A new Microsoft Word 2000 zero-day exploit has been found. Microsoft has released a security advisory about this vulnerability, and a patch may be issued this coming February Patch Tuesday.
This vulnerability is present on Word 2000. When opened, a malicious .DOC file may corrupt system memory, allowing a remote user to execute arbitrary code on the affected system. This vulnerability does not affect any other Word versions.
Trend Micro detects the exploid code as TROJ_MDROPPER.EQ, and Symantec detects this as Trojan.Mdropper.W.
The usual precautions apply. Do not open email attachments from unknown sources. Update your antivirus apps. Patch your system when patches are available.
Showing posts with label malware. Show all posts
Showing posts with label malware. Show all posts
Jan 24, 2007
[Malware Warning] CME-711 on the Loose
The Storm worm and its Trojan cohorts had a wonderful run during the weekends, and the fun continues.
The recent variant, Small.DAM (F-Secure, Radar Alert 2) or TROJ_SMALL.EDW(Trend Micro, Medium overall risk rating) or CME-711 or Downloader-BAI!M711 (McAfee) or Trojan.Peacomm (Symantec, Category 3), is usually spammed or dropped by another malware. The subject of the spam emails that carry this Trojan are usually related to recent or current events.
When executed, this Trojan drops several files, one of which is a rootkit , which enables this Trojan to hide its files and processes.
It also connects to several IP addresses using port 4000 (F-Secure data; Trend Micro lists several UDP ports).
Elimination of this Trojan is difficult because of the rootkit. Delete the following files if you have found them on your system:
* peers.ini
* wincom32.sys
* wincom32.ini
If you believe your system is infected but cannot find the said files, use rootkit detectors; here are some of them:
* Trend Micro RootkitBuster (free)
* Microsoft Rootkit Revealer
Note that these are technical in nature and thus not for average users. I suggest you use the documentation (if any) that is provided by the software maker.
For a detailed cleaning solution, read the one from Trend Micro.
Your antivirus can remove this malware automatically, as long as its detection is updated.
The recent variant, Small.DAM (F-Secure, Radar Alert 2) or TROJ_SMALL.EDW(Trend Micro, Medium overall risk rating) or CME-711 or Downloader-BAI!M711 (McAfee) or Trojan.Peacomm (Symantec, Category 3), is usually spammed or dropped by another malware. The subject of the spam emails that carry this Trojan are usually related to recent or current events.
When executed, this Trojan drops several files, one of which is a rootkit , which enables this Trojan to hide its files and processes.
It also connects to several IP addresses using port 4000 (F-Secure data; Trend Micro lists several UDP ports).
Elimination of this Trojan is difficult because of the rootkit. Delete the following files if you have found them on your system:
* peers.ini
* wincom32.sys
* wincom32.ini
If you believe your system is infected but cannot find the said files, use rootkit detectors; here are some of them:
* Trend Micro RootkitBuster (free)
* Microsoft Rootkit Revealer
Note that these are technical in nature and thus not for average users. I suggest you use the documentation (if any) that is provided by the software maker.
For a detailed cleaning solution, read the one from Trend Micro.
Your antivirus can remove this malware automatically, as long as its detection is updated.
Subscribe to:
Posts (Atom)