Trojan.Ladocosm

Security Bulletins

2013-10-18 - [slackware-security] hplip (SSA:2013-291-01)

10/19/2013

2013-10-18 - [slackware-security] libtiff (SSA:2013-290-01)

10/18/2013

2013-10-14 - [slackware-security] xorg-server (SSA:2013-287-05)

10/15/2013

2013-10-14 - [slackware-security] libgpg-error (SSA:2013-287-04)

10/15/2013

2013-10-14 - [slackware-security] gnutls (SSA:2013-287-03)

10/15/2013

Latest Malware Updates

Type: Trojan
Discovered: 26.02.2015
Updated: 26.02.2015
Affected systems: Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
AV Vendor: Symantec

Description:

The Trojan may arrive on the computer through Downloader.Busadom.

When the Trojan is executed, it creates the following registry entry so that it runs every time Windows starts:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"WindowDbg Tools" = "rundll32.exe [THREAT FILE NAME].dll"

The Trojan then creates the following mutex:

Global\9-9-99-999ABDF-6845-404F-350D-4567ABCDEE-4-E-66

Next, the Trojan connects to the following remote location:

iad23s02-in-f33.1b100.net

The Trojan then gathers the following system information:

Dynamic Host Configuration Protocol (DHCP) server
Adaptor name
Adaptor address

The Trojan may then perform the following actions:

Download data, load it into memory, and execute it
Use a HTTP tunnel to bypass security software

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

Multiple Vulnerabilities in Linux kernel

03/04/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015