Beware! BMP files may contain a new virus

Discussion in 'Windows Desktop Systems' started by tdinc, May 19, 2004.

  1. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    Kaspersky Labs has detected a mass mailing of a new Trojan named Agent. Agent infects victim machines when users view graphics in BMP format.

    Agent exploits a vulnerability in MS Internet Explorer versions 5.0 and 5.5 which allows malicious code to be launched on victim machines via modified BMP files. This vulnerability is a direct result of the Windows source code leak and was first detected on February 16, 2004.

    Agent was mailed using spammer technology in an infected email that only contains a BMP file with a random name. The file is created especially for the Russian version of Windows 2000; the malicious code will not function on other language versions. This implies that Agent was probably created in Russia or the CIS.

    Should a user open the BMP file Agent immediately connects to a remote server located in the Lybian domain zone, downloading and installing a second Trojan named Throd.

    Throd is a classic spyware program. The Trojan first copies itself into the Windows system registry autorun keys and then awaits further commands. The 'master' can remotely execute various commands on the victim machine including copying data, collecting addresses from MS Outlook and turning the infected computer into a proxy server functioning as a platform for anonymous cyber crimes.

    "Throd is obviously written for spammers,' comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs, 'the Trojan harvests email addresses and creates a network of zombie machines for massive spammer attacks. Once again, we see spammers and virus-writers are working hand in hand."

    To date, Microsoft has not issued a patch for this vulnerability. In other words, the only protection users have is up-to-date anti-virus software. "Moreover, it is very likely that malware attacking other versions of Windows will soon appear', adds Eugene Kaspersky, 'I strongly recommend that users make sure that their antivirus software protects them from malware exploiting this particular Windows vulnerability."

    Kaspersky® Anti-Virus does scan the contents of BMP files and automatically detects suspicious objects attempting to penetrate via either the Internet of email. The solution neutralizes Agent automatically and our antivirus databases have been updated to detect Throd.

    Detailed descriptions of both Agent and Throd are available in the Kaspersky Virus Encyclopedia.
     
  2. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    Old bug, was found when the source was leaked, was an entire story on /.

    Also, it does not affect IE 6.x, or any other browser (Firefox, and Opera :p)
     
  3. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    :rolleyes: Well, what can I say, A few days and a dollar short.
     
  4. ThePatriot

    ThePatriot -=[BOHICA!]=- Political User

    Messages:
    1,742
    Location:
    Pennsylvania
    Don't feel too bad, that's my life story! :rolleyes:
     
  5. Petros

    Petros Thief IV

    Messages:
    3,038
    Location:
    Pacific Northwest
    Windows 98 users who never update their software better watch out!
     
  6. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
     
  7. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    Wow, talk about specific targeting :D
     
  8. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    Well the one in my thread doesn't :p
    Free reputation for whoever does it... lol
     
  9. rushm001

    rushm001 In the beginning...... Political User

    Messages:
    3,480
    Location:
    Norfolk, UK
    Free reputation?
     
  10. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    BMP?! :)
    Have you heard rumours about the possibility of infections through JPG and mp3's as well?
     
  11. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    jpg and mp3's are old news :p
     
  12. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    Yes, me knowz... but does he?! ;)