|
Evo ga...po starom dobrom obicaju, KL je vec posle vrlo kratkog vremena prokljuvio crv i ubacio zastitu u bazu 
Dakle, svi Kaspersky korisnici na UPDATE i mirni ste 
Evo novih detalja:
1. 'Bizex' worm attacks ICQ users
First global epidemic of an ICQ worm detected
Kaspersky Labs has
detected Bizex, a new Internet worm which caused the first global
epidemic among users of ICQ, the Internet instant messaging system. At
the moment, messages about infection are coming in from almost all
corners of the globe. A preliminary estimate is that approximately
50,000 are infected.
A computer becomes infected if the user visits a hacker web-site.
Invitations to visit this site are being circulated by ICQ. As
camouflage, when the web-site is viewed, the user is shown the Joe
Cartoon site; Joe Cartoon is the creator of a popular American cartoon
series. At the same time, the malicious program attacks the computer on
two fronts: firstly, by using a breach in Internet Explorer
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bu
lletin/MS02-047.asp),
and secondly, by using a breach in Windows.
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bu
lletin/ms03-011.asp)
The result of this is that a special file is downloaded to the computer,
without the user noticing anything; this file downloads the file which
contains Bizex and launches it on the victim computer.
Once this has been done, Bizex begins the process of infecting the
victim computer. It creates a folder named SYSMON in the Windows system
directory, copies itself to this folder under the name SYSMON.EXE and
registers this file in the system registry auto-run key. The worm will
therefore be uploaded to the computer memory each time the operating
system is started.
Once this process is completed, Bizex starts to propagate using ICQ. The
worm extracts a number of system libraries which are used with the
instant messaging system from itself, and installs them in the Windows
system directory. Using these libraries, Bizex gains access to the ICQ
contact list, disconnects the active ICQ client, and establishes an new
connection to the server in the name of the user of the infected
machine. It then sends, as if from the user, a link to the web site
shown above to all contacts found.
It should be noted that the worm only attacks original ICQ programs
(with the exception of Web ICQ), and alternative instant messaging
systems, such as Miranda and Trillian, are immune.
Bizex has a range of payloads, all of which are dangerous, and which can
lead to the leaking of confidential information. Specifically, the worm
scans the infected computer, and harvests information on payment systems
which are installed. Then, unnoticed by the user, it sends these details
to a remote anonymous server. The list of vulnerable payment systems
includes: Wells Fargo American Express UK Barclaycard Credit Lyonnais
Bred.fr Lloyds E-gold Additionally, Bizex intercepts information
transmitted by HTTPS (an encrypted communications protocol, which is
used, in particular, to transmit financial transactions) and also log in
details for a range of email systems e.g. Yahoo. This information is
also sent to the remote anonymous server.
'We see this as a bare-faced attempt to make money. The new method of
penetration, the fact that ICQ has not been used for such an attack
before, and the wide range of spy functions - this combination is sure
to reap huge profits for the author of Bizex, in spite of the fact that
the site was closed down four hours after the start of the outbreak,'
said Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs.
'Users should be very cautious about visiting suspicious sites, and
should install updates for Internet Explorer and Windows immediately.'
Protection against all the malicious components in Bizex has already
been added to the Kaspersky Anti-Virus database.
A more detailed description
(http://www.viruslist.com/eng/viruslist.html?id=1029528-) of this
malicious program can be found in the Virus Encyclopaedia.
|
[img][/img]
