PAZNJA! BMP fajl moze da bude zarazen trojancem!!!

PAZNJA! BMP fajl moze da bude zarazen trojancem!!!

  • Pridružio: 22 Avg 2003
  • Poruke: 787
  • Gde živiš: Beograd

Beware! BMP files may contain a new virus

Agent, a new Trojan using BMP files has been mailed to users worldwide

Kaspersky Labs, a leading information security software developer has
detected a mass mailing of a new Trojan named Agent. Agent infects
victim machines when users view graphics in BMP format.

Agent exploits a vulnerability in MS Internet Explorer versions 5.0 and
5.5 which allows malicious code to be launched on victim machines via
modified BMP files. This vulnerability was a direct result of the
Windows source code leak and was first detected on February 16, 2004.

Agent was mailed using spammer technology in an infected email that only
contains a BMP file with a random name. The file is created especially
for the Russian version of Windows 2000; the malicious code will not
function on other language versions. This implies that Agent was
probably created in Russia or the CIS country.

Should a user open the BMP file Agent immediately connects to a remote
server located in the Lybian domain zone, downloading and installing a
second Trojan named Throd.

Throd is a classic spyware program. The Trojan first copies itself into
the Windows system registry autorun keys and then awaits further
commands. The 'master' can remotely execute various commands on the
victim machine including copying data, collecting addresses from MS
Outlook and turning the infected computer into a proxy server
functioning as a platform for anonymous cyber crimes.

"Throd is obviously written for spammers," comments Eugene Kaspersky,
Head of Anti-Virus Research at Kaspersky Labs, "the Trojan harvests
email addresses and creates a network of zombie machines for massive
spammer attacks. Once again, we see a confirmation that spammers and
virus-writers are working hand in hand."

To date, Microsoft has not issued a patch for this vulnerability. In
other words, the only protection users have is up-to-date anti-virus
software. "Moreover, it is very likely that malware attacking other
versions of Windows will soon appear", adds Eugene Kaspersky, "I
strongly recommend that users make sure that their anti-virus software
protects them from malware exploiting this particular Windows

Kaspersky Anti-Virus does scan the contents of BMP files and
automatically detects suspicious objects attempting to penetrate via
either the Internet of email. The solution neutralizes Agent
automatically and our anti-virus databases have been updated to detect

Detailed descriptions of both Trojans are available in the Kaspersky
Virus Encyclopedia

Best Regards, Denis Zenkin
Head of Corporate Communications
Kaspersky Labs

Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
  • Pridružio: 12 Sep 2003
  • Poruke: 236
  • Gde živiš: Naissus

Ja imam IE 6 SP1 i nadam se da sam bezbedan.

  • mire  Male
  • Elitni građanin
  • Pridružio: 18 Apr 2003
  • Poruke: 2282
  • Gde živiš: Beograd

ali dovoljno je da stavish noviji ie i problema nema
ako neko bash hoce da ostane na ie5 onda mu treba kav verovatno ...

  • Goran 
  • Prof.Mr.Dr.Sci. Traumatologije
  • Pridružio: 05 Maj 2003
  • Poruke: 9977
  • Gde živiš: Singidunum

Ne samo KAV bilo koji AV.

  • gamzzy 
  • Legendarni građanin
  • Pridružio: 24 Apr 2003
  • Poruke: 10725
  • Gde živiš: Novi Sad

A koji "#$%& to postavlja *bmp na NET?

  • Vlada
  • Pridružio: 20 Apr 2003
  • Poruke: 3360
  • Gde živiš: Beograd

gamzzy ::A koji "#$%& to postavlja *bmp na NET?

Pa vorvaton ima i takvih pacijenata ! Evo jednog

Ko je trenutno na forumu

Ukupno su 764 korisnika na forumu :: 43 registrovanih, 7 sakrivenih i 714 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aljosa7, Arhiv, Atomski čoban, Boris90, Brankoni, dac, darkangel, draggan, dragon986, Drug pukovnik, dule10savic, goxin, h8propaganda, Helket, Hoegaarden, HrcAk47, ILGromovnik, Insan, kovinacc, krlebgd77, KUZMAR, manda87, MarKhan, MB120mm, Mercury, misa1xx, Mitogna, moldway,, nuke92, prekodrinski, Regrut Boskica, repac, sakota79, Srle993, ssekir75, theNedjeljko, Toni, vasa.93, vlahale, vlvl, W123