Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Banwarum Worm - Offers Tickets For The World Cup?


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:46 AM

Posted 25 May 2006 - 09:52 PM

W32.Banwarum@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm also spreads through the network by exploiting the Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability (as described in Microsoft Security Bulletin MS04-007). The worm also opens a back door via HTTP access.


This new email threat should be easy for most users to avoid. The text of the message is in German and this new worm exploits vulnerabilities in MS04-007. Users should be cautious with all email messages.

Banwarum Worm - Offers Tickets for the WORLD CUP?
http://www.f-secure.com/weblog/archives/ar...6.html#00000885
http://secunia.com/virus_information/29439/banwarum/
http://secunia.com/virus_information/29440/banwarum.dll/
http://secunia.com/virus_information/29438/ranchneg.a/

Diagram of worm behavior
http://www.trendmicro.com/vinfo/images/WOR...NCHNEG_A_BD.gif

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users