Malware Exploits Windows’ WMI UtilityLennard Galang, an Engineer, Trend Micro, writes in a blog that two malware pieces have been detected which exploit WMI (Windows Management Instrumentation) a Windows facility for the launch of their malevolent activities, as reported by Help Net Security on May 27, 2010. The Windows Management Instrumentation service helps end-users retrieve and access details regarding their operating systems. Administrators find it especially useful, particularly within enterprise environments. This is because WMI handles software loaded on computers within a network, utilizing a code language from among many. For hackers, WMI is a preferred service for attack to enable them to host their malicious software since there is a large database in it. The miscreants introduce crafty pragma into WMI and make affected computers retrieve confidential data, raise the system privileges of the hackers so that they can peek into the affected PC and the rest within the network, and implant malevolent codes inside target services. The new attack, which TrendLabs spotted, has a WMI code called TROJ_WMIGHOST.A packaged with a DLL malicious program called BKDR_HTTBOT.EA, when it attacks a system. Moreover, the malicious WMI code displays two Web-browser windows. One of them lets BKDR_HTTBOT.EA to run through ActiveX content. The other allows a backdoor attach a Word, Excel or PowerPoint Office file to an external website and run other malevolent codes using the Ghost IP. Owning to this backdoor, end-users become endangered with losing confidential as well as vital data. Nonetheless, the usage of WMI for malevolent activities isn't something new. At the 2008 Kiwicon (New Zealand hacker conference), one Internet security expert presented a proof-of-concept Trojan named 'The Moth,' which deploys malware by using WMI. The Trojan apparently installs and runs more malware on the infected computer alternatively on removable drives. In the process, it conceals malevolent scripts and again launches a rootkit even when it's spotted and eliminated. To stay secured, the security specialists stated that Internet users could adopt some simple measures such as deploying and routinely making their AV software up-to-date, installing OS patches along with service packs, and applying a relevant firewall. Related article: Malware Authors Turn More Insidious » SPAMfighter News - 6/7/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
