|
1. Been infected with spyware? Tell us about your problem. 2. Protect your PC from viruses, spyware. 3. For fast automatic spyware removal, try CounterSpy, SUPERAntiSpyware |
Found new vulnerability in Microsoft Excel
ISC and Microsoft reported about new vulnerability in Microsoft Excel. Also found exploit using the vulnerability for install malware.
Now Symantec can to detect this attack.
Trojan.Mdropper.J is a Trojan horse that drops Downloader.Booli.A on the compromised computer. It exploits an undocumented vulnerability in Microsoft Excel.
The Symantec website also reports … Downloader.Booli.A may arrive on the compromised computer, dropped by Trojan.Mdropper.J, with the following name: %System%\svc.exe
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
When Downloader.Booli.A is executed, it performs the following actions:
- Attempts to run Internet Explorer and inject its code into Internet Explorer to potentially bypass firewalls.
- Attempts to download a file from the following location: [http://]210.6.90.153:7890/svcho[REMOVED]
- Saves the file as the following and if the download was successful, executes the file: c:\temp.exe
- Creates an empty file before exiting: c:\bool.ini
Now we recommend use the same defenses as for lastest Microsoft Word vulnerability: How to block Microsoft Word vulnerability, recommended defenses.
June 16, 2006 on 8:49 am | In Exploits & Vulnerabilities | |Submit to: Digg | SlashDot | Del.icio.us
No Comments yet »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Previous Posts:
- How to remove new rogue antispywares Malware Bell and IE Antivirus
- How to remove softwarereferral/safewebnavigate hijackers and etlrlws toolbar
- How to uninstall combofix
- Found new rogue antispyware programs
- How to remove braviax.exe/cru629.dat/users32.dat malware
- VirusHeat rogue antispyware - How To Remove
- Fresh updates to Ad-Aware and SpyBot-search & Destroy
- How to remove core.cache.dsk and parportt.sys
- How to remove CID popups
- How To Remove cyberstoll.com, search-daily.com hijacker and WebHancer spyware
- How to remove Video Add-on and antispyware/security toolbar 7.1
- Trojan Vundo/Virtumonde turns a good file into a Trojan-Dropper
- How to make Internet Explorer more secure
- New updates to Ad-Aware and SpyBot-search & Destroy
- How to remove webcry.com hijacker
- Found first Christmas malware
- Found some new fake codecs
- Cannot View Hidden Files And Folders. How to fix
- Hijacker will not let me download anti spyware program - how to fix
- How to fix shell.exe, spoolvs.exe problem
Categories:
- Pop-Up Blockers and Firewalls (rss) (5)
- Adware (rss) (10)
- Anti Virus Software (rss) (11)
- Best Programs (rss) (3)
- Browser Hijacking (rss) (13)
- Critical patch (rss) (21)
- Exploits & Vulnerabilities (rss) (58)
- FAQ (rss) (8)
- Free Software (rss) (63)
- Identity Theft (rss) (8)
- Internet Browsers and Mail and News readers (rss) (12)
- Linux (rss) (4)
- Malware (rss) (11)
- Online Scanners (rss) (11)
- Phishing (rss) (2)
- Rogue Anti Spyware (rss) (34)
- Rookit (rss) (3)
- spyware (rss) (2)
- Spyware protection and removal (rss) (74)
- Tips (rss) (78)
- Trojan (rss) (35)
- Tutorials - "How to" (rss) (65)
- Updates (rss) (16)
- Virus (rss) (19)
- Worms (rss) (14)
Archives:
- May 2008 (1)
- April 2008 (1)
- March 2008 (4)
- February 2008 (3)
- January 2008 (2)
- December 2007 (7)
- November 2007 (27)
- October 2007 (4)
- July 2007 (2)
- June 2007 (3)
- April 2007 (1)
- March 2007 (6)
- February 2007 (6)
- December 2006 (1)
- November 2006 (2)
- October 2006 (7)
- September 2006 (2)
- August 2006 (10)
- July 2006 (7)
- June 2006 (22)
- May 2006 (18)
- April 2006 (12)
- March 2006 (24)
- February 2006 (33)
- January 2006 (52)
- December 2005 (50)
- November 2005 (66)
Blogroll
- Sans Org - Internet Storm Center
- Spyware RU
- Sun Belt Blog
Help Us:
- MyAntiSpyware needs your support. Please make link from your site to us.
Use the button:
MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds.
Valid XHTML and CSS. ^Top^