|
Description:
This memory-based worm spreads on systems running BlackIce. It does not drop any file nor create any registry entries.
It takes advantage of a vulnerability in the ICQ Instant Messaging protocol parsing routines of the ISS Protocol Analysis Module (PAM) component, which may lead to a buffer overflow.
More information about this vulnerability, which is known as Internet Security Systems PAM ICQ Server Response Processing Vulnerability, is available from the following security pages:
This worm spreads across the network via source port 4000 using UDP packets, which are sent to random destination ports. It sends itself to 20,000 remote machines using randomly-generated IP addresses.
It is supposed to open a random physical disk drive and may overwrite a random sector of the affected hard disk.
Note that the malware code that executes the attack resides only in the memory of affected BlackIce systems, and there are no file counterparts. Because of this, antivirus file scanners are unable to detect the code and there is no applicable pattern file.
TrendLabs advises all affected BlackIce users to download and install the necessary patch from the link provided in the solution section.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 20, 2004 5:34:05 AM GMT -0800
Description updated: Mar. 20, 2004 5:34:23 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
