Jun 29 2006, 02:46 PM, updated 20y ago
QUOTE
Assalamualaikum,
Thank you for reporting to us. We had checked www.utusan.com.my and
we confirm that the below site linked in www.utusan.com.my, that
provides free web statistics contains a downloader Trojan and Java applets,
which are components of a malicious Java archive file (JAR).
The link which is embedded in the web counter icon is as below:
http://y.extreme-dm.com/s/?tag=felixm
Once clicked on the above link, it is redirected to a malicious site
http://ilead.itrack.it,in which a downloader Trojan and malicious Java
applets will be downloaded into PCs browsing your site.
The downloader Trojan and the malicious Java applets found to be
downloaded from the above malicious site are:
TROJ_ANICMOO.AL
Details on the TROJ_ANICMOO is available at:
Symantec
http://www.symantec.com/avcenter/venc/data....anicmoo.c.html
JAVA_BYTEVER.AC
JAVA_BYTEVER.AB
JAVA_BYTEVER.A
Details on the JAVA_BYTEVER.AC, AB, A
TrendMicro
http://www.trendmicro.com/vinfo/virusencyc...JAVA_BYTEVER.AC
http://www.trendmicro.com/vinfo/virusencyc...JAVA_BYTEVER.AB
http://www.trendmicro.com/vinfo/virusencyc...=JAVA_BYTEVER.A
We had communicated with Utusan's Admin and advised him to check/remove any
untrusted sites linked in their site as the untrusted sites could be malicious
and may contain malicious programs that can be downloaded into users' machines
that browse the site.
Steps to clean up PCs infected with the above malicious programs are as below.
To clean up PCs infected with the downloader Trojan:
1) Disconnect the infected PCs from the network
2) Patch the PCs with the Microsoft Security Bulletin MS05-002,
against a vulnerability in Cursor and Icon Format Handling Could
Allow Remote Code Execution.
The patch can be downloaded at:
http://www.microsoft.com/technet/security/...n/MS05-002.mspx
NOTE: The patch can be downloaded from a clean PC into a media and
then install the patch into the infected PC.
3) Disable System Restore for Windows XP/ME
4) Install an Anti-virus software and update the anti-virus
software with latest signature files.
List of Anti-virus softwares is available at:
http://www.mycert.org.my/anti-virus.htm
NOTE: The Anti-virus software can be downloaded from a clean PC into
a media and then install the Anti-virus into the infected PC.
5) Scan the infected PC with unupdated version of Anti-virus software
and delete files detected as Trojan.Anicmoo.
6) Re-scan the PC with an updated version of Anti-virus to confirm
the PC is clean.
7) Enable System Restore for Windows XP/ME
To remove PCs infected with the malicious Java Applet:
1) Disconnect the infected PC from the network.
2) Patch the infected PC with the Microsoft Security Bulletin MS03-011,
against a flaw in Microsoft VM Could Enable System Compromise
The patch can be downloaded at:
http://www.microsoft.com/technet/security/...n/MS03-011.mspx
NOTE: The patch can be downloaded from a clean PC into a media and
then install the patch into the infected PC.
3) Disable System Restore for Windows XP/ME
4) Install an Anti-virus software and update the anti-virus
software with latest signature files.
List of Anti-virus softwares is available at:
http://www.mycert.org.my/anti-virus.htm
NOTE: The Anti-virus can be downloaded from a clean PC into a media and
then install it into the infected PC.
5) Scan the infected PC and delete any files detected as JAVA_BYTEVER.AC,
JAVA_BYTEVER.AB and JAVA_BYTEVER.A.
OR
Download ad-aware to remove the Java Applet:
http://www.lavasoft.de/software/adaware/
6) Re-scan the PC with an updated version of Anti-virus to confirm
the PC is clean.
7) Enable System Restore for Windows XP/ME.
Preventive Measures:
1) Always make sure your PC is regularly updated with latest patches.
Lates patches can be downloaded at:
http://update.microsoft.com/microsoftupdat...t.aspx?ln=en-us
2) End users may also consider to install pop up blocker to block pop
up messages appearing on PCs.Some pop up blockers that can be downloaded
free from the Internet are:
Pop up stopper by panicware
Pop up blocker by earthlink.net
Noadware by noadware,net
Google toolbar
3) Users are recommended to change their username/password to their PC
once their PC is cleaned.
We hope this is of hope and do contact us if you need our further
assistance.
Thanks
- -roziah
Thank you for reporting to us. We had checked www.utusan.com.my and
we confirm that the below site linked in www.utusan.com.my, that
provides free web statistics contains a downloader Trojan and Java applets,
which are components of a malicious Java archive file (JAR).
The link which is embedded in the web counter icon is as below:
http://y.extreme-dm.com/s/?tag=felixm
Once clicked on the above link, it is redirected to a malicious site
http://ilead.itrack.it,in which a downloader Trojan and malicious Java
applets will be downloaded into PCs browsing your site.
The downloader Trojan and the malicious Java applets found to be
downloaded from the above malicious site are:
TROJ_ANICMOO.AL
Details on the TROJ_ANICMOO is available at:
Symantec
http://www.symantec.com/avcenter/venc/data....anicmoo.c.html
JAVA_BYTEVER.AC
JAVA_BYTEVER.AB
JAVA_BYTEVER.A
Details on the JAVA_BYTEVER.AC, AB, A
TrendMicro
http://www.trendmicro.com/vinfo/virusencyc...JAVA_BYTEVER.AC
http://www.trendmicro.com/vinfo/virusencyc...JAVA_BYTEVER.AB
http://www.trendmicro.com/vinfo/virusencyc...=JAVA_BYTEVER.A
We had communicated with Utusan's Admin and advised him to check/remove any
untrusted sites linked in their site as the untrusted sites could be malicious
and may contain malicious programs that can be downloaded into users' machines
that browse the site.
Steps to clean up PCs infected with the above malicious programs are as below.
To clean up PCs infected with the downloader Trojan:
1) Disconnect the infected PCs from the network
2) Patch the PCs with the Microsoft Security Bulletin MS05-002,
against a vulnerability in Cursor and Icon Format Handling Could
Allow Remote Code Execution.
The patch can be downloaded at:
http://www.microsoft.com/technet/security/...n/MS05-002.mspx
NOTE: The patch can be downloaded from a clean PC into a media and
then install the patch into the infected PC.
3) Disable System Restore for Windows XP/ME
4) Install an Anti-virus software and update the anti-virus
software with latest signature files.
List of Anti-virus softwares is available at:
http://www.mycert.org.my/anti-virus.htm
NOTE: The Anti-virus software can be downloaded from a clean PC into
a media and then install the Anti-virus into the infected PC.
5) Scan the infected PC with unupdated version of Anti-virus software
and delete files detected as Trojan.Anicmoo.
6) Re-scan the PC with an updated version of Anti-virus to confirm
the PC is clean.
7) Enable System Restore for Windows XP/ME
To remove PCs infected with the malicious Java Applet:
1) Disconnect the infected PC from the network.
2) Patch the infected PC with the Microsoft Security Bulletin MS03-011,
against a flaw in Microsoft VM Could Enable System Compromise
The patch can be downloaded at:
http://www.microsoft.com/technet/security/...n/MS03-011.mspx
NOTE: The patch can be downloaded from a clean PC into a media and
then install the patch into the infected PC.
3) Disable System Restore for Windows XP/ME
4) Install an Anti-virus software and update the anti-virus
software with latest signature files.
List of Anti-virus softwares is available at:
http://www.mycert.org.my/anti-virus.htm
NOTE: The Anti-virus can be downloaded from a clean PC into a media and
then install it into the infected PC.
5) Scan the infected PC and delete any files detected as JAVA_BYTEVER.AC,
JAVA_BYTEVER.AB and JAVA_BYTEVER.A.
OR
Download ad-aware to remove the Java Applet:
http://www.lavasoft.de/software/adaware/
6) Re-scan the PC with an updated version of Anti-virus to confirm
the PC is clean.
7) Enable System Restore for Windows XP/ME.
Preventive Measures:
1) Always make sure your PC is regularly updated with latest patches.
Lates patches can be downloaded at:
http://update.microsoft.com/microsoftupdat...t.aspx?ln=en-us
2) End users may also consider to install pop up blocker to block pop
up messages appearing on PCs.Some pop up blockers that can be downloaded
free from the Internet are:
Pop up stopper by panicware
Pop up blocker by earthlink.net
Noadware by noadware,net
Google toolbar
3) Users are recommended to change their username/password to their PC
once their PC is cleaned.
We hope this is of hope and do contact us if you need our further
assistance.
Thanks
- -roziah
This post has been edited by fariz: Jun 29 2006, 07:41 PM
Quote
0.0135sec
0.49
5 queries
GZIP Disabled