ICQ-Based Bizex Worm, MyDoom.F, Checking Your Server Logs
ICQ-Based "Bizex" Worm
-----------------------------------------------------------
A new Win32 worm, aimed at users of the messaging software ICQ is making the rounds. The worm, dubbed "Bizex," is loaded onto a machine using a combination of ICQ behaviors and vulnerabilities in Internet Explorer and Windows when a user visits the site www.jokeworld.biz (currently unresolvable). Once executed, the worm then sends messages to ICQ contacts suggesting that they visit the JokeWorld site. The worm reportedly searches infected machines for specific financial information and installs a keylogger in an attempt to steal passwords. More information:
http://www.techweb.com/wire/story/TWB20040224S0006
MyDoom.F
-----------------------------------------------------------
Proving once again that human gullibility knows no bounds, the MyDoom.F email-based worm is slowly increasing in "popularity." Unlike its kinder and gentler MyDoom siblings, this one not only installs a backdoor and mailbombs the known world, but it has a nasty habit of randomly deleting files with specific extensions. More information:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.F
http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=mydoom_f
Checking Your Server Logs
-----------------------------------------------------------
Earlier, we received a report from an admin who, looking through his webserver logs, was able to identify a compromised system that had been used as a "toolz" dump. This highlights again, the importance of regularly examining your web server logs for signs of malicious activity and following up on what you find there. Thanks to this admin's efforts, the owners of the compromised system were contacted and the dump was taken offline.
If you're not regularly checking your webserver logs, or if you're not sure what to look for, here is an excellent guide that explains not only what to look for, but also explains why it's important.
http://www.securiteam.com/securityreviews/6H00C1535K.html
-----------------------------------------------------------
Handler on Duty: Tom Liston ( http://www.labreatechnologies.com )
-----------------------------------------------------------
A new Win32 worm, aimed at users of the messaging software ICQ is making the rounds. The worm, dubbed "Bizex," is loaded onto a machine using a combination of ICQ behaviors and vulnerabilities in Internet Explorer and Windows when a user visits the site www.jokeworld.biz (currently unresolvable). Once executed, the worm then sends messages to ICQ contacts suggesting that they visit the JokeWorld site. The worm reportedly searches infected machines for specific financial information and installs a keylogger in an attempt to steal passwords. More information:
http://www.techweb.com/wire/story/TWB20040224S0006
MyDoom.F
-----------------------------------------------------------
Proving once again that human gullibility knows no bounds, the MyDoom.F email-based worm is slowly increasing in "popularity." Unlike its kinder and gentler MyDoom siblings, this one not only installs a backdoor and mailbombs the known world, but it has a nasty habit of randomly deleting files with specific extensions. More information:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.F
http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=mydoom_f
Checking Your Server Logs
-----------------------------------------------------------
Earlier, we received a report from an admin who, looking through his webserver logs, was able to identify a compromised system that had been used as a "toolz" dump. This highlights again, the importance of regularly examining your web server logs for signs of malicious activity and following up on what you find there. Thanks to this admin's efforts, the owners of the compromised system were contacted and the dump was taken offline.
If you're not regularly checking your webserver logs, or if you're not sure what to look for, here is an excellent guide that explains not only what to look for, but also explains why it's important.
http://www.securiteam.com/securityreviews/6H00C1535K.html
-----------------------------------------------------------
Handler on Duty: Tom Liston ( http://www.labreatechnologies.com )
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments
www
Nov 17th 2022
4 months ago
EEW
Nov 17th 2022
4 months ago
qwq
Nov 17th 2022
4 months ago
mashood
Nov 17th 2022
4 months ago
isc.sans.edu
Nov 23rd 2022
4 months ago
isc.sans.edu
Nov 23rd 2022
4 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
3 months ago
isc.sans.edu
Dec 26th 2022
3 months ago