McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

The following Microsoft vulnerabilities were announced on April 13, 2004.

MS04-011 - Security Update for Microsoft Windows (835732)

For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Malware exploiting this vulnerability can get instant access to a machine whichout any interaction of the user. We received reports, that unpatched system may reboot when attacked and displayed an error after the next reboot saying :"LSA shell error".

Based on the type of attack, the MS04-11 update covers a few vulnerabilities, the symptoms may differ.

Generic detection for threats attempting to exploit MS04-011 (CAN-2003-0907) is included in the 4351 DAT files as Exploit-HelpInject when running Script and Macro Heuristics.

Detection for threats attempting to exploit MS04-011(CAN-2004-0120) is included in the 4354 DAT files as Exploit-MS04-011.  This type of malware exploits vulnerability in Microsoft Secure Sokets Layer (SSL) library, can cause remote execution of arbitrary code on vulnerable systems.

Further information about the MS04-011 - 014 advisories are available at:
http://vil.nai.com/vil/content/v_101170.htm

Example: W32/Gaobot.worm.ali uses this vulnerability to spread. Information about this worm are available at:
http://vil.nai.com/vil/content/v_125006.htm

Symptoms

N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited.

Method of Infection

An attacker could exploit the vulnerability by creating a specially crafted message and send it to an affected system, which could then cause the affected system to execute code.

Removal

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

The following Microsoft vulnerabilities were announced on April 13, 2004.

MS04-011 - Security Update for Microsoft Windows (835732)

For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Malware exploiting this vulnerability can get instant access to a machine whichout any interaction of the user. We received reports, that unpatched system may reboot when attacked and displayed an error after the next reboot saying :"LSA shell error".

Based on the type of attack, the MS04-11 update covers a few vulnerabilities, the symptoms may differ.

Generic detection for threats attempting to exploit MS04-011 (CAN-2003-0907) is included in the 4351 DAT files as Exploit-HelpInject when running Script and Macro Heuristics.

Detection for threats attempting to exploit MS04-011(CAN-2004-0120) is included in the 4354 DAT files as Exploit-MS04-011.  This type of malware exploits vulnerability in Microsoft Secure Sokets Layer (SSL) library, can cause remote execution of arbitrary code on vulnerable systems.

Further information about the MS04-011 - 014 advisories are available at:
http://vil.nai.com/vil/content/v_101170.htm

Example: W32/Gaobot.worm.ali uses this vulnerability to spread. Information about this worm are available at:
http://vil.nai.com/vil/content/v_125006.htm

Symptoms

Symptoms -

N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited.

Method of Infection

Method of Infection -

An attacker could exploit the vulnerability by creating a specially crafted message and send it to an affected system, which could then cause the affected system to execute code.

Removal -

Removal -

Variants

Variants -

N/A