January 12, 2011

Botnet named Chuck Norris

There is another botnet that has attacked the web with the name of Chuck Norris-famous karate fighter. WORM_IRCBOT.ABJ may be downloaded from remote site(s) by other malware or by an unknowing user when visiting a malicious Web site. It takes advantage of the MS03-039 Buffer Overrun vulnerability. In RPC(Remote Procedure Call)SS Service vulnerability to propagate copies of itself across networks. This vulnerability systems users running Microsoft Windows NT, 2000, XP and Server 2003 platform. It tries to access a vulnerable network share by guessing usernames and passwords of password-protected systems via brute force attack.

RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer which itself has come from an open software foundation RPC protocol with microsoft added extensions.

 There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for Distributed Component Object Model (DCOM) activation.
It could result in denial of Primary service and  automatic random code execution on user's PC which are a result of incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service which handles DCOM object activation requests that are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

It drops copies of itself to vulnerable network shares.
It connects to IRC server to take commands from a remote user.
Steals Online Banking Information of the users and Activation keys of popular Game applications.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



Twitter Delicious Facebook Digg Stumbleupon Favorites More