Security Watch: Squatters Jumping Claims To Domain Names

DATE: 24-JUL-2006
Discuss Total Posts: 1
By Larry Seltzer
Security Alerts and Updates

A new attack has been identified based on last week's Top Threat, a zero-day vulnerability in PowerPoint.

The nature of the attack points to use as a pinpoint corporate espionage tool. A report by Symantec indicates that a Trojan named Trojan.Riler.F is installed by malicious code in a PowerPoint file as an LSP (Layered Service Provider), which is a special type of network driver that allows features to be added to the Winsock interface without replacing any existing files.

The attack creates these two files:
  • %System%\SNootern.dll
  • %System%\uidmngr.ini
It then installs SNootern.dll as an LSP and creates this registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
Then it opens a back door on the system by connecting the soswxyz.8800.org and johnmy66.vicp.net on TCP port 7128. It then listens and awaits commands from a remote attacker.

This attack has been found only in very specific organizations, indicating that it is being used in a targeted attack and is not yet in the wild. But look for more of these to appear soon.

Back to:
Security Tip		 Continue to:
Jargon Watch

 


Comment on this article
Be the first to comment on this article.
Sponsored Content
White Papers

No registration required to download these free white papers:

Security in the World of Web 2.0

Intelligent Infrastructure for Information Services

Making Server Consolidation A Reality

Protecting Client Systems from the Crimeware Invasion

Top 10 Ways to Increase Enterprise Security While Reducing Costs
Upcoming eSeminars

Data Protection Virtual Tradeshow
Cameron Crotty 50x50

Available On-Demand
Join Cameron Crotty and experts as they explore best practices and solutions needed to maintain a secure flow of data.
Available On-Demand
Security 2.0: Controlling Complexity
with Cameron Crotty. Sponsored by Symantec
Available On-Demand
Backup Exec 11d - The Gold Standard in Windows Data Recovery
with Frank Derfler. Sponsored by Symantec
Advertisement
Sponsors
  • 64 Pages of How-To Operational Advice for IT
  • You have a choice! Ericom's Alternative to Citrix
  • Discover what 2000 Cisco customers know about Riverbed
  • ScanSoft PDF Converter Professional 4
  • Defy the laws of reporting with Crystal Reports® 2008.
  • See how EMC can help you store more intelligently.
  • When Speed Counts, Count On 3Com.
  • Download the Windows Server® 2008 Release Candidate today.
    		•
    Security IT Hub Contact Us | About | Advertise
    Ziff Davis Enterprise

    Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters | RSS Feeds | Tech Shop | White Papers | Tech Encyclopedia | PC Downloads | ROI Calculators | Tech Jobs | Enterprise Product Comparison Guides | Tech Webcasts | Tech Podcasts | Tech Video

    1UP | AppScout | Baseline | Careers | Channel Insider | CIO Insight | Cranky Geeks | DesktopLinux | DeviceForge
    DevSource | DigitalLife | DL.TV | eSeminars | eWEEK | ExtremeTech | Filefront | GameVideos | GearLog
    LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | My Cheats | Networking | PC Magazine | PCMagCasts | PDF Zone |
    Publish | Security IT Hub | Server IQ | Smart Device Central | Strategic Partner | TechnoRide | Web Buyer's Guide |
    What's New Now | Windows for Devices | Ziff Davis Media International

    Use of this site is governed by our Terms of Use and Privacy Policy
    Copyright © 2004-2006 Ziff Davis Publishing Holding Inc. All Rights Reserved. Security IT Hub is a trademark of Ziff Davis Publishing Holdings Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.