PDA

View Full Version : Fyi


BriEOD
11-04-2005, 09:27 AM
A new Trojan horse, dubbed "Navia.a" by Panda Software, uses avian flu-related subject heads to dupe recipients into opening an attached Microsoft Word document.
By Gregg Keizer


Spammers and scammers have already used the public's fear and curiosity about the avian flu to spread their schemes, but now hackers have turned to the trick, a security company warned Thursday.

A new Trojan horse, dubbed "Navia.a" by Panda Software, uses subject heads of "Outbreak in North America" and "What is avian influenza (bird flu)?" to dupe recipients into opening an attached Microsoft Word document.

That's when Navia.a goes old school: the Word document is infected with malicious macros.

One of the macros makes several Windows kernel calls to allow the Trojan to create, change, or delete files, while the second installs "Ranky.fy," another Trojan that opens a back door to the PC.

“Unfortunately, we were expecting something like this," said Luis Corrons, director of Panda's research, in a statement. "This is not the first time, and won't be the last, that writers of malicious code have taken advantage of people's misfortune and anxieties to spread their Trojans and worms."

Word macro threats were once among the most visible, and most dangerous, but have fallen out of fashion. The most infamous macro threat was the Melissa virus of 1999, which debuted a propagation technique -- grabbing e-mail addresses from Microsoft Outlook -- that's still used by most mass-mailed worms and viruses.

To protect against a macro-based exploit, Word users should make sure that the macro security level is set at "Medium," which triggers a warning when a Word document containing one or macros is opened, or "High," to disable macros entirely.

In Word 2003, the setting is under the Tools menu, in the Macro/Security item.

mitch
11-04-2005, 09:49 AM
Thanks Brian.

LakePirate
11-04-2005, 11:54 AM
There is another trojan horse that has come out today psw.banker
It has already gotten through symantec here at the office and had to be removed with AVG.

Just a heads up.