Thursday, September 15, 2005

WORM_ZOTOB.N

Malware type: Worm
In the wild: Yes
Destructive: No
Language: English
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Encrypted: No
Characteristics: Propagates via software vulnerabilities
Overall risk rating: Low
Reported infections: Low
Damage potential: High
Distribution potential: High

Description:

This memory-resident worm propagates by exploiting the Windows Plug and Play vulnerability. For more information, please refer to the Microsoft Security Bulletin MS05-039 page.

It is dropped by other malware as UPDATE.EXE in the Windows system folder. Upon execution, it downloads and executes certain files from a certain Web site.

It is capable of launching a SYNC flood type of denial of service attack that consumes system resources.


For additional information about this threat, see:
Solution
Technical Details
Statistics
Posted by at No comments:

Shadow Software Attack

INTRODUCTION
During the last years we could see how shadow server[3] attacks were a serious problem for many companies. It’s true that, for a security "expert", a shadow server attack can be considered obsolete and a "stupid" attack but in a security contest there is no banal problem,
mainly if it is still feasible.

The shadow software[1] attack, discussed in this paper, is very similar to the shadow server’s one, if we abstract to its essence.

Usually, the user does not require the authentication of the server and the exchange of information begins trusting the look-and-feel of the server[3]. This is very dangerous since we don’t know if the server we are connected to is the real one.

The shadow software attack is based on the concept that an attacker could simulate the look-and-feel of a software, launched by the victim, to steal his or other people's information.


For More: neworder
Posted by at No comments:
Subscribe to: Posts (Atom)