|
Advertisement:
|
OCAU News |
This from SectretSquirrel yesterday, so might be addressed already: Just wanted to give you the heads-up on a new/modified trojan (search for TimerModule.exe/RedLabel.scr on Google/Teoma etc returns nothing and Kaspersky doesn't detect it). It seems to be a variant of the Delf.g backdoor.
My firewall Kerio Personal Firewall 3.0 beta 6 picked it up this morning when a certain "TimerModule.exe" tried to connect to a localhost (127.0.0.1) port on both TCP and UDP. I'm still figuring out how it got there, but perhaps it wasn't a coincidence that Kaspersky picked up a script in an Opera cached file, saying it was a "Exploit.Applet.ActiveXComponent"
TimerModule.exe will be placed in X:\windows\system32\ and RedLabel.scr in X:\windows\system32\. TimerModule.exe will NOT be reported by Kasperksy as being a virus. However RedLabel.scr is reported as being infected with "Trojan.Win32.Delf.g. I'm about to check it with Norton Antivirus... Ad-aware does not report anything to do with these files.
The exploit makes a registry entry so that it runs at startup:
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run:
TimerModule D:\WINDOWS\System32\TimerModule.exe
Spybot 1.2 picked up the DSO vulnerability on my machine as documented here. Maybe it found its way in that way.
Yet another reminder to update your anti-virus program regularly.. one day they might not have a virus detected and the next day they might. Don't run any screensavers or other email attachments from people you don't know, or if you do know them, that you wouldn't expect them to send. Personally, I think the virus writers should all go and collectively get a life..
Return to OCAU's News Page
|
|
Advertisement:
All original content copyright James Rolfe.
All rights reserved. No reproduction allowed without written permission.
|
Advertisement:
|
|
|