Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

w32.frethem.k () mm and good reading
From: full-disclosure () lists netsys com (Ron DuFresne)
Date: Mon, 15 Jul 2002 14:10:07 -0500 (CDT)

On Mon, 15 Jul 2002, Mark J. Walborn wrote:

Has anyone encountered the above mentioned worm? Several anti-viral software
companies have posted updates as of midnight..


Trend Micro released this announcement on it recently:

<quote>
This non-destructive, memory-resident variant of WORM_FRETHEM.D propagates
via email. It arrives as an attachment with the following details:

Subject: Re: Your password!

Message Body: You can access very important information by this password
DO NOT SAVE password to disk use your mind
now presscancel

Attachment: DECRYPT-PASSWORD.EXE
PASSWORD.TXT

On systems with unpatched Internet Explorer, the file attachments
automatically
execute when this email message is previewed or opened in Microsoft
Outlook and
Outlook Express.

WORM_FRETHEM.K is detected by pattern file #317.

For more information on WORM_FRETHEM.K please visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.K
</quote>

Also, I found the following article of interest.

By Robin Miller, NewsForge.com
   Posted: 06/06/2002 at 12:10 GMT

        [article SNIPPED]

They article in question discusses security through obscurity, which is
not viewed as sound by most folks in the security arena.  If the skript
kiddies looked hard enough they surely could find older sploits for such
systems, if they took the time to attempt to identify the underlying Os to
any degree, and surely better crackers will take that time.  Of course
there is this bit on the issue recently:

<quote>

How often hackers attack, and what they're after.  Attack activity against
corporate networks went up significantly in the first half of 2002 when
compared with the second half of 2001, but the good news is that the
incidence of highly sophisticated attacks was low between January and June
this year.  Despite the increased activity, the number of attacks that are
considered highly aggressive or sophisticated was less than 1 percent.
When highly aggressive attacks occur, they are more than 26 times more
likely to have severe effects than attacks that are classified as
moderately aggressive, so even the small percentage of such attacks
remains cause for concern. (Internet Week, 11 Jul)

</quote>

Which begs the question, are more sophisticated attacks really reduced, or
are more of them actually going undetected?

Thanks,


Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault