A new version of the dangerous Dumaru worm surfaced this weekend, and enterprise administrators are warned that this version creates a Windows Hook that logs keystrokes and opens two backdoors that experts say could enable an attacker to gain remote control of an infected system. Dumaru-Y can be contained, however. The worm travels compressed in a zip file as a .exe file. Blocking these executables and others that have no business merit should prevent infections. Most administrators have adopted this as a best practice. The worm affects Windows Server 2003, Windows 2000, NT, XP, 98, 95 and ME systems via an e-mail with the subject line: “Important information for you. Read it immediately !” The message promises photos of a woman and the attachment is called “myphoto.jpg.exe. It is important to note that there are 56 spaces between .jpg and .exe in the attachment’s file name. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.