceeds to infect their computers, Larholm said.
The worm is relatively easy to modify and may begin spreading via e-mail as well, he said.
PivX, which first discovered the new version yesterday, has informed the major antivirus vendors, which are working to update their virus signatures, Larholm said.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts