Subscribe

Windows users most susceptible


Johannesburg, 24 Aug 2007

These programs are still the most vulnerable to infection and nasty side effects, says Brett Myroff, CEO of Sophos distributor, Netxactics.

The W32/Rbot-GSW, a worm that contains IRC backdoor functionality, spreads via network shares and affects the Windows OS.

It allows others to access the infected computer, downloads code from the Internet, reduces system security, installs itself in the registry and exploits system or software vulnerabilities, he explains.

"This worm runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

"W32/IRCBot-XL is a type of Spyware worm that spreads via chat applications. Affecting Windows, it allows others to access the computer, steal information, downloads code from the Internet, installs itself in the registry and leaves non-infected files on computers. It also occurs as Backdoor.Win32.IRCBot.acd.

"It has IRC backdoor functionality and can be ordered to spread via MSN with a variety of messages and steal login credentials from the protected storage area in Internet Explorer."

Another worm that has emerged is the W32/Sdbot-DHE worm, which also allows access to infected computers. Also knows as Backdoor.Win32.SdBot.bgc, its behaviour is much like the aforementioned worms, says Myroff.

When first run, W32/Sdbot-DHE copies itself to <System>\winn.exe.

Make believe

Two Trojans have also been discovered. Troj/Swizic-A affects Windows users and may pretend to be part of a package for installing a file downloading application, says Myroff.

"Troj/Small-EKA also affects the Windows OS and downloads code from the Internet and installs itself in the registry. Troj/Small-EKA includes functionality to access the Internet and communicate with a remote server via HTTP.

"When first run, Troj/Small-EKA copies itself to <Windows>\svchost.exe and creates the file <Windows>\svchost.dll, which is detected as the Trojan.

"Companies are, as always, advised to heed the potential risks to their information. More and more malware is attempting to take advantage of system vulnerabilities with the intent to do harm, particularly in terms of identity theft," Myroff cautions.

Share

Editorial contacts