Network worm "Roron"--red alert. (Virus Notes).Kaspersky Labs Kaspersky Lab is a computer security company, co-founded by Natalia Kaspersky and Eugene Kaspersky in 1997, offering antivirus, anti-spyware, anti-spam, and anti-intrusion products. , reports the appearance of a new network worm named "Roron", constructed in Bulgaria. Presently six variations of the worm have already been detected and have been credited with infecting computers in many regions including the U.S.A., Russia and a slew of European countries. Destructive functions and features include a built-in back-door intended for unsanctioned remote control of victim computers and the ability to spread via many communication channels--all of which places this worm in an especially high danger category. `Roron' spreads using several data transfer channels: via email as an attached file, via local area networks and the KaZaA file-sharing network. Systems become infected only if a user manually launches (opens) the file containing the worm that was received via one of the aforementioned sources. When penetrating a computer, "Roron,'" creates a copy of itself in the Windows system directory and Program Files and then registers one of these files in the system registry's auto-run key. In this way the worm ensures its activation the each time the system is booted boot·ed adj. Wearing boots. Adj. 1. booted - wearing boots shod, shodden, shoed - wearing footgear . Sometimes, when infecting, the worm displays a false warning: WinZip Self-Extractor License Confirmation Your version of WinZip Self-Extractor is not licensed or the license information is missing or corrupted Please contact the program vendor or the web site (www.WinZip.com) for additional information. After the infection routine routines:is complete, `Roron' activates its spreading * To spread via e-mail it clandestinely creates a message that may have different subjects, texts and attached file names. Then it sends this message to the recipients whose adresses it found in the InBox folder of the infected computer. * To spread via a local area networks the worm searches available network resources, allocates those having file-sharing resources and copies itself under a random name. This way "Roron" may spawn its copies to the public file servers that may lead other network users to download these files and infect their own machines. * To spread via the KaZaA network the worm searches for KaZaA file-sharing folders where it inserts its copy, thus making it available for download by other KaZaA users. `Roron' carries a very impressive armory of extremely dangerous Exteremely Dangerous is a 1999 four part series for ITV starring Sean Bean as an ex-MI5 undercover agent convicted of the brutal murder of his wife and child who goes on the run to try and clear his name. He sets out to follow up a strange clue sent to him in prison. payload (1) Refers to the "actual data" in a packet or file minus all headers attached for transport and minus all descriptive meta-data. In a network packet, headers are appended to the payload for transport and then discarded at their destination. and backdoor See trapdoor. functions. In case the infected computer has a MIRC client installed (software used to access Internet Relay Chat See IRC. (chat, messaging) Internet Relay Chat - (IRC) /I-R-C/, occasionally /*rk/ A client-server chat system of large (often worldwide) networks. IRC is structured as networks of Internet servers, each accepting connections from client programs, one per user. (IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. ) channels) the worm infects it with a backdoor component. This allows a malintended person to gain unauthorized remote control over the infected computer: Unnoticed a malefactor MALEFACTOR. He who bas been guilty of some crime; in another sense, one who has been convicted of having committed a crime. can download, upload, execute files, send out e-mail messages on behalf of the user, etc. The backdoor component also carries a feature' for performing DoS-attacks (Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. ) from the infected computer launched against other computers specified by the hacker, messages on behalf of the user, etc. The backdoor component also carries a feature' for performing DoS-attacks (Denial of Service) from the infected computer launched against other computers specified by the hacker. www.kaspersky.com |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion