Free Virus Removal Guide

Earlier %%1%%today, Microsoft released Security Advisory (981374).  This advisory covers CVE-2010-0806, an unpatched vulnerability affecting Internet Explorer versions 6 and 7.  This attack appears to be rather targeted at the moment, but as with other unpatched vulnerabilities in the past, this has the potential to explode now that the word is getting out.

McAfee Labs is aware of an attack emanating from the domain topix21century.com (over both http and https).  In this attack, vulnerable users are directed to a malicious webpage that downloads and executes a file named notes.exe (classified as BackDoor-EMN) in drive-by download fashion (visiting the page is enough to get infected).  There are multiple variants of this trojan involved.  Notes.exe creates two copies of itself in the %temp% directory, and drops a DLL file.  This DLL file is injected into Internet Explorer and provides remote access to an attacker.

The backdoor allows an attacker to perform various functions on the compromised system, including uploading & downloading files, executing files, and terminating running processes.  Infected systems may attempt to communicate with the domain notes.topix21century.com over https.

File names related to this attack include:

• 20100307.htm (CVE-2010-0806 exploit)
• bypasskav.txt (part of exploit obfuscation code)
  • notes.exe (backdoor installer)
    • note.exe (backdoor installer copy)
    • clipsvc.exe (backdoor installer copy)
      • wshipl.dll (backdoor)
    • rsvm.exe (backdoor installer)
      • wshipnotes.dll (backdoor)

Preliminary product coverage is as follows:

• McAfee DAT files (antivirus): Coverage will be provided for known exploits as Exploit-CVE-2010-0806 and known payloads as BackDoor-EMN in the 5916 DAT files, releasing March 10.
• McAfee VirusScan Enterprise Buffer Overflow Protection: Generic Buffer Overflow Protection is expected to cover future exploits.
• McAfee Host Intrusion Prevention: Generic Buffer Overflow Protection is expected to cover future exploits.
• McAfee Network Security Platform: The UDS releasing March 9 contains coverage under the signature “HTTP: Microsoft Internet Explorer Code Execution Vulnerability”
• McAfee Vulnerability Manager: The FSL/MVM package of March 9 includes a vulnerability check to assess if your systems are at risk.
• McAfee Web Gateway (formerly Webwasher): TrustedSource has coverage for domains and IP addresses that the malware contacts.
• McAfee Firewall Enterprise (formerly Sidewinder): TrustedSource has coverage for domains and IP addresses that the malware contacts.
• McAfee SiteAdvisor, SiteAdvisor Plus, SiteAdvisor Enterprise: TrustedSource has coverage for domains and IP addresses that the malware contacts.

McAfee Labs is investigating this attack further and will continue to monitor any related activity closely.

This %%1%%patch Tuesday had been quiet, perhaps too quiet.

It turns out there is also a new advisory for Internet Explorer.

For a more complete list, please see the SophosLabs Vulnerability Analysis page.

AVG%%1%% antivirüs ve internet güvenliği yazılımları 7/24 destek ve yüksek hızlı otomatik güncellemeler ile sağlanır. Ücretsiz ve Türkçe olarak hemen indirebilirsiniz. AVG Anti-Virus ile günümüzün en karmaşık tehditlerine karşı çevrimiçi veya çevrimdışı sorunsuz bir şekilde korunursunuz.

Smadav%%1%% –salah satu software gratis antivirus lokal– baru saja merilis versi baru, yaitu Smadav 2010 Rev 8.11. Pada versi baru ini ditambahkan database 100 virus baru, Smadav Virus Scanner Engine terbaru (SmadEngine.dll), dan sudah kompatibel penuh untuk Windows Vista & Windows 7.

Added detection of %%3%%new variant of DOS.Generic_c.KG, new variants of trojans Generic16.AUZZ, BackDoor.Generic12.RTL, Crypt.OFU, Generic16.AVPU, SHeur2.CIZF.