- Weekly report on viruses and intruders -

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, December 31 2004 - Spyki.A, the B variant of Santy and HHelp are dealt with in this last report of 2004.

Spyki.A and Santy.B are two worms that spread via the Internet, exploiting the Remote URL Decode Input Validation vulnerability, which affects servers with a version of phpBB prior to 2.0.11 installed.

Once the server is infected and in order to allow remote access to it, Spyki.A takes the following action:

- Installs several programs that can be controlled via IRC to take malicious action.

- Opens port TCP 6667, and connects to an IRC Server to receive remote commands.

- Scans different ports to see if it finds any open. Sanity.B on the other hand takes the following actions, among others:

- Uses Google, America Online or Yahoo searches to find vulnerable computers.

- Creates scripts -such as BOT.TXT, SSH.A, WORM.TXT or WORM1.TXT-, or downloads them to install a backdoor and connect to different IRC servers.

- Deletes all files called SSH (with any extension), or whose name begins with BOT.

We end today's report with HHelp, a generic detection for malicious code that can Exploit-HelpZonePass, which allows certain security features in Service Pack 2 for Windows XP to be evaded.

Malware that uses this exploit to spread can be used to execute arbitrary code on affected computers, withthe same permissions as the user that started the session. HHelp normally affects computers by downloading itself from a malicious webpage.

For further information about these and other computer threats, visit Panda Software's Encyclopedia:http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Exploit: This can be a technique or a program that takes advantage of a vulnerability or security hole in a certain communication protocol, operating system, or other IT utility or application.

- Script / Script virus: The term script refers to files or sections of code written in programming languages like Visual Basic Script (VBScript), JavaScript, etc.

More technical definitions at:http://www.pandasoftware.com/virus_info/glossary/default.aspx