Security Response

Trojan.Pandex was first found in early 2007and is a Trojan that is primarily used to send spam. Obviously theauthor has more ambition than to stick with simply spamming becausewe've observed the Trojan enhancing its functions continuously over thepast month or so.

Trojan.Pandex first arrives on a victim's computer as a downloader,the function of which is to download the real payload from a remoteserver. To make its job more effective it also drops two .sys files.One .sys file removes the hooks on SDT and NDIS and the filter driverson TCPIP and FileSystem, which will disable the some of the firewallsand monitoring programs, such as filemon and tdimon. It will alsoremove a rootkit installed by another malicious program.

After these preparations the Trojan injects downloading code into anInternet Explorer process. The downloaded code is made up of two parts.One is a dropper, its only task being the drop of yet a third .sys fileinto the system and to...

It has recently been discovered thatBaoFeng Storm, a movie player written in Chinese and widely used inChinese-speaking countries, contains multiple buffer-overflowvulnerabilies, some of which are being actively exploited. Thevulnerabilities are related to the ActiveX control used by the softwareand a vulnerable computer simply needs to browse a Web site, whichcontains exploit code, to be compromised. Successful exploitation thenallows remote execution of arbitrary code in the context of theapplication using the ActiveX control (in this case Internet Explorer)and allows the attacker to take full control of the compromisedcomputer. Failed exploit attempts may lead to denial-of-serviceconditions, possibly resulting in the browser crashing.

The vulnerabilities have been confirmed in version 2.7.9.8 and betaversion 2.7.9.9, although other versions may also be affected, and atthe time of this writing the vulnerabilities remain unpatched. SecurityFocus have...