Malicious Program
Saturday, August 25, 2001 by mcs2k1 | Discussion: WinCustomize News
A malicious program that masquerades as a Web page or HTML e-mail has dire consequences for those who fall for its ruse, antivirus experts said this week.
Known as Trojan.Offensive (Virus info provided by McAfee/AVERT), the program takes advantage of a 10-month-old flaw in Microsoft's version of the Java Virtual Machine to overwrite critical system settings--called the registry--leaving Windows computers unusable. The operating system on the victimized PC must be reinstalled or repaired through an arduous process.
"No data loss actually occurs, but the computer is basically hosed," said Craig Schmugar, a virus researcher for security software maker Network Associates.
In its current incarnation, the Trojan horse arrives in an e-mail message and appears to be an HTML document with a single hyperlinked word: "Start." Recipients of the e-mail who click the link, however, will cause a JavaScript program to run; that program will take advantage of a flaw in Microsoft's Java Virtual Machine--software used to run programs written in Sun Microsystems' Java language--to modify the system's registry.
The flaw affects all versions of Windows running Microsoft's Internet Explorer 3.0 to 5.5sp1.
By changing almost 50 registry values, the malicious program disables all programs, prevents Windows from being shut down, and makes icons on the Windows desktop disappear. Because no programs will run--not even antivirus scanners--the Windows operating system on the PC cannot be automatically repaired.
Known as Trojan.Offensive (Virus info provided by McAfee/AVERT), the program takes advantage of a 10-month-old flaw in Microsoft's version of the Java Virtual Machine to overwrite critical system settings--called the registry--leaving Windows computers unusable. The operating system on the victimized PC must be reinstalled or repaired through an arduous process.
"No data loss actually occurs, but the computer is basically hosed," said Craig Schmugar, a virus researcher for security software maker Network Associates.
In its current incarnation, the Trojan horse arrives in an e-mail message and appears to be an HTML document with a single hyperlinked word: "Start." Recipients of the e-mail who click the link, however, will cause a JavaScript program to run; that program will take advantage of a flaw in Microsoft's Java Virtual Machine--software used to run programs written in Sun Microsystems' Java language--to modify the system's registry.
The flaw affects all versions of Windows running Microsoft's Internet Explorer 3.0 to 5.5sp1.
By changing almost 50 registry values, the malicious program disables all programs, prevents Windows from being shut down, and makes icons on the Windows desktop disappear. Because no programs will run--not even antivirus scanners--the Windows operating system on the PC cannot be automatically repaired.
RadialFX
Reply #2 Sunday, August 26, 2001 4:05 PM
Reply #2 Sunday, August 26, 2001 4:05 PM
How about turning the computer off and rebooting in ms-dos mode, then running "C:scanreg /restore" and restoring the previous registry? Has that been tried? Just wondering.
Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!
Reply #1 Sunday, August 26, 2001 2:44 PM
Is everyone running updated AV software? Don't neglect this.