January 22, 2011

Multiple Malware

There are instances where more than one malware infecting at a same time because of many vulnerabilities and many ways that different malware can attack on a PC. It leads to severe situations and that will crash the PC entirely. There is one particular exploit that brings all the malware and trojans at a time HTML_SHELLCOD.SM that exploits CVE- 2010 3962 and because of which following trojans and malware attack the PC:

  • TROJ_LAMECHI.D,
  • JS_EXPLOIT.ADA,
  • JS_EXPLOIT.SM1, 
  • HTML_SHELLCOD.SM, 
  • TROJ_DLOADER.DAM, 
  • TROJ_GAMETHI.FMS, 
  • PE_PARITE.A, 
  • TSPY_ARDAMAX.HR
HTML_SHELLCOD.SM, a recently discovered malware that took advantage of a certain vulnerability in Internet Explorer (IE) and after all these infections infect the system and it many eagle-eyed cybercriminals look to further to inject their malicious money-making machinations that exploits all of the vulnerabilities present in the most efficient way possible.


Once HTML_SHELLCOD.SM has successfully taken advantage of the Uninitialized Memory Corruption Vulnerability (CVE-2010-3962) in IE, it connects to various URLs to download other malicious files detected as TROJ_LAMECHI.D, JS_EXPLOIT.ADA, JS_EXPLOIT.SM1, HTML_SHELLCOD.SM, TROJ_DLOADER.DAM, TROJ_GAMETHI.FMS, PE_PARITE.A, and TSPY_ARDAMAX.HR onto the affected systems.

This malware can render an infected system unusable.and puts the user’s confidential information at risk if another malware with backdoor capabilities affect the system. For instance, TROJ_GAMETHI.FMS, one of the malware HTML_SHELLCOD.SM downloads, steals user names and passwords related to popular online games such as Maple Story, Dungeon Fighter, Ragnarok Online, and World of Warcraft and can compromise the user accounts.

TSPY_ARDAMAX.HR will drop a file named TROJ_GAMETHI.FMS which drops more files on the infected system.  It also logs keystrokes and accesses certain sites and hacks chat logs which compromises user's privacy by stealing usernames and passwords. TROJ_GAMETHI.FMS terminates processes and downloads component files.

 PE_PARITE.A is a malware that infects .exe and .scr fils and spreads the entire network drives by choosing a port.

Prevention: 
Users can prevent this threat by updating their operating system with all the available patches and updating their anti-virus with latest updates. Scan the PC with the updated Malware by disabling system restore, it will remove the threat.

1 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More