Trojan on MS Word
A Trojan called Goga that exploits a vulnerability in MS Word can get into
your system and give your login name and password to malicious users. The Trojan
comes as an RTF (Rich Text Format) attachment to an e-mail. When you open this,
it links to a Word template file on a Russian website, which has a macro that
sends your private information to the guest book of another site.
Normally, Word scans documents and warns you of macros before you open a
document. However, the vulnerability exploited here is that Word doesn’t scan
the template for macros when opening an RTF document that’s linked to a Word
template.
Fixing it: Go to www.microsoft.com/technet/security/bulletin/MS01-028.asp
for more details and patches. Also update your anti-virus software, scan
your machine, and repair infected files.
Mass-mailing worm on Macs
A worm called MacSimpsons is making its way into Macs running OS 9.0 or 9.1.
It comes as an attachment called ‘Simpsons Episodes’, and the message
prompts you to open the attachment to see secret episodes of ‘The Simpsons’
series. Opening the attachment executes the AppleScript worm, which opens a copy
of your e-mail program (Outlook Express or Entourage) and sends a copy of the
message with the attachment to everyone in your address book. The worm doesn’t
have any other payload.
VBS/VBSWG.Z@MM
This is a VBScript mass-mailing worm that arrives as an attachment. The
subject of the message is Mawanella, the body reads ‘Mawanella is one of the
Sri Lanka’s Muslim village’ and the attachment is called ‘Mawanella. vbs’.
When you run the attachment it displays a text box entitled ‘VBScript:Mawanella’
that tells you about a brutal incident in a Sri Lankan village called Mawanella
and warns you that it can destroy your computer. However, the worm doesn’t
have a dangerous payload–it only mass-mails itself to everyone in your Outlook
address book. This happens whenever the attachment is executed.
Fixing it: Update your anti-virus software and scan your machine.
Worm on Solaris systems and IIS Web servers
A worm now doing the rounds exploits buffer-overflow vulnerability in Solaris
systems and subsequently installs software to crack into IIS Web servers, using
a vulnerability in the latter to do so. The content on websites hosted on
compromised IIS servers can be modified to read anything that the malicious user
wants. The worm also spreads itself automatically to other vulnerable Solaris
systems. A malicious user can use this worm to execute code with root privileges
on Solaris systems.
Click here http://pcquest.www.ciol.com/content/handson/101071502.asp
to read more.