|
Been infected with spyware? Tell us about your problem. For fast automatic spyware removal, try CounterSpy, SUPERAntiSpyware |
Found new vulnerability in Microsoft Excel
ISC and Microsoft reported about new vulnerability in Microsoft Excel. Also found exploit using the vulnerability for install malware.
Now Symantec can to detect this attack.
Trojan.Mdropper.J is a Trojan horse that drops Downloader.Booli.A on the compromised computer. It exploits an undocumented vulnerability in Microsoft Excel.
The Symantec website also reports … Downloader.Booli.A may arrive on the compromised computer, dropped by Trojan.Mdropper.J, with the following name: %System%\svc.exe
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
When Downloader.Booli.A is executed, it performs the following actions:
- Attempts to run Internet Explorer and inject its code into Internet Explorer to potentially bypass firewalls.
- Attempts to download a file from the following location: [http://]210.6.90.153:7890/svcho[REMOVED]
- Saves the file as the following and if the download was successful, executes the file: c:\temp.exe
- Creates an empty file before exiting: c:\bool.ini
Now we recommend use the same defenses as for lastest Microsoft Word vulnerability: How to block Microsoft Word vulnerability, recommended defenses.
June 16, 2006 on 8:49 am | In Exploits & Vulnerabilities | |Submit to: Digg | SlashDot | Del.icio.us
No Comments yet »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Previous Posts:
- How to remove AntispywareXP 2009
- Removal instructions for SpywareGuard2008
- How to remove PersonalAntispy malware
- How to remove VideoActiveXCodec malware
- How to remove rogue anti-spyware application eAntivirusPro
- How to remove VirusResponseLab
- How to remove rogue antispyware application Cleaner2009
- How to remove SpyDevastator
- How to remove Antispyware PRO XP
- How to remove XP Protector 2009
- How to remove System Antivirus 2008
- How to remove Smartantivirus2009
- How to remove Total Secure 2009
- MalwareBytes Anti-malware - free spyware, malware, trojan remover.
- How to remove Antivirus XP 2008 and tdssserv.sys trojan
- How to remove rogue antispyware: XP Guard, AntiVir64, MSAntivirus, Power Antivirus, SpywarePrevent, XpertAntivirus
- How to remove cnn.com and msnbc.com fake breaking news spam-virus and joke-bluescreen malware
- XLGuarder - fresh rogue antispyware | How to remove
- VirusRemover2008 - fake antispyware | How to remove
- Fresh rogue antispyware: WistaAntivirus, WinDefender, SpywareScanner2008
Forum posts:
- Removing CiD pop-ups
- Win:32KdCrypt(Cryp)
- Have a Joke-Bluescreen and XP Antivirus 2008 problem
- Adware and PUA - i need help
- Combofix Virus [W32.Scrapkut worm]
- Need help with antivirus spyware
- XP Antivirus 2008/2009, Malaware
- autorun malware removal
- Popup Problems
- xpsecuritycenter infection, as well as braviax
- Empty Device manager list = (apropos virus??)
- HijackThis log here, help please :) [ AntivirusXP ]
- False Pop-UPs Help
- Joke Bluescreen - HELP!!! [Antivirus XP]
- Windows Explorer closes by itself.
- prorat infection that doesnt go away
- Please help w/ Vundo
- Infected with Trojan.Vundo PLEASE HELP
- Infected with Zinaps7 virus. Hijackthis log included.
- Bifrose detected, what to do? using combofix?
Categories:
- Pop-Up Blockers and Firewalls (rss) (5)
- Adware (rss) (10)
- Anti Virus Software (rss) (11)
- Best Programs (rss) (6)
- Browser Hijacking (rss) (14)
- Critical patch (rss) (22)
- Exploits & Vulnerabilities (rss) (58)
- FAQ (rss) (8)
- Free Software (rss) (65)
- Identity Theft (rss) (8)
- Internet Browsers and Mail and News readers (rss) (12)
- Linux (rss) (4)
- Malware (rss) (11)
- Online Scanners (rss) (11)
- Phishing (rss) (2)
- Rogue Anti Spyware (rss) (60)
- Rookit (rss) (3)
- spyware (rss) (3)
- Spyware protection and removal (rss) (79)
- Tips (rss) (80)
- Trojan (rss) (37)
- Tutorials - HowTo (rss) (85)
- Updates (rss) (16)
- Virus (rss) (20)
- Worms (rss) (14)
Archives:
- October 2008 (3)
- September 2008 (10)
- August 2008 (5)
- July 2008 (3)
- June 2008 (4)
- May 2008 (5)
- April 2008 (1)
- March 2008 (4)
- February 2008 (3)
- January 2008 (2)
- December 2007 (7)
- November 2007 (27)
- October 2007 (4)
- July 2007 (2)
- June 2007 (3)
- April 2007 (1)
- March 2007 (6)
- February 2007 (6)
- December 2006 (1)
- November 2006 (2)
- October 2006 (7)
- September 2006 (2)
- August 2006 (10)
- July 2006 (7)
- June 2006 (22)
- May 2006 (18)
- April 2006 (12)
- March 2006 (24)
- February 2006 (33)
- January 2006 (52)
- December 2005 (50)
- November 2005 (66)
Blogroll
- PC Tips
- Sans Org - Internet Storm Center
- Spyware RU
- Sun Belt Blog
Help Us:
- MyAntiSpyware needs your support. Please make link from your site to us.
Use the button:
Bookmark Us:
MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds.
Valid XHTML and CSS. ^Top^