Save Your "Virtual Machine"!

16 Oct 2002
Virus News

Kaspersky Lab recommends computer users urgently install patch to defend against "Netdex". Kaspersky Lab, an international data-security software developer, reports the detection of the Trojan horse "Netdex", which exploits a vulnerability in the security system of the Microsoft Virtual Machine. Doing this allows the "Trojan" to clandestinely infect computers with malicious code and run it. An analysis of the program shows that, most likely, it is of Russian origin. In particular the program has some text written in the Russian language and a link to a domain from a Russian zone. At this time, Kaspersky Lab has received only a few confirmed infections at the hands of "Netdex" and has already undertaken the necessary measures to thwart it spreading into a global outbreak. "Netdex" is a complex multi-component malicious program that penetrates computers of those users who are visiting an infected Web site. Using a vulnerability in the Microsoft Virtual Machine security system ("Microsoft VM ActiveX Component" Vulnerability), the Web site infects victim computers with a malicious script program that drops the "Netdex" main components. These components, in turn, install on victim computers a backdoor Trojan program (a utility designed for unauthorized remote administration), which permits an ill-intended intruder to imperceptibly control infected systems and perform such functions as the creation, deletion and copying of files, sending of emails, displaying of system messages on the monitor and so on. The specific backdoor commands to be executed by "Netdex" are loaded from the same Web site. Kaspersky Lab has taken the necessary steps to close the malicious Web site, and in doing so, has liquidated "Netdex's" main breeding ground for infection. However, this does not mean that computers, lacking the patch fixing the Microsoft Virtual Machine vulnerability, face no threat. "Firstly, the malefactors behind "Netdex" can simply open another similar site or sites, thanks to many locations for hosting anonymously authored Web pages. Secondly, the damaging script program from the infected web site may be sent out via email. Finally, "Netdex" has the ability to update itself, therefore the author of the Trojan program can redirect already infected computers by executing commands from a different Web site", commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab. Users of Internet Explorer versions 3.0 - 5.5 are recommended to install the patch for the Windows security system, it can be found at the Microsoft Web site. All defenses protecting against "Netdex" have already been added to the Kaspersky Anti-Virus databases. For more detailed information about this malicious program, please visit the Kaspersky Virus Encyclopedia.