Guest guest Posted November 21, 2002 Report Share Posted November 21, 2002 The details of the new trojan variant are as follows: Trojan name: Troj/Maz.C Aliases: Downloader-BO.dr Number of copies seen so far: 5 Time & Date first Captured: 19 Nov 2002, 14:37 GMT Origin of first intercepted copy: USA Number of countries seen active: 2 Most active countries: USA, UK Technical Details The new Troj/Maz.C variant has been e-mailed to a number of users. From the copies that we have seen, the message appears as follows: MAILER-DAEMON@(recipient domain) FAILED DELIVERY Body : Unfortunately, it was not possible to deliver one or more of your messages. For more information, please, take a look in the attachment. Attachment: mail.hta Behaviour In copies that we have intercepted the attachment displays an HTML advert, but contains a Visual Basic script that drops a variant of the Downloader-BO (a.k.a. Inor) component, which subsequently attempts to download and install the Backdoor-AML (a.k.a. Jeem) component from a website, hosted at: wind.prohosting.com/jimkre The Backdoor-AML component opens three TCP ports that may be used to access the compromised machine remotely, 6079, 5262 and 4668. The 4668 port may subsequently be used as SMTP relays to further distribute the e-mail component to other recipients. Comment It is recommended that customers should ensure that they have configured their firewall software to block any incoming TCP traffic on these ports. Further details on the Troj/Maz.A and Troj/Maz.B trojan may be found on the MessageLabs website at: http://www.messagelabs.com/viewNewsPR.asp?id=109 & cmd=PR If you have any questions, please contact the MessageLabs Help Desk, or your Customer Services Executive. This email was sent to you because you to MessageLabs' Virus Alert service. You can cancel your subscription on the MessageLabs website at http://www.messagelabs.com/AlertUn MessageLabs is a leading provider of Internet-level managed email security services. Through its SkyScan portfolio of services, MessageLabs customers are protected from email-borne threats such as viruses, unsolicited mail and pornographic material, before such content comes anywhere near their network boundaries. ______________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com "Live in peace with the animals. Animals bring love to our hearts, and warmth to our souls." Colleen Klaum "He who is cruel to animals becomes hard also in his dealings with men. We can judge the heart of a man by his treatment of animals." Immanuel Kant Be the voice for the voiceless, join our group today: CorrectTreatment/ Mail Plus - Powerful. Affordable. Sign up now Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.