Weekly Report on Viruses and Intruders -Wapplex.C, Sohanat.A, Ajax, VML.A
This week’s report from Panda Software focuses on the Wapplex.C and Sohanat.A worms, the adware program Ajax and the exploit VML.A, designed to take advantage of a critical vulnerability in Microsoft Internet Explorer.
Wapplex.C is a worm that, although it does not have any damaging effects, stands out for the variety of means it uses to spread. To spread across networks, this worm can copy itself to the different shared resources. Similarly, it can infect mapped drives.
It can also spread via email in different types of files, such as:
– Executable files compressed in ZIP format.
– JPG image files, compressed or uncompressed, which can exploit the WMF vulnerability.
To prevent any type of attack from this worm or any other worm that exploits the aforementioned vulnerability, it is highly recommendable to install the corresponding patch released by Microsoft.
The second worm in today’s report is Sohanat.A, whose aim is to modify different elements. These include the Internet Explorer home page and address bar title, the web page displayed when the user opens Yahoo Messenger, etc.
This worm spreads through the instant messaging program Yahoo Messenger by sending messages that include a link. If the user clicks on the link, a web page opens, which contains an exploit that installs the worm on the computer.
The adware program Ajax, reaches computers when users visit a certain malicious website that is designed to download it to the computer without the user realizing. Once installed, as well as showing advertising every so often, it causes the computer to significantly slow down, with the problems that this can cause.
Finally, the VML vulnerability has been classified as critical and affects a large number of versions of Windows XP and Windows Server 2003. This vulnerability lies in the way in which Microsoft Internet Explorer handles VML (Vector Markup Language) graphics. As a result, a hacker could host a specially-crafted web page that, when visited by users, forces the browser to silently download and run files. In fact, proof-of-concept code of this issue has been published.
Microsoft has not yet released the patch to fix this vulnerability. In the meantime, users are recommended to disable execution of Java script in the Microsoft Internet Explorer settings.