Home / malwarePDF  

Exploit:Win32/Siveras.E


First posted on 07 May 2019.
Source: Microsoft

Aliases :

Exploit:Win32/Siveras.E is also known as Worm.Win32.Downloader.ak, New Malware.aj, W32/Suspicious_U.gen, Mal/Packer, Packed/Upack.

Explanation :

Exploit:Win32/Siveras.E is detection for specific known malware used to exploit a vulnerability in the Domain Name System (DNS) Server Service. This vulnerability impacts Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.   Installation & PayloadExploit:Win32/Siveras.E injects its code into the running process SVCHOST.EXE. The Trojan then drops a file to the Windows system folder and runs that file, which then attempts to connect to multiple IRC servers or remote Web sites, and sends an HTTP GET request to download an executable from a remote Web site. Retrieved files have known file names of "radi.exe" or "e##.exe", where ## is a number. Exploit:Win32/Siveras.E opens and listens on TCP ports (such as 57660 or 4444) to accept commands from remote attackers. These commands could include instructions to initiate network scanning in search of other vulnerable computers.  Additional InformationFor vulnerability details and patch information, please see Microsoft Security Bulletin MS07-029 at http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx.

Last update 07 May 2019

 

TOP