Zyxel Threat Intelligence (Release Date: 2021-06-28)

zyxel_Lin
zyxel_Lin Posts: 13  Zyxel Employee
edited August 27 in Service & License
ZyWALLs latest virus/malware signature update protect you against more malware and threat. See how ZyWALL defends against these threats. You can view more about their details, history, and signature information in Zyxel Encyclopedia.
1.Virus/Malware

Number of updated signatures: 42375

Total number of signatures(Full): 632655 

Highlight

Win32.Netsky

Description: The Netsky family is a large family of worms that targets computers running certain versions of Microsoft Windows. The worm spread in infectious files that are attached to fake email messages. Once user opens the e-mail attachment that is built-in a Netsky variant, the worm is activated. Some variants copy the worm to network-share folders. Some variants contain a backdoor component and perform denial of service (DoS) attacks.

Win32/Netsky creates the following registry key which causes the worm to run when Windows restarts: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Gen.Win32.QVod

Description:  Trojan: Win32/Qvod.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Trojan:Win32/Qvod.A creates the following files on an affected computer:

  • %programfiles%\common files\msdown\hudw.ocx
  • %programfiles%\common files\msdown\hujj.dll
  • %programfiles%\common files\msdown\hujj.ocx
  • %programfiles%\common files\msdown\hurun.dll
  • %programfiles%\common files\msdown\hurun.ocx
  • %programfiles%\common files\msdown\svcsoft.exe
  • %programfiles%\common files\obdc\hudvd.dll
  • %programfiles%\common files\obdc\hudvd.ocx
  • %programfiles%\common files\obdc\xiaohu.js
  • <current folder>\mybat.bat
  • c:\documents and settings\all users\start menu\programs\startup\winlogon.exe

Contacts remote hosts

The malware may contact the following remote hosts:

  • agent.qvod.com using port 80
  • baky.dxkogg1018bak.info using port 969
  • list.dx673tg.info using port 12311
  • usy.usdx1019us4.us using port 999
  • www.sina.com.cn using port 80
  • yer.dxkogg1017er.info using port 6666
  • yy1.dxkogg1016yi.info using port 555

(Source: Microsoft)

2. Intrusion Detection

Number of updated signatures: 11

Highlight

CVE-2019-1311

Description: A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.

CVSS: 7.8 high

CVE-2019-1359

Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.

CVSS: 7.8 high

(Source: NIST)

3. Application Patrol

Total number of added applications: 16

Total number of updated applications: 431

Total number of applications: 3759

Highlight


Now you can easily buy and renew Zyxel licenses with just a single click from our online stores. We offer clear status of your service and give you intuitive automatic license activation after your purchase. For more advanced client management features, Circle is a simpler way for our partners to manage and grow their business.

Markterplace- one-stop, single click shop for online security license renewal.

Circle- Simplified licensing and subscription services, by bring them together.