Wednesday, November 10, 2004

New Version of MyDoom Worm Maybe Near Us!

Anti-virus companies are reporting a worm that spreads via a new vulnerability in Internet Explorer.
The vulnerability is not present in Windows XP Service Pack 2, but in all earlier versions of Internet Explorer 6, and no patch is available. It involves a buffer overflow triggered by an IFRAME or EMBED tag, which has an oversized SRC or NAME attribute.I don't know how it works exactly but only the worm, known as in McAfee's naming, does not have a file attachment, as is typical of mail worms. Instead, it installs a Web server on Port 1639 of the infected system. The e-mails it sends out to spread itself contains a link to the server on the infected computer.

No comments: