contents

software
 
Panda Software's Weekly Report on Viruses and Intruders

This week's PandaLabs report focuses on the Nurech.B and Atomix.C worms and reports the latest patches released by Microsoft to fix vulnerabilities in several of its applications. Nurech.B is the second variant of the Nurech family detected over the last few days. Like its predecessor, Nurech.A, this worm has used the days running up to Valentine's Day to spread in email messages with romantic subjects. Some of these subjects are Happy Valentine's Day or Valentines Day Dance.

The file containing Nurech.B varies, but it always consists of an executable file disguised as a greetings card. This file has names like Greeting Postcard.exe or Postcard.exe. Although the sender is also variable, it is always a woman's name. This worm has rootkit functions, aimed at hiding its processes and making it more difficult to detect. It also creates various copies of itself on the system and disables the functions of various security tools. Bear in mind that the previous variant of this family, Nurech.A, spread so quickly that it led PandaLabs to declare an orange virus alert. It is therefore advisable to be take precautions against this new variant.

The second worm in this week's report is Atomix.C. When this worm is run, it returns an error message, which could make it easier to identify. To avoid this, this malicious code has developed an ingenious system: after this error message, it displays another that informs users that they have been infected by a virus and advises them to download a free patch against this virus from a certain website. If users accept the download, what they are really installing on their computer is an update of the worm. In order to spread, this worm inserts links in MSN Messenger's chat windows, when the messenger is open, leading to its download. It therefore exploits a legitimate conversation, which the recipient will trust, and inserts a link that downloads the malware. To deceive users further, Atomix.C adds messages like 'download this postcard' or 'I want to show you something on this link' to the links.

Microsoft has published its monthly security bulletins. This time, twelve patches that fix 20 vulnerabilities. Only one of these affects the new Windows Vista operating system. This vulnerability lies in the malware protection engine and could be exploited to execute remote code.

The most affected users this month are Office 2000 users, since five vulnerabilities classified as 'critical' have been fixed in Word 2000. Two updates have also been released to resolve vulnerabilities in Office. One of them affects PowerPoint and the other affects Excel. Both have been classified as critical for the Office 2000 version and important for the rest.

Another bulletin rated as critical is MS07-016. It is an accumulative security update, in other words, a series of patches that replace previous security updates. It resolves up to three flaws in Internet Explorer 5.01, 6 and 7.

Another two bulletins are classed as critical. One of them affects Data Access Components and fixes a vulnerability that could be used to download malware to computers. It is particularly dangerous, as the way to do this has already been published on some websites. The other critical bulletin affects HTML 'Help' ActiveX Control.

The other bulletins have been rated as important. Two of them fix vulnerabilities that could be exploited by an attacker to gain elevated privileges and control the affected system. One of these is located in Windows Shell and the other in Windows Image Acquisition Service.

The other important vulnerabilities that have been fixed allow remote code to be executed. They affect Step-by-Step Interactive Training (software included in the courses offered by Microsoft Press), the Windows OLE dialog, Microsoft MFC and Microsoft RichEdit.

These bulletins can be downloaded fromhere.



write your comments about the article :: © 2007 Computing News :: home page