Weekly Report on Viruses and Intruders – BiWili.A and Microsoft Vulnerabilities
Every week, Panda Software releases a report summarizing the most significant events in the world of computer viruses and intrusions. This week’s report examines a malicious code that can infect both Linux and Windows platforms, as well as the vulnerabilities corrected by Microsoft in its latest security bulletins.
The malicious code called Biwili.A stands out for its ability to infect both Linux and Windows platforms. Despite claims in the media to the contrary, this capability is not entirely new, as in 2001 a malicious code called “ELF/Winux.2784” appeared which was also able to infect both platforms.
Biwili.A is no normal malicious code, as it falls into the category of “proof of concept”. This means that it is really a test so that other malicious code can be created using the techniques employed to craft BiWili.A. This malicious code infects PE (Portable Executable) and ELF (Executable and Linking Format) files in the directory in which it is located.
Interestingly, PandaLabs has explained that this is a virus of the “old school’, unlike the Trojans or worms that are frequently seen nowadays, as in order to spread it infects executable files adding its code behind the file header, a typical trait of classic viruses.
Fortunately, Biwili.A has no destructive effects and merely serves to demonstrate its capabilities. It is a proof of concept highlighting the fact that it is possible to create a virus that can affect both Linux and Windows platforms. Nevertheless, it is possible that in the future we will see malicious code based on the concept of Biwili.A.
On the other hand, Panda Software’s weekly report on viruses and intruders also looks at the security bulletins released by Microsoft. These bulletins offer five updates for the company’s products. The first of these (bulletin MS06-013) is the much-awaited update for Internet Explorer to correct serious vulnerabilities through which an attacker could take control of a compromised system. An attacker could therefore, install programs with serious consequences or carry out any task without the user realizing.
The second, in bulletin MS06-013, corrects an error in MDAC (Microsoft Data Access Components), and can also allow a user to run code on affected systems (Microsoft Data Access Components, Microsoft Windows 2000, Windows Server 2003 y Windows XP).
A third vulnerability, also critical as it allows the remote execution of code, affects Windows Explorer and is described in “Microsoft Security Bulletin MS06-015”. It affects Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 98 and Windows ME.
Other vulnerabilities, less serious according to Microsoft, affect Outlook Express (described in bulletin MS06-015) and FrontPage Server extensions (in bulletin MS06-017).