Re: Help with CWS trojan

From: Br0wnbear (brownbearat_at_canadadotcom.com)
Date: 06/22/04 

Date: Tue, 22 Jun 2004 16:31:31 -0400

On Tue, 22 Jun 2004 15:03:02 -0400, "Rob Conklin"
<robconklin@worldnet.att.net> wrote:

>My questions:
My answers are my opinions only.
>
>1. does Microsoft regard the vulnerability of Windows XP to infection with
>this to be a problem for which a specific security patch should be applied?
>Does a specific patch already exist? (If so, which one?)
>
Patches are available at windowsupdate.microsoft.com. Go regularly. If
you are bold there is a beta sp 2 for XP. Not recommended for
beginners or the faint of heart and 16 bit applications.

>2. In simple, clear terms, what is the vulnerability in XP leading to
>infection with CWS?

It wouldn't be a vulnerability in XP as it would be more likely linked
to Internet Explorer itself. You have to have the files on your
machine and agreed to download them to get them.
>
>3. Is there any way (preferably quite simple) to make my system
>invulnerable to this infection?

Turn on the firewall for the network/dialup connection.
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/enableicf.mspx
Also Spybot S&D Version 1.3 can be setup not to allow registry
changes. You can download this product from www.safer-networking.org
>
>4. Is this infection thought to constitute a true "back door" onto one's
>system, allowing the theft of personal information (files on the computer).

Yes it could happen. The door has been opened and the threat now
exists. The fire wall can eliminate some of the threat.

>TIA for anyone who can help
your welcome
hth
John Brown
Bears are always happy, we get to hibern8

Relevant Pages

  • Re: Help with CWS trojan
    ... >I am running Windows XP Professional on computer with a dial-up ... (which is where the vulnerability is sometimes said to ... >infection with CWS? ... Download, ...
    (microsoft.public.security.virus)
  • Re: Warning. New Windows vulnerabilty.
    ... security center warning by putting a popup in systray that says your ... see how this new vulnerability will affect users, ... It is carried on Windows Metafile images and automatically ... >> currently recommend to reduce the hazard of infection may not work. ...
    (rec.audio.pro)
  • Re: Warning. New Windows vulnerabilty.
    ... >security center warning by putting a popup in systray that says your ... >see how this new vulnerability will affect users, ... It is carried on Windows Metafile images and automatically ... >>> currently recommend to reduce the hazard of infection may not work. ...
    (rec.audio.pro)
  • Warning. New Windows vulnerabilty.
    ... In short - wmf files can carry viruses. ... Infection will occur if your email application allows a *preview* of a ... It is carried on Windows Metafile images and automatically ... Going back to the wmf vulnerability itself, ...
    (rec.audio.pro)
  • Idea for proactive worm protection
    ... Last saturday I finally got fed up with the worms and wrote a perl script. ... preventive action (not infection or infection attempt but vulnerability is ... I recommended them to block Internet access to the machines ... modified the script that after 2 days of continuous vulnerability it changes ...
    (Bugtraq)