I just wanted to say thanks to all the members, staff and admins/owners for all the help they have given me with all my problems. I see how huge this site is, and how active it is, and it amazes me how well run it is, and what great staff you guys got here - __James__ 
Trojan Horse Is Newest Windows Vulnerability
Posted by: Tweaker
Date added: 09:10, 29th March 2007 GMT
Source: Tech News World
A new security vulnerability in Windows could allow cybercriminals to hijack a user's machine and divert Web traffic through a malicious proxy server , Microsoft (Nasdaq: MSFT) announced on Monday.
Hackers can send e-mail messages linked to a malicious payload hosted on a remote Internet server, which could trick recipients into clicking on the link and deliver a backdoor Trojan Horse virus to a Windows Vista-based PC.
"The Backdoor Trojan has become increasing popular lately, and, if you don't know it's there, can do a lot of damage," Laura Didio, an analyst with the Yankee Group, told TechNewsWorld. The resulting damage includes anything from the deletion of files to the replication of files, data and other items that can chew up storage space, according to Didio.
Security firm Symantec (Nasdaq: SYMC) issued a warning about the vulnerability and increased its threat rating from 6.8 to 7.5, confirming the bug was exploitable remote code.
The flaw could also allow an attacker to introduce malware onto a compromised computer via Windows Mail -- the successor to Outlook Express.
"An attacker can deliver an e-mail message containing a malicious link that references a local executable," according to Symantec. "If the victim clicks on this link, the native program is executed with no further action required. For instance: an attacker could achieve the execution of the local file 'winrm.cmd.'"
Internet Explorer, for example, uses the Web Proxy Automatic Discovery (WPAD) protocol to locate the file that enables a Web browser to configure its proxy settings. The current flaw makes it possible to place a configuration file that routes Internet traffic through a malicious proxy server. A malicious WPAD.dat file can then be placed in the Domain Name System (DNS) or the Windows Internet Naming Service (WINS), Microsoft said.
Administrators can configure DNS and WINS on their servers to help prevent these "malicious registrations" of WPAD files, according to Microsoft. The fix works with Windows Server 2003 and Windows 2000 Service Pack 4.
Microsoft's Security Response Center team is downplaying the potential risks from the vulnerability, stating on its Web site, "Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."
Both Symantec and Microsoft are suggesting that users should not click links in any unsolicited e-mails, while also recommending that users should disable HTML within Windows Mail.
Tools: Post a comment | Link to this news item | Send to a friend | Submit News
Error: You are not logged in.
In order to leave comments to news articles you must be a Cyber Tech Help Member.
Registration is completely free! 
Register to become a member
Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.
