Pamnet.trojan

Articles Metasploit Framework Windows Tutorial Remote Desktop Connection Windows Processes That May Be Dangerous How-To use NetCat a Tutorial Common Linux Commands Common Ports Netcat Commands HTTP Response Codes War-Google Hack Terms Wardriving Avoiding Social Engineering and Phishing Attacks Intrusion Detection on Linux Linux Intrusion Detection Penetration Testing Guide Penetration Testing Tools Social Engineering Fundamentals, Part I: Hacker Tactics Social engineering (computer security) The Psychology of Social Engineering The Archives General GSO GovernmentSecurity.org News & Suggestions In The News Open Topic General Security Information Trash Can Exploit & Vulnerability Mailing List Archives Trial Member Forum Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems File Downloads Exploit Research & Discussion Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware GSO Programming Section C , C++ , VC++ Visual Basic .NET Perl /CGI Java/Javascript PHP/XML/ASP/HTML Assembly + Other The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers		Help - Search - Member List - Calendar Full Version: Pamnet.trojan GovernmentSecurity.org > General GSO > In The News Spookie Aug 15 2005, 02:02 PM Security experts have uncovered highly sophisticated global 'chain' attack, which uses the pamNet.A Trojan to infect victim PCs with up to 19 malicious malware programs. The attack, which is based on a tree structure, was discovered on a web page hosted on a server in the USA, with a domain registered from an address in Moscow. The principal goal of the cyber assult is to send out junk mail, and, by using this complex structure, is estimated to have so far compiled more than 3m email addresses worldwide. According to Panda Software, the infection chain begins when a user visits the first infected page. This web page uses the Iframe tag to try to open two new pages. This initiates two parallel processes, each one associated to one of the two pages. When the first of the two pages opens, it in turn opens six other pages, which redirect the user to further pages with pornographic content. It also directs the user to a seventh page, which starts the principal attack process. This page exploits two possible vulnerabilities to carry out its actions: Ani/anr and Htmredir. In any event, if the attack is successful, it installs and executes one of two identical files -- Web.exe or Win32.exe, on the computer. When run, these files create seven files on the computer, one of which is a copy of itself and the rest of which are Trojans, adware and premium rate dialers. The complexity of this attack is "virtually unprecedented", according to Panda. "The fact that more than 3maddresses have been compiled to send spam to is an indication of the success the creator of this attack is enjoying," said Luis Corrons, director of PandaLabs. "The primary motivation of these attacks is financial gain over and above notoriety, and spam is one of the chief sources of income for malware creators. " © 1995-2005 All rights reserved part of vnu.net europe This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here. Invision Power Board © 2001-2005 Invision Power Services, Inc.