Outbreak Name: Kukudro.AB*
OUTBREAK DATE: 10-18-06
Dangerous Trojan Uses Word Document to Spread
Outbreak Filters Protects Users 19 hours and 3 minutes Before First AV Signature
IronPort’s Virus Outbreak Filters protects customers within the critical period between the first exploit of a virus outbreak and the release of an AV signature. During the recent Kukudro variant outbreak, Outbreak Filters protected customers 19 hours and 3 minutes before traditional AV vendors** provided protection.
Potential Damage from Outbreak
Kukudro.AB is a dangerous Trojan that was recently spammed out to hundreds
of thousands of email addresses and contained the subject line of "Recommended
PC anti-virus strategy". Alarmingly, the virus is contained in a seemingly benign Microsoft Word document and will therefore bypass almost all attachment filters. If the document is opened the virus exploits a Microsoft Word vulnerability to install itself. Once installed, the virus opens a backdoor that remote hackers can use to take over the computer. Once taken over, hackers can use the computer to send spam and host spyware. Remote hackers can also install key loggers and screen scrapers onto the infected PC to steal personal, confidential and financial information without the user’s knowledge.
Virus Outbreak Timeline
For more information on recent virus outbreaks visit: www.ironport.com/toc
*As named by Trend Micro.
**Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro, Computer Associates, F-Secure, Symantec and McAfee. If signature time is not available, first publicly published alert time is used. Generic signatures not included.