Virus Malware and Threat News for 20080429
Trojan-Downloader:JS/Psyme.CK - Trojan-Downloader:JS/Psyme.CK at F-Secure
Trojan-Downloader:JS/Psyme.CK exploits vulnerabilities found in the affected system and also redirects to
other sites. It then attempts to download and execute a binary from a specific URL.
...
Trojan-PSW:W32/OnLineGames.SZJ - Trojan-PSW:W32/OnLineGames.SZJ at F-Secure
Trojan-PSW:W32/OnLineGames.SZJ is a DLL component whose function is to steal sensitive account information.
...
Trojan-PSW:W32/OnLineGames.JCT - Trojan-PSW:W32/OnLineGames.JCT at F-Secure
The file detected as Trojan-PSW.Win32.OnLineGames.JCT drops another trojan that is detected as
Trojan-Downloader.Win32.Agent.BLM.
...
Trojan-Downloader:W32/Agent.BUV - Trojan-Downloader:W32/Agent.BUV at F-Secure
Trojan-Downloader:W32/Agent.BUV downloads malicious files from a remote server. It then executes and installs
the downloaded files.
...
Trojan-Downloader:JS/Agent.ANI - Trojan-Downloader:JS/Agent.ANI at F-Secure
Trojan-Downloader:JS/Agent.ANI exploits a vulnerability in a PPStream ActiveX control to download and execute
arbitrary code on the exploited system.
...
Exploit:HTML/IESlice.BK - Exploit:HTML/IESlice.BK at F-Secure
Exploit:HTML/IESlice.BK exploits a vulnerability in an ActiveX control used by Xunlei Thunder 5.7.4.401.
Malicious or compromised websites use the exploit to download and execute arbitrary code.
...
Exploit:JS/RealPlr.T - Exploit:JS/RealPlr.T at F-Secure
Exploit:JS/RealPlr.T is JavaScript usually found on malicious or compromised websites. It is used to silently
install malware onto the website visitor's system.
...
Trojan.Asnoms!inf - Trojan.Asnoms!inf at Norton Symantec
Trojan.Asnoms!inf is a detection for files that have been modified to load other malicious files during system
start up....
Trojan.Qipian - Trojan.Qipian at Norton Symantec
Trojan.Qipian is a Trojan horse that steals information from the compromised computer.
...
Adware.Okcashbackmall - Adware.Okcashbackmall at Norton Symantec
BehaviorAdware.Okcashbackmall is an adware program that may redirect the browser from destination Web sites.
...
PE_MUMAWOW.BG-O - PE_MUMAWOW.BG-O at Trend Micro
This file infector may be dropped by other malware. It may be downloaded unknowingly by a user when visiting
malicious Web site(s).It drops a copy of itself in the Windows folder.It creates a registry entry to enable
its automatic execution at every system startup. It creates a registry key and entries as part of its
installation rou...
PE_MUMAWOW.BG - PE_MUMAWOW.BG at Trend Micro
This file infector is the Trend Micro detection for files infected by the mother file infector, PE_MUMAWOW.
BG-O.This file infector may be downloaded from remote sites by other malware. It may be dropped by other
malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.It drops the file
XUE.XUE (detec...
TROJ_DROPPER.MAT - TROJ_DROPPER.MAT at Trend Micro
...
Mal/EncPk-BW - Mal/EncPk-BW at Sophos
Mal/EncPk-BW is a program that has been packed with a protection system typically used by malware
authors. ...
Troj/Dwnldr-HCQ - Troj/Dwnldr-HCQ at Sophos
...
Troj/Conhook-AM - Troj/Conhook-AM at Sophos
Troj/Conhook-AM creates the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<Random Letters> DLLName
<Random FileName>.dll HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\<Rand...
Troj/Xiao-A - Troj/Xiao-A at Sophos
Troj/Xiao-A attempts to steal account ids and passwords .
...
Troj/ZlobDr-I - Troj/ZlobDr-I at Sophos
...
W32/Xiao-A - W32/Xiao-A at Sophos
W32/Xiao-A attempts to steal account ids and passwords .
...
Linux/Binom-Gen - Linux/Binom-Gen at Sophos
...
Mal/EncPk-DL - Mal/EncPk-DL at Sophos
Mal/EncPk-DL is a program packed with a protection system typically used by malware authors.
...
Troj/LinFlA-Gen - Troj/LinFlA-Gen at Sophos
...
0 writebacks [04/30/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080428
Email-Worm:W32/Agent.EV - Email-Worm:W32/Agent.EV at F-Secure
Email-Worm.Win32.Agent.ev arrives on systems as an e-mail attachment and attempts to download additional
components onto the system if executed.
...
KidControl - KidControl at Norton Symantec
BehaviorKidControl is a parental control program that records keystrokes and emails, then sends the logged
confidential information to a predetermined email address.
...
W32.Mandaph - W32.Mandaph at Norton Symantec
W32.Mandaph is a worm that spreads through mapped and fixed s drives and download additional malware.
...
IEAntivirus - IEAntivirus at Norton Symantec
BehaviorIEAntivirus is a misleading application that may give exaggerated reports of threats on the computer.
...
Mal/Behav-183 - Mal/Behav-183 at Sophos
Detection for members of Mal/Behav-183 is behavior based. It is extremely important that customers
report detections of Mal/Behav-183 to Sophos and send a sample for analysis.
...
Troj/Agent-GXH - Troj/Agent-GXH at Sophos
...
Troj/Banloa-FF - Troj/Banloa-FF at Sophos
When first run Troj/Banloa-FF launches a browser which then attempts to open a malicious website.
Troj/Banloa-FF continues to run in the background attempting to download multiple files
from another malicious site. Once downloaded Troj/Banloa-FF executes these files. ( The
dow...
Troj/Delf-FAJ - Troj/Delf-FAJ at Sophos
...
Troj/Farfl-Gen - Troj/Farfl-Gen at Sophos
Troj/Farfl-Gen is a Trojan for the Windows platform.
...
Troj/Mdrop-BSB - Troj/Mdrop-BSB at Sophos
Troj/Mdrop-BSB drops the file <Windows>\<Random number>.dll which is detected as
Mal/LineDLL-B.
...
Mal/Behav-208 - Mal/Behav-208 at Sophos
Sophos updated detection of Mal/Behav-208 in ntroo-dg.ide (published 28 April 19:06
GMT) to remove a possible misdetection originally issued in agen-gxg.ide (published 28 April 14:19 GMT).
This issue is now resolved. Please contact technical support if you require further
information. ...
Mal/Behav-223 - Mal/Behav-223 at Sophos
Mal/Behav-223 is a family of malicious programs for the Windows platform.
Members of Mal/Behav-223 are typically internet banking Trojans. Detection
for members of Mal/Behav-223 is behavior based. It is extremely important that customers report detections of
Mal/B...
Mal/Mdrop-B - Mal/Mdrop-B at Sophos
Mal/Mdrop-B is a Trojan which drops more files and may attempt to terminate security related processes.
...
0 writebacks [04/29/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080427
Troj/Agent-GXF - Troj/Agent-GXF at Sophos
...
Troj/Banker-ELL - Troj/Banker-ELL at Sophos
...
Troj/Banker-ELM - Troj/Banker-ELM at Sophos
Troj/Banker-ELM is a modular banking Trojan that installs itself as a Browser Helper Object in
order to steal login credentials for various Brazilian banking websites.
...
Troj/Banspy-E - Troj/Banspy-E at Sophos
...
Troj/Formall-C - Troj/Formall-C at Sophos
Troj/Formall-C is a destructive VB script that attempts to format all drives.
...
0 writebacks [04/28/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080426
Infostealer.Gamler - Infostealer.Gamler at Norton Symantec
Infostealer.Gamler is a Trojan horse that attempts to steal passwords on the compromised computer.
...
TROJ_KILLWIN.AM - TROJ_KILLWIN.AM at Trend Micro
This Trojan may be dropped by TROJ_SHEZAN.C.When executed, it modifies the system's HOSTS files to prevent
users from accessing certain Web sites. It also redirects users to certain Web sites, possibly to download
files....
Troj/Dload-CA - Troj/Dload-CA at Sophos
...
Troj/VB-DZK - Troj/VB-DZK at Sophos
Troj/VB-DZK is a Trojan for the Windows platform. When Troj/VB-DZK is
installed the following files are created: <Windows>\Config\csrss.exe
<System>\mswinsck.ocx The following registry entry is changed to run Troj/VB-DZK
on startup...
W32/Looked-L - W32/Looked-L at Sophos
W32/Looked-L is a virus for the Windows platform.The virus includes functionalities to - access the internet
and communicate with a remote server via HTTP - silently download, install and run new software - terminate
processes related to AVWhen first run W32/Looked-L copies itself to <Windows>\rundl132.exe and
<Windows>\...
Troj/FakeVir-AZ - Troj/FakeVir-AZ at Sophos
Troj/FakeVir-AZ claims to be a malware removal tool named "AntiSpywareMaster".
The Trojan scans the computer and reports malware in files that are in reality clean system components. If
the user clicks the "Remove Now" button, they are taken to the registration page in the hope that they will
pay to...
Troj/Agent-GXE - Troj/Agent-GXE at Sophos
...
Troj/Dloadr-BLB - Troj/Dloadr-BLB at Sophos
...
Troj/Dloadr-BLC - Troj/Dloadr-BLC at Sophos
...
Troj/FakeVir-AY - Troj/FakeVir-AY at Sophos
Troj/FakeVir-AY pretends to be an anti-spyware program called MalwareBell. It detects clean files
on the victim computer as infected with malware, then attempts to scare the user into purchasing "the full
version" of MalwareBell. When run Troj/FakeVir-AY creates the following files:
...
Troj/Mdrop-BSA - Troj/Mdrop-BSA at Sophos
Troj/Mdrop-BSA drops the file <System>\run32.dll (detected as Mal/LineDLL-B) and registers
it as a browser helper object.
...
Troj/Rootkit-CM - Troj/Rootkit-CM at Sophos
...
0 writebacks [04/27/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080425
Spyware.SpyMail - Spyware.SpyMail at Norton Symantec
BehaviorSpyware.SpyMail is a spyware program that may steal sensitive information from the computer.
...
W32/Rastax.worm - W32/Rastax.worm at McAfee
The virus copies itself to the Windows directory:%WinDir%\system32\csoss.exe%WinDir%\syste32\setup\lsass.
exe%WinDir%\system32\drivers\lsass.exe%WinDir%\temp\lsass.exe(where %WinDir% is the default Windows directory,
for example C:\WINNT, C:\WINDOWS etc.)and creates registry run keys to load itself at
startup
HKEY_LOCAL_MACHINE\SO...
W32/Sdbot.worm!54D1EEB9 - W32/Sdbot.worm!54D1EEB9 at McAfee
This is a variant of W32/Sdbot.worm which bears strong resemblance to the many other members of this rapidly
growing family. It bears the following characteristics:propagates to machines vulnerable to the following
exploits: DCcomRPC http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx ASN.1 vulnerability
(MS04-007) ...
PE_SALITY.M - PE_SALITY.M at Trend Micro
This file infector may be downloaded from remote sites by other malware.It may be dropped by other malware.It
may be downloaded unknowingly by a user when visiting malicious Web sites.It infects by appending its code to
target host files.It infects specific files.It avoids folders with certain strings.It drops a file, which is
detect...
TROJ_TIBS.AYH - TROJ_TIBS.AYH at Trend Micro
...
TROJ_SHEZAN.C - TROJ_SHEZAN.C at Trend Micro
This Trojan may be downloaded from certain remote sites. It drops component file(s) detected by Trend Micro as
TROJ_KILLWIN.AM.As a result, malicious routines of the dropped file may also be exhibited on the affected
system.It modifies the system's HOSTS file to prevent users from accessing Web sites related to Bancomer.When
an affec...
TROJ_AGENT.ANAF - TROJ_AGENT.ANAF at Trend Micro
This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
be downloaded unknowingly by a user when visiting malicious Web sites.It drops files/components. Upon
execution, it displays the following Graphical User Interface (GUI):It creates registry entries to enable its
automatic exec...
Troj/Zlob-AKM - Troj/Zlob-AKM at Sophos
Troj/Zlob-AKM is a Trojan for the Windows platform. When Troj/Zlob-AKM is
installed the following files are created: <Current Folder>\sbmdl.dll
<Current Folder>\sbsm.exe The following registry entry is created to run
Troj/Zlob-AKM ...
Troj/Zlob-AKN - Troj/Zlob-AKN at Sophos
Troj/Zlob-AKN is a Trojan for the Windows platform. Troj/Zlob-AKN includes
functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Zlob-AKN is installed it creates the file <Current Folder>\scm.exe. The
followi...
Troj/Zlob-AKO - Troj/Zlob-AKO at Sophos
...
W32/Allaple-F - W32/Allaple-F at Sophos
W32/Allaple-F is a worm for the Windows platform. W32/Allaple-F spreads to
other network computers protected by weak passwords. When first run W32/Allaple-F moves
itself to the Windows system folder with a randomly generated filename and registers itself as a new file
system d...
Troj/Agent-GXC - Troj/Agent-GXC at Sophos
...
Troj/BackDr-V - Troj/BackDr-V at Sophos
...
Troj/Banker-ELJ - Troj/Banker-ELJ at Sophos
...
Troj/Hosts-D - Troj/Hosts-D at Sophos
Troj/Hosts-D installs a new HOSTS file in order to redirect the user from legitimate internet
banking sites to malicious domains.
...
Troj/MDrop-BRZ - Troj/MDrop-BRZ at Sophos
...
Troj/Shark-C - Troj/Shark-C at Sophos
...
0 writebacks [04/26/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080424
W32.Otwycal.A - W32.Otwycal.A at Norton Symantec
W32.Otwycal.A is a worm that spreads by copying itself to network shares on the compromised computer.
...
TROJ_AGENT.XOO - TROJ_AGENT.XOO at Trend Micro
This Trojan may be dropped by other malware, specifically by PE_SALITY.M-O. It may arrive bundled with
malware packages as a malware component.It is installed as a service by its dropper to enable its automatic
execution in every system startup. It is capable of hiding files and processes by modifying assigned functions
in the file ...
Troj/Agent-GXB - Troj/Agent-GXB at Sophos
Troj/Agent-GXB reads information from foreground windows on the computer.
Troj/Agent-GXB sends out the information obtained using a combination of SSL connections and email.
Troj/Agent-GXB inserts its filename into the following registry entry:
HKLM\SYST...
Troj/Dloadr-BLA - Troj/Dloadr-BLA at Sophos
Troj/Dloadr-BLA copies itself to <System>\wind32.exe Troj/Dloadr-BLA
creates the following registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
System <System>\wind32.exe Troj/Dloadr-BLA disables the Windows task
manag...
Mal/Behav-066 - Mal/Behav-066 at Sophos
Mal/Behav-066 is a malicious program for the Windows platform. Detection
for members of Mal/Behav-066 is behavior based. It is extremely important that customers report detections of
Mal/Behav-066 to Sophos and send a sample for analysis.
...
Mal/EncPk-DK - Mal/EncPk-DK at Sophos
Mal/EncPk-DK is a program packed with a protection system typically used by malware authors.
...
Troj/Agent-GXA - Troj/Agent-GXA at Sophos
Troj/Agent-GXA is a Trojan for the Windows platform. Troj/Agent-GXA runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/Agent-GXA copies itself
to <...
Troj/ConSrv-Gen - Troj/ConSrv-Gen at Sophos
...
Troj/FakePl-A - Troj/FakePl-A at Sophos
Troj/FakePl-A is a Denial of Service (DoS) tool targetting TeamSpeak servers.
The tool can be used to generate repeated fake user logons to the TeamSpeak server, so that the number of
users exceeds the server limit and genuine users are denied access.
...
Troj/Gampass-S - Troj/Gampass-S at Sophos
...
Troj/Mdrop-BRX - Troj/Mdrop-BRX at Sophos
...
0 writebacks [04/25/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080423
Trojan:W32/Pakes.CSG - Trojan:W32/Pakes.CSG at F-Secure
Trojan:W32/Pakes.CSG attempts to get "rogueware" installed on the victim's computer by claiming the computer
is infected by spyware. It also makes changes to the system registry and posts information about the computer
to a remote server....
Trojan.Mdropper.AB - Trojan.Mdropper.AB at Norton Symantec
Trojan.Mdropper.AB is a Trojan horse program that arrives through email as an MS Office file and downloads
additional malware on to the compromised computer.
...
PrivacyWatcher - PrivacyWatcher at Norton Symantec
BehaviorPrivacyWatcher is a misleading application that may give exaggerated reports of threats on the
computer....
MessengerSkinner - MessengerSkinner at Norton Symantec
BehaviorMessengerSkinner is a potentially unwanted application that may drop a copy of Trojan.Skintrim on to
the computer. It may also display pop-up advertisements on the computer.
...
Troj/Bancos-BEA - Troj/Bancos-BEA at Sophos
...
Troj/Keylog-KE - Troj/Keylog-KE at Sophos
Troj/Keylog-KE copies itself to <System>\wuaucltl.exe. Troj/Keylog-KE
drops file <System>\pshelp.dll - also detected as Troj/Keylog-KE. Troj/Keylog-KE
registers itself as "system Idle Process" that starts up automatically. Troj/Keylog-KE
star...
Troj/Qhost-N - Troj/Qhost-N at Sophos
...
W32/Autorun-DP - W32/Autorun-DP at Sophos
When first run W32/Autorun-DP copies itself to: - <Windows>\windowsmp.
exe - <System>\init.exe - <Windows>\yoos.b -
<Root>\explorer.exe The following registry entry is created to run windowsmp.exe
on startup: ...
W32/Imaut-B - W32/Imaut-B at Sophos
W32/Imaut-B is a worm for the Windows platform.
When first run, W32/Imaut-B copies itself to the
Windows folder and creates the file: <Windows>\pc-off.bat ( The file pc-off.bat is
a small script that is used to restart the s...
W32/Sohana-AU - W32/Sohana-AU at Sophos
W32/Sohana-AU is a worm for the Windows platform. W32/Sohana-AU includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Sohana-AU copies itself to: <Windows>\SSCVIHOST.exe
<Syste...
W32/VB-DZJ - W32/VB-DZJ at Sophos
W32/VB-DZJ attempts to spread by copying itself to available network drives.
When first run W32/VB-DZJ copies itself to <System>\WinSevices.exe and creates the folder <Current
Folder>\WinSevic. Folder WinSevic contains several text files ending with the
extension...
W32/Vetor-A - W32/Vetor-A at Sophos
W32/Vetor-A is a virus for the Windows platform. When the virus is run it
attempts to hook itself into the system and infect files. W32/Vetor-A usually has both polymorphic and
midinfecting capability. W32/Vetor-A may also connect to IRC networks in an attempt to
spread itself...
Troj/Agent-GWW - Troj/Agent-GWW at Sophos
Troj/Agent-GWW copies itself to <Windows>\Taskmon.exe
Troj/Agent-GWW creates the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run taskmon <Windows>\taskmon.exe
...
Troj/Agent-GWX - Troj/Agent-GWX at Sophos
...
0 writebacks [04/24/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080422
Trojan-PSW:W32/LdPinch - Trojan-PSW:W32/LdPinch at F-Secure
Trojan-PSW:W32/LdPinch is family of trojans whose main purpose is to steal passwords for a wide array of
programs from an infected computer. Some variants also include other functionality such as backdoor
capabilities....
Backdoor.Wnetpols - Backdoor.Wnetpols at Norton Symantec
Backdoor.Wnetpols is a Trojan horse that opens a back door on the compromised
computer...
SudoPlanet - SudoPlanet at Norton Symantec
BehaviorSudoPlanet is a potentially unwanted program that may drop a copy of Trojan.Skintrim on to the
computer....
GoRecord - GoRecord at Norton Symantec
BehaviorGoRecord is a potentially unwanted program that may drop a copy of Trojan.Skintrim on to the computer.
...
WebMediaPlayer - WebMediaPlayer at Norton Symantec
BehaviorWebMediaPlayer is a potentially unwanted application that may drop a copy of Trojan.Skintrim on to the
computer. It may also display pop-up advertisements on the computer.
...
HotTv - HotTv at Norton Symantec
BehaviorHotTv is a potentially unwanted application that may drop a copy of Trojan.Skintrim on to the computer.
It may also download pornographic content on to the computer.
...
InternetGameBox - InternetGameBox at Norton Symantec
BehaviorInternetGameBox is a potentially unwanted application that may drop a copy of Trojan.Skintrim on to
the computer....
WinSpywareProtect - WinSpywareProtect at Norton Symantec
BehaviorWinSpywareProtect is a misleading application that may give exaggerated reports of threats on the
computer....
FDoS-RedFlag - FDoS-RedFlag at McAfee
-- Update April 22, 2008 --The risk assessment of this threat has been updated to Low-Profiled due to
media attention at:http://ddanchev.blogspot.com/2008/04/chinese-hacktivists-waging-peoples.html--This is a
trojan that performs a denial of service attack to CNN website by sending large number of HTTP
GET requests.&nb...
Exploit-CVE2008-1083 - Exploit-CVE2008-1083 at McAfee
This is a generic detection for malware that attempts to exploit a heap buffer overflow vulnerability that is
patched by the vendor in MS08-021. The vulnerability lies in the processing of maliciously crafted integer
calculations in EMF or WMF files by the Microsoft Graphics Device Interface (GDI) component.When successful,
the explo...
Exploit-CVE2008-1087 - Exploit-CVE2008-1087 at McAfee
In the wild exploits have been discovered to download and install the BackDoor-DKI trojan from a malicious
site hosted on the igloofamily.com domain.----This is a generic detection for malware that attempts to exploit
a stack buffer overflow vulnerability that is patched by the vendor in MS08-021. The vulnerability lies in the
proces...
Exploit-CVE2008-0083 - Exploit-CVE2008-0083 at McAfee
This is a generic detection for malware that attempts to exploit a vulnerability that is patched by the vendor
in MS08-022. The vulnerability lies in the Windows VBScript and JScript scripting engine.When visiting a
malicious website exploiting this vulnerability, the exploit can cause arbitrary code execution to install
additional m...
Mal/EncPk-DG - Mal/EncPk-DG at Sophos
Mal/EncPk-DG is a program that has been packed with a protection system typically used by malware
authors. ...
Troj/Bckdr-QND - Troj/Bckdr-QND at Sophos
...
Troj/Fanbot-G - Troj/Fanbot-G at Sophos
Troj/Fanbot-G drops the following files which are also detected as Troj/Fanbot-G:
<Profile>\Local Settings\Temp\1.sys <Profile>\Local Settings\Temp\2.sys
Troj/Fanbot-G registers itself as Netmanager Service and iCafe Service. Troj/Fanbot-G
contains fu...
Troj/Mdrop-BRU - Troj/Mdrop-BRU at Sophos
Troj/Mdrop-BRU drops and executes the file <Profile>\Local Settings\TempServices.exe which
is detected as Troj/Keylog-JV.
...
Troj/Mdrop-BRV - Troj/Mdrop-BRV at Sophos
Troj/Mdrop-BRV drops the file <Profile>\Local Settings\Temp\<Random folder
name>\nasser.exe which is detected as Mal/EncPk-CI.
...
Troj/Psyme-IK - Troj/Psyme-IK at Sophos
Troj/Psyme-IK attempts to download and execute a file from a remote website to the Temp folder.
This file is currently detected as Mal/Generic-A.
...
W32/Autorun-DM - W32/Autorun-DM at Sophos
When first run W32/Autorun-DM copies itself to: <System>\kaspersky.
exe and creates the following file: <System>\winlog.txt -
0 byte file, can be deleted safely. W32/Autorun-DM also copies itself to removable
drives with...
W32/Sohana-AT - W32/Sohana-AT at Sophos
W32/Sohana-AT is a Trojan for the Windows platform. W32/Sohana-AT includes
functionality to download, install and run new software. When W32/Sohana-AT is
installed it creates the file <Windows>\taskmng.exe. The following registry
entries are set, d...
0 writebacks [04/23/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080421
W32.Bancotrep@mm - W32.Bancotrep@mm at Norton Symantec
W32.Bancotrep@mm is a mass-mailing worm that steals confidential information from the compromised computer.
...
W32.Sality.AE - W32.Sality.AE at Norton Symantec
W32.Sality.AE is a virus that spreads by infecting executable files and attempts to download potentially
malicious files from the Internet.
...
W32/Autorun.worm!F5EDC36C - W32/Autorun.worm!F5EDC36C at McAfee
W32/Autorun.worm!F5EDC36C has the following attributes:File size: 116,814 bytesMD5:
60F5BED2E239731A6AB4EFC341A922C2CRC32: F5EDC36CUpon execution, the worm drops the following files:
%WINDOWS%\system32\kavo.exe (W32/Autorun.worm!F5EDC36C) %WINDOWS%\system32\kavo0.dll
(detected as PWS-OnlineGames.a trojan since D...
W32/Autorun.worm.cd - W32/Autorun.worm.cd at McAfee
This detection is for a worm.It attempts to spread to removable drives by creating an autorun.inf file, which
will run the worm automatically, if a systems which use the removable drive are set to Autorun. The following
registry keys are created:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\{28B0E5C2-99...
TROJ_DLOADER.RFQ - TROJ_DLOADER.RFQ at Trend Micro
...
Troj/Dloadr-BKU - Troj/Dloadr-BKU at Sophos
Troj/Dloadr-BKU downloads the following files: 1.exe - detected
as Mal/EncPk-DI 2.exe - this file can be safely deleted 3.exe - also detected as
Troj/Dloadr-BKU. Troj/Dloadr-BKU creates and executes the following file:
a...
W32/Looked-EG - W32/Looked-EG at Sophos
...
Mal/EncPk-DI - Mal/EncPk-DI at Sophos
Mal/EncPk-DI is a program that has been packed with an obfuscation system typically used by
malware authors.
...
Mal/TibsPk-E - Mal/TibsPk-E at Sophos
...
Troj/Agent-GWS - Troj/Agent-GWS at Sophos
...
Troj/Dloadr-BKT - Troj/Dloadr-BKT at Sophos
Troj/Dloadr-BKT is a Trojan for the Windows platform. Troj/Dloadr-BKT
includes functionality to download, install and run new software.
...
Troj/Proxy-IK - Troj/Proxy-IK at Sophos
Troj/Proxy-IK provides a proxy service for a remote attacker. Troj/Proxy-IK
provides two HTTP proxy servers (on randomly chosen TCP ports in the range 1340-9339) and a DNS proxy server
(on UDP port 53). Troj/Proxy-IK changes settings in the Windows firewall in order to
connect...
Mal/Behav-220 - Mal/Behav-220 at Sophos
Mal/Behav-220 is a malicious program for the Windows platform. Detection
for members of Mal/Behav-220 is behavior based. It is extremely important that customers report detections of
Mal/Behav-220 to Sophos and send a sample for analysis.
...
0 writebacks [04/22/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080420
Troj/PWS-AQZ - Troj/PWS-AQZ at Sophos
...
Troj/Agent-GWP - Troj/Agent-GWP at Sophos
Troj/Agent-GWP is a backdoor Trojan which allows a remote intruder to gain access and control over
the computer. Troj/Agent-GWP includes functionality to access the internet and
communicate with a remote server via HTTP. When first run Troj/Agent-GWP copies itself
to <Syste...
Troj/Agent-GWQ - Troj/Agent-GWQ at Sophos
Troj/Agent-GWQ is a Trojan for the Windows platform. When first run
Troj/Agent-GWQ copies itself to <System>\arpsh.exe. The following registry entry
is created to run arpsh.exe on startup: HKLM\SOFTWARE\Microsoft\Active Setup\Installed
Components\&...
Troj/Banc-B - Troj/Banc-B at Sophos
Troj/Banc-B is a Trojan for the Windows platform. Troj/Banc-B includes
functionality to download, install and run new software. When Troj/Banc-B is installed
it creates the file <Temporary Internet Files>\Content.IE5\od6fwfox\cartoes.uol.com[1].htm.
...
Troj/Bckdr-QNB - Troj/Bckdr-QNB at Sophos
Troj/Bckdr-QNB is a Trojan for the Windows platform. Troj/Bckdr-QNB
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Bckdr-QNB is installed the following files are created:
<System>\drivers\ijyf...
Troj/Bckdr-QNC - Troj/Bckdr-QNC at Sophos
Troj/Bckdr-QNC is a backdoor Trojan which allows a remote intruder to gain access and control over
the computer. When Troj/Bckdr-QNC is installed it creates the file <Root>\people.
xls....
Troj/Keylog-KD - Troj/Keylog-KD at Sophos
Troj/Keylog-KD is a Trojan for Windows.
...
W32/Niya-B - W32/Niya-B at Sophos
...
W32/Tiotua-P - W32/Tiotua-P at Sophos
W32/Tiotua-P attempts to spread via network shares and peer-to-peer file-sharing applications.
When first run W32/Tiotua-P copies itself to: <User>\My
Documents\Sÿstem.exe <Root>\New Folder.exe <Program Files>\Sÿstem.
exe ...
0 writebacks [04/21/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080419
Backdoor.Ripgof.C - Backdoor.Ripgof.C at Norton Symantec
Backdoor.Ripgof.C is a Trojan horse that opens a back door on the compromised computer.
...
JS/Psyme-II - JS/Psyme-II at Sophos
JS/Psyme-II is a malicious script that exploits an Internet Explorer vulnerability to download and
execute remote content.
...
JS/Psyme-IJ - JS/Psyme-IJ at Sophos
JS/Psyme-IJ is a malicious script that exploits an Internet Explorer vulnerability to download and
execute remote content.
...
Troj/Bancos-BDZ - Troj/Bancos-BDZ at Sophos
Troj/Bancos-BDZ is a Trojan for the Windows platform. Troj/Bancos-BDZ
includes functionality to download, install and run new software.
...
W32/Dorf-BE - W32/Dorf-BE at Sophos
W32/Dorf-BE is a worm for the Windows platform. When first run W32/Dorf-BE
copies itself to <Windows>\kavir.exe. The following registry entry is created to
run kavir.exe on startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
kavi...
W32/Dorf-BF - W32/Dorf-BF at Sophos
W32/Dorf-BF is a worm for the Windows platform. When first run W32/Dorf-BF
copies itself to <Windows>\kavir.exe. The following registry entry is created to
run kavir.exe on startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
kavi...
Troj/GFI-A - Troj/GFI-A at Sophos
...
Troj/Inject-CH - Troj/Inject-CH at Sophos
Troj/Inject-CH runs continuously in the background, providing a backdoor server which allows a
remote intruder to gain access and control over the computer via IRC channels.
Troj/Inject-CH injects code into running processes. When first run Troj/Inject-CH
copies itself to <...
Troj/Mdrop-BRS - Troj/Mdrop-BRS at Sophos
...
Troj/Agent-GWO - Troj/Agent-GWO at Sophos
Troj/Agent-GWO is a Trojan for the Windows platform. When Troj/Agent-GWO is
installed it creates the file <Windows>\setup.dll.
...
Troj/Ciadoor-DT - Troj/Ciadoor-DT at Sophos
Troj/Ciadoor-DT is a Trojan for the Windows platform. When Troj/Ciadoor-DT
is installed the following files are created: <Windows>\config\csrss.exe
<System>\mswinsck.ocx The following registry entry is changed to run
Troj/Ciadoor-D...
0 writebacks [04/20/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080418
Troj/BDoor-AKU - Troj/BDoor-AKU at Sophos
...
Troj/BDoor-AKX - Troj/BDoor-AKX at Sophos
Troj/BDoor-AKX is a Trojan for the Windows platform. Troj/BDoor-AKX runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/BDoor-AKX copies itself
to <...
Troj/Keygen-BT - Troj/Keygen-BT at Sophos
...
Troj/VB-DZI - Troj/VB-DZI at Sophos
...
Troj/Dloadr-BKS - Troj/Dloadr-BKS at Sophos
...
Troj/Mdrop-BRR - Troj/Mdrop-BRR at Sophos
Troj/Mdrop-BRR disguises itself as a picture archive. Troj/Mdrop-BRR drops
2.exe which is detected as Mal/Behav-204.
...
W32/Sality-AM - W32/Sality-AM at Sophos
...
Troj/Antiav-B - Troj/Antiav-B at Sophos
Troj/Antiav-B searches for and shuts down anti-virus processes.
...
Troj/Crack-K - Troj/Crack-K at Sophos
Troj/Crack-K is a cracking tool which attempts to circumvent the copyright protection of certain
applications.
...
Troj/KillAV-EN - Troj/KillAV-EN at Sophos
Troj/KillAV-EN is a Trojan batch script to delete files or stop services related to anti-virus or
security software.
...
0 writebacks [04/19/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080417
Packed.Generic.48 - Packed.Generic.48 at Norton Symantec
Packed.Generic.48 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal themselves from antivirus software.
...
Packed.Generic.45 - Packed.Generic.45 at Norton Symantec
Packed.Generic.45 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal themselves from antivirus software.
...
VBS.Wisfidix - VBS.Wisfidix at Norton Symantec
VBS.Wisfidix is a worm that spreads to preconfigured mapped drives on the compromised computer.
...
Trojan.Erotpics - Trojan.Erotpics at Norton Symantec
Trojan.Erotpics is a Trojan horse program that attempts to download files from a remote location.
...
Trojan.Fribet - Trojan.Fribet at Norton Symantec
Trojan.Fribet is a Trojan horse that downloads potentially malicious code on to the compromised computer.
...
W32.Dutan.A - W32.Dutan.A at Norton Symantec
W32.Dutan.A is a worm that spreads by copying itself to all available network and removable drives.
...
Spyware.PornCleanser - Spyware.PornCleanser at Norton Symantec
BehaviorSpyware.PornCleanser is a spyware program that may steal sensitive information from the computer.
...
JS/Exploit-WkImgSrv - JS/Exploit-WkImgSrv at McAfee
This is a detection for an exploit for a vulnerability in Microsoft Works. The ActiveX object WkImgSrv.dll
contains a function that can be overflowed by an out of range value, which could lead to arbitrary code
execution.The potential exposure for the exploit is low, because Microsoft Works needs to already be installed,
and the cont...
Troj/FakeAle-BB - Troj/FakeAle-BB at Sophos
...
W32/AutoRun-DI - W32/AutoRun-DI at Sophos
W32/AutoRun-DI is a worm for the Windows platform that spreads via removable drives.
When run copies itself to: <Documents and Settings>\<User>\cftmon.exe
<System>\drivers\spools.exe W32/AutoRun-DI sets the following registry entries
to ...
Troj/Agent-GWN - Troj/Agent-GWN at Sophos
When Troj/Agent-GWN is installed the following files are created:
<Temp>\_check32.bat - clean file, can be safely deleted <Windows>\s32.txt - clean file,
can be safely deleted <System>\aspimgr.exe - also detected as Troj/Agent-GWN
<Windows>\ws...
Troj/PcClien-LZ - Troj/PcClien-LZ at Sophos
Troj/PcClien-LZ creates a file <System>\<random name>.dll which is also detected as
Troj/PcClient-LZ. Troj/PcClien-LZ registers itself as a service named "woibzi".
Troj/PcClien-LZ creates the following registry entries:
HKLM\SYSTEM\CurrentCon...
Troj/Small-ELJ - Troj/Small-ELJ at Sophos
...
Troj/Tibs-UF - Troj/Tibs-UF at Sophos
When first run Troj/Tibs-UF copies itself to: <System>\wind32.exe
and creates the following file: <System>\dll<random
characters>.exe - at the time of writing, is a 0 byte file. This file can be deleted safely.
Tr...
Mal/Behav-219 - Mal/Behav-219 at Sophos
...
Mal/Dial-V - Mal/Dial-V at Sophos
Mal/Dial-V is a malicious program for the Windows platform. Members of
Mal/Dial-V reduce internet security settings. Detection for members of Mal/Dial-V is
behavior based. It is extremely important that customers report detections of Mal/Dial-V to Sophos and send a
sample for...
Troj/Inject-CG - Troj/Inject-CG at Sophos
...
0 writebacks [04/18/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080416
Trojan-Spy:W32/Small.BSL - Trojan-Spy:W32/Small.BSL at F-Secure
Trojan-Spy applications are usually standalone programs that allow malicious individuals to monitor activity
on infected computers. Trojan-Spy:Win32.Small.BSL installs a component designed to steal installed
certificates....
Hoax - Hoax at F-Secure
Application files or toolbars that are used to propagate fraud are detected with the prefix Not-Virus:Hoax.
This type of application is not in general overtly malicious. The sole purpose of the application is typically
to push the sale of fraudulent software. Information on e-mail hoaxes can be found from our hoax category
pages....
Trojan-PSW:W32/Papras.DC - Trojan-PSW:W32/Papras.DC at F-Secure
Trojan-PSW.Win32.Papras.DC steals login credentials and other sensitive information on the compromised system.
It also drops and uses a rootkit driver to hide itself. The rootkit driver is detected as Rootkit.Win32.Agent.
SZ....
MalwareBell - MalwareBell at Norton Symantec
BehaviorMalwareBell is a misleading application that may give exaggerated reports of threats on the computer.
...
VirusIsolator - VirusIsolator at Norton Symantec
BehaviorVirusIsolator is a misleading application that may give exaggerated reports of threats on the computer.
...
TROJ_AGENT.AMAL - TROJ_AGENT.AMAL at Trend Micro
This memory-resident Trojan arrives on a system as a dropped file of other malware or as a file downloaded
unknowingly by a user when visiting malicious Web site(s). It may also arrive as a spammed email message. The
said spam message targets company CEOs. The message contains fake subpoena information, including a link to a
docume...
TROJ_DROPPER.IAW - TROJ_DROPPER.IAW at Trend Micro
This Trojan arrives as attachment to email messages spammed by another malware or a malicious user. It may be
dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.It
displays the following image upon execution:It creates folders.It creates a registry entry to enable its
automatic exec...
Troj/Busky-FB - Troj/Busky-FB at Sophos
Troj/Busky-FB creates the following registry entry:
HKCU\Software\RR0OKt5hEC...
Troj/Dloadr-BKR - Troj/Dloadr-BKR at Sophos
...
W32/Netsky-BS - W32/Netsky-BS at Sophos
W32/Netsky-BS is a worm for the Windows platform. W32/Netsky-BS spreads via
email. When first run W32/Netsky-BS copies itself to <Windows>\winlogon.exe.
The following registry entry is created to run W32/Netsky-BS on startup:
...
Troj/Agent-GWL - Troj/Agent-GWL at Sophos
When Troj/Agent-GWL is installed the following files are created:
<Temp>\_check32.bat - clean file, can be safely deleted <Windows>\s32.txt - clean file,
can be safely deleted <System>\aspimgr.exe - detected as Troj/Agent-GWL
<Windows>\ws386.i...
W32/Rbot-GWV - W32/Rbot-GWV at Sophos
W32/Rbot-GWV intercepts network traffic on the infected computer. When
first run W32/Rbot-GWV copies itself to <System>\svehost.exe and creates the following files:
<System>\drivers\npf.sys - clean file, part of WinPcap library; can be safely deleted
<...
Troj/Dialer-FE - Troj/Dialer-FE at Sophos
...
Troj/Dropr-G - Troj/Dropr-G at Sophos
Troj/Dropr-G is a Trojan for the windows platform.
...
W32/Autorun-DF - W32/Autorun-DF at Sophos
...
W32/VB-DZH - W32/VB-DZH at Sophos
W32/VB-DZH is a worm for the Windows platform. W32/VB-DZH spread through
the instant messaging application Yahoo! Messenger. When first run W32/VB-DZN copies
itself to: <System>\config\Win.exe <System>\WinSit.exe
<Wib...
Exp/MS08-021 - Exp/MS08-021 at Sophos
Exp/MS08-021 detects malicious files that exploit a vulnerability in the Windows GDI.
More details regarding the exploit can be obtained from Microsoft at: http:
//www.microsoft.com/technet/security/bulletin/ms08-021.
mspx...
0 writebacks [04/17/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080415
Troj/Agent-GWH - Troj/Agent-GWH at Sophos
...
Troj/Mdrop-BRO - Troj/Mdrop-BRO at Sophos
Troj/Mdrop-BRO is a Trojan for the Windows platform. When Troj/Mdrop-BRO is
installed it creates the file <Common Files>\Microsoft Shared\msinfo\TaskUpdate.exe.
The following registry entry is created to run TaskUpdate.exe on startup:
H...
Troj/Agent-GWG - Troj/Agent-GWG at Sophos
...
Troj/Banloa-FE - Troj/Banloa-FE at Sophos
When first run Troj/Banloa-FE launches a browser which then attempts to open a malicious website.
Troj/Banloa-FE continues to run in the background attempting to download multiple files
from another malicious site. Once downloaded Troj/Banloa-FE executes these files. At
the ...
Troj/Dloadr-BKP - Troj/Dloadr-BKP at Sophos
...
Troj/Dloadr-BKQ - Troj/Dloadr-BKQ at Sophos
...
Troj/Psyme-IF - Troj/Psyme-IF at Sophos
...
Troj/Psyme-IG - Troj/Psyme-IG at Sophos
...
Troj/Agent-GWD - Troj/Agent-GWD at Sophos
Troj/Agent-GWD is a Trojan for the Windows platform. Troj/Agent-GWD
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-GWD copies itself to <User>\Application Data\ivqtsfel\atulabov.exe.
...
Troj/Agent-GWE - Troj/Agent-GWE at Sophos
Troj/Agent-GWE is a Trojan for the Windows platform. When first run
Troj/Agent-GWE copies itself to <System>\temp.exe. The following registry entries
are created to run temp.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ...
0 writebacks [04/16/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080414
Bloodhound.Exploit.187 - Bloodhound.Exploit.187 at Norton Symantec
Bloodhound.Exploit.187 is a heuristic detection for EMF and WMF files attempting to exploit the Microsoft
Windows GDI Stack Overflow Vulnerability (BID 28571).
...
Bloodhound.Exploit.188 - Bloodhound.Exploit.188 at Norton Symantec
Bloodhound.Exploit.188 is a heuristic detection for EMF files attempting to exploit the Microsoft Windows GDI
Stack Overflow Vulnerability (BID 28570).
...
Troj/KeyLog-KC - Troj/KeyLog-KC at Sophos
Troj/KeyLog-KC is a keylogging Trojan for the Windows platform. When run
Troj/KeyLog-KC copies itself to <System>\mswebdvd.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{A8E168B0-53E9-A03B-E681-0E6C1...
W32/Autorun-DA - W32/Autorun-DA at Sophos
W32/Autorun-DA is a worm for the Windows platform. W32/Autorun-DA attempts
to spread to removable drives and network shares.
...
W32/Autorun-DC - W32/Autorun-DC at Sophos
W32/Autorun-DC is a worm for the Windows platform. W32/Autorun-DC spreads
to other network computers. When first run W32/Autorun-DC copies itself to:
<Startup>\Empty.pif <Windows>\Web\printers\prtwebvw.exe
<Windows>...
W32/Rbot-GWT - W32/Rbot-GWT at Sophos
W32/Rbot-GWT runs continuously in the background, providing a backdoor server which allows a
remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-GWT spreads - to computers vulnerable to common exploits, including: SRVSVC
(MS06-040), WKS (MS03-049)...
Mal/Bifrose-J - Mal/Bifrose-J at Sophos
...
Mal/EncPk-DF - Mal/EncPk-DF at Sophos
...
Mal/ObfJS-AD - Mal/ObfJS-AD at Sophos
...
Troj/Banhost-L - Troj/Banhost-L at Sophos
Troj/Banhost-L is a Trojan for the Windows Platform. When run,
Troj/Banhost-L will attempt to overwrite the Windows hosts file, such that network traffic normally sent to
certain internet banking websites is redirected to a phishing site.
...
Troj/Drop-ZLB - Troj/Drop-ZLB at Sophos
Troj/Drop-ZLB is a Trojan for the Windows platform. Troj/Drop-ZLB includes
functionality to drop and run new malware. When Troj/Drop-ZLB is installed the
following file is created: %TempPath%\<five random letters>
The file is...
0 writebacks [04/15/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080413
JS/Dloadr-BKO - JS/Dloadr-BKO at Sophos
...
Troj/LdPinc-B - Troj/LdPinc-B at Sophos
...
Troj/PWS-AQX - Troj/PWS-AQX at Sophos
...
Troj/Zlob-AKB - Troj/Zlob-AKB at Sophos
...
Troj/Zlob-AKC - Troj/Zlob-AKC at Sophos
...
W32/Autorun-CZ - W32/Autorun-CZ at Sophos
...
Troj/Dloadr-BKN - Troj/Dloadr-BKN at Sophos
...
Troj/PDFex-G - Troj/PDFex-G at Sophos
...
Troj/Agent-GWA - Troj/Agent-GWA at Sophos
Troj/Agent-GWA is a Trojan for the Windows platform. Troj/Agent-GWA
includes functionality to download, install and run new software. Troj/Agent-GWA
attempts to download files to: <Temp>\Plus.exe <Temp>\flash.exe
<Sys...
Troj/Agent-GWB - Troj/Agent-GWB at Sophos
Troj/Agent-GWB is a Trojan for the Windows platform. Troj/Agent-GWB
includes functionality to download, install and run new software. When Troj/Agent-GWB
is installed it downloads a file to <Temp>\svchost.exe.
...
0 writebacks [04/14/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080412
Troj/Agent-GVY - Troj/Agent-GVY at Sophos
Troj/Agent-GVY is a Trojan for the Windows platform. When run
Troj/Agent-GVY copies itself to <System>\dmhfk.exe and sets the following registry entries under:
HKCU\Software\Microsoft\Windows\CurrentVersion\_r kfhmd
HKCU\Software\Microso...
Troj/Delf-FAH - Troj/Delf-FAH at Sophos
Troj/Delf-FAH is an information stealing Trojan for the Windows platform.
When run Troj/Delf-FAH creates the file <System>\IRAT.mvb. This file is also detected as Troj/Delf-FAH.
Troj/Delf-FAH registers itself as a system service with the name of "IRAT" with the
displayn...
Troj/VB-DZF - Troj/VB-DZF at Sophos
Troj/VB-DZF is a backdoor Trojan for the Windows platform. When run
Troj/VB-DZF copies itself to <Windows>\Fonts\svchost.exe and creates the following registry entry to run
itself on startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Host
Process ...
Troj/Agent-GVX - Troj/Agent-GVX at Sophos
...
Troj/Banld-C - Troj/Banld-C at Sophos
Troj/Banld-C is a Trojan for the Windows platform. Troj/Banld-C includes
functionality to access the internet and communicate with a remote server via HTTP.
...
Troj/IRCBot-ABJ - Troj/IRCBot-ABJ at Sophos
Troj/IRCBot-ABJ is a Trojan with IRC backdoor functionality for the Windows platform.
Troj/IRCBot-ABJ runs continuously in the background, providing a backdoor server which allows a
remote intruder to gain access and control over the computer via IRC channels. When
first run T...
Mal/Behav-218 - Mal/Behav-218 at Sophos
...
Troj/Agent-GVW - Troj/Agent-GVW at Sophos
Troj/Agent-GVW is a Trojan for the Windows platform. Troj/Agent-GVW
includes functionality to access the internet and communicate with a remote server via HTTP.
...
Troj/Poison-U - Troj/Poison-U at Sophos
...
0 writebacks [04/13/2008 04:45]
[]
permanent link
|
Virus Malware and Threat News for 20080411
Trojan.Busdest - Trojan.Busdest at Norton Symantec
Trojan.Busdest is a Trojan that modifies files causing instability on the compromised computer.
...
AntiSpywareExpert - AntiSpywareExpert at Norton Symantec
BehaviorAntiSpywareExpert is a misleading application that may give exaggerated reports of threats on the
computer....
AntiVirProtect - AntiVirProtect at Norton Symantec
BehaviorAntiVirProtect is a misleading application that may give exaggerated reports of threats on the
computer....
W32/Autorun.worm.cb - W32/Autorun.worm.cb at McAfee
-- Update April 11, 2008 --The risk assessment of this threat has been updated to Low-Profiled due to media
attention at:http://computerworld.com/action/article.
do?command=viewArticleBasic&taxonomyName=cybercrime_and_hacking&articleId=9075438&taxonomyId=82&intsrc=kc_top--This
detection is for a worm that spreads by copying itself to ...
W32/Riba@M - W32/Riba@M at McAfee
When executed, it drops the following files:%Downloaded Program Files%\gbieh.dll [Zero Kilobytes in
size] %Downloaded Program Files%\gbiehabh.dll [Zero Kilobytes in size] %Downloaded Program
Files%\gbiehCef.dll [Zero Kilobytes in size] %Downloaded Program Files%\GbpDist.dll [Zero
Kilobytes in size] %System%\GB...
TROJ_DLOADER.ACS - TROJ_DLOADER.ACS at Trend Micro
...
BKDR_POISONIV.QI - BKDR_POISONIV.QI at Trend Micro
This backdoor may be downloaded from remote sites by a malware detected by Trend Micro as EXPL_NEVAR.B.It
opens a hidden Internet Explorer window. It opens a random port to allow a remote user to connect to the
affected system. Once a successful connection is established, the remote user is able to execute commands on
the affected sy...
EXPL_NEVAR.B - EXPL_NEVAR.B at Trend Micro
This exploit may be dropped by other malware. It may arrive bundled with malware packages as a malware
component.It takes advantage of the GDI vulnerability in Microsoft. More information on the said vulnerability
can be viewed in the following page:Microsoft Security Bulletin MS08-021Once exploited, the said vulnerability
allows a r...
Troj/Banloa-FD - Troj/Banloa-FD at Sophos
Troj/Banloa-FD is a Trojan for the Windows platform. Troj/Banloa-FD
includes functionality to access the internet and communicate with a remote server via HTTP.
...
Troj/Zlob-AKA - Troj/Zlob-AKA at Sophos
When Troj/Zlob-AKA is installed the following files are created:
<Program Files>\NetProject\sbmdl.dll - detected as Troj/Zlob-AKA <Program
Files>\NetProject\sbmntr.exe - detected as Troj/Zlob-AKA <Program Files>\NetProject\sbsm.
exe - detected as Troj/Zlob-AKA ...
JS/ApndIfra-A - JS/ApndIfra-A at Sophos
JS/ApndIfra-A detects an obfuscated Iframe appended to an HTML document.
...
Mal/ObfJS-V - Mal/ObfJS-V at Sophos
Mal/ObfJS-V attempts to download more malware.
...
Troj/Agent-GVU - Troj/Agent-GVU at Sophos
Troj/Agent-GVU is a Trojan for the Windows platform. Troj/Agent-GVU
includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Agent-GVU may install a new version of the file <System>\msinet.ocx.
...
Troj/Dloadr-BKL - Troj/Dloadr-BKL at Sophos
Troj/Dloadr-BKL is a Trojan for the Windows platform. Troj/Dloadr-BKL
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Dloadr-BKL copies itself to <User>\Application Data\<random
string>\<random fil...
Troj/FakeVir-AW - Troj/FakeVir-AW at Sophos
When Troj/FakeVir-AW is installed it creates the file <System>\rkvdr.dll - also detected as
Troj/FakeVir-AW. The file rkvdr.dll is registered as a COM object, creating registry
entries under: HKCR\CLSID\{65bbf06c-ea06-4818-92a3-f3550d0e1004}
...
Troj/Psyme-IE - Troj/Psyme-IE at Sophos
Troj/Psyme-IE is a Trojan for the windows platform. Troj/Psyme-IE is a
script which downloads further malware from a remote host on the internet.
...
VBS/Psyme-HJ - VBS/Psyme-HJ at Sophos
...
Mal/Behav-217 - Mal/Behav-217 at Sophos
...
0 writebacks [04/12/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080410
Trojan.Emifie - Trojan.Emifie at Norton Symantec
Trojan.Emifie is a Trojan horse that attempts to exploit the Microsoft Windows GDI Stack Overflow
Vulnerability in order to download another potentially malicious file.
...
IEPassView - IEPassView at Norton Symantec
BehaviorIEPassView is a security assessment tool that may reveal Internet Explorer passwords.
...
VipAntiSpyware - VipAntiSpyware at Norton Symantec
BehaviorVipAntiSpyware is a misleading application that may give exaggerated reports of threats on the
computer....
Trojan.Drondog - Trojan.Drondog at Norton Symantec
Trojan.Drondog is a Trojan horse that modifies a system file and downloads more malware on to the compromised
computer....
W32/Crasher - W32/Crasher at McAfee
W32/Crasher is a virus that infects all the files in the system.Upon execution, it attempts to modify all the
files(including .sys, .exe, .dll, .htm, .jpg, .ini, etc) in the system by replacing the first 1099 bytes of
these files with some junk codes, until the system becomes crash.The infected files cannot be repaired.
...
TROJ_SPAMBOT.AG - TROJ_SPAMBOT.AG at Trend Micro
This Trojan usually arrives as a downloaded file upon clicking a certain link in a spammed email message.
Below is a screenshot of the said email message:Clicking the given link redirects the user to a certain URL
that points to another URL where a copy of this Trojan can be downloaded and executed on the affected system.
It drops an ...
W32/AutoRun-CX - W32/AutoRun-CX at Sophos
...
Troj/Psyme-ID - Troj/Psyme-ID at Sophos
Troj/Psyme-ID is a Trojan that attempts to download and execute a file from a remote website.
...
Mal/VBDldr-B - Mal/VBDldr-B at Sophos
Mal/VBDldr-B is a malicious program for the Windows platform.
Detection for members of Mal/VBDldr-B is behavior based. It is extremely important that customers report
detections of Mal/VBDldr-B to Sophos and send a sample for analysis.
...
Troj/Banker-ELF - Troj/Banker-ELF at Sophos
Troj/Banker-ELF is a Trojan for the Windows platform.
Troj/Banker-ELF includes functionality to access the internet and communicate with a remote server via HTTP.
...
W32/IRCBot-ABE - W32/IRCBot-ABE at Sophos
W32/IRCBot-ABE is a network worm with backdoor functionailty for the Windows platform.
W32/IRCBot-ABE spreads via network shares and MSSQL servers protected by weak
passwords. The worm can also be spread via chat programs. W32/IRCBot-ABE runs
continuously in the ...
Mal/Small-C - Mal/Small-C at Sophos
...
Troj/KillSys-B - Troj/KillSys-B at Sophos
Troj/KillSys-B is a Trojan for the windows platform. Troj/KillSys-B
modifies all files on the system until the system becomes unusable and crashes.
...
W32/AutoRun-CW - W32/AutoRun-CW at Sophos
W32/AutoRun-CW runs continuously in the background, providing a backdoor server which allows a
remote intruder to gain access and control over the computer via IRC channels. When
first run W32/AutoRun-CW copies itself to <User>\lsass.exe. The following
registry entry is ...
0 writebacks [04/11/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080409
Fribet - Fribet at McAfee
Upon execution, the trojan drops the following files:%Systemdir%\ipsec.exe%Systemdir%\ipsec.dllThe following
registry keys are modified:HKEY_CLASSES_ROOT\FKing "classid" = EB59090026001513010A04D807"memo" = free
tibet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ipsec"Asynchronous" =
1"DllName" ...
W32/Autorun.worm.bx.gen.dll - W32/Autorun.worm.bx.gen.dll at McAfee
W32/Autorun.worm.bx.gen.dll is injected into Explorer.exe and is dropped by W32/Autorun.worm.bx. It is a
online game stealing password component of the virus. It also contains the functionality to spread via
autorun.The virus is written to the following file:%SYSTEM%\amvo0.dll(where %SYSTEM is the Windows system
folder e.g....
Troj/Bifrose-VU - Troj/Bifrose-VU at Sophos
...
Troj/KeyLog-KB - Troj/KeyLog-KB at Sophos
Troj/KeyLog-KB is a keylogger Trojan for the Windows platform. When run
Troj/KeyLog-KB copies itself to <System>\cftmon.exe and creates the file <System>\<random
characters>.dll (also detected as Troj/KeyLog-KB). Troj/KeyLog-KB sets the following
registry ent...
Troj/Agent-GVQ - Troj/Agent-GVQ at Sophos
When first run Troj/Agent-GVQ copies itself to <System>\ipsec.exe and creates the file
<System>\ipsec.dll - also detected as Troj/Agent-GVQ. The following registry
entries are created to run code exported by ipsec.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT...
Troj/IRCBot-ABC - Troj/IRCBot-ABC at Sophos
Troj/IRCBot-ABC is a Trojan for the Windows platform. Troj/IRCBot-ABC runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/IRCBot-ABC copies
itself to ...
Troj/Psyme-IB - Troj/Psyme-IB at Sophos
...
W32/Autorun-CV - W32/Autorun-CV at Sophos
W32/Autorun-CV is a worm for the Windows platform.
...
Mal/EncPk-DD - Mal/EncPk-DD at Sophos
...
Mal/EncPK-DE - Mal/EncPK-DE at Sophos
...
W32/AutoRun-CU - W32/AutoRun-CU at Sophos
W32/AutoRun-CU is a worm for the Windows platform. W32/AutoRun-CU includes
functionality to download, install and run new software. When first run W32/AutoRun-CU
copies itself to: <Root>\qqvnet.exe <System>\qqvnet.exe
...
0 writebacks [04/10/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080408
W32.Pigfeng - W32.Pigfeng at Norton Symantec
W32.Pigfeng is a file infecting virus that infects .exe files that have shortcuts on the Desktop and attempts
to download a file from a remote location.
...
Spyware.RelyAllInOne - Spyware.RelyAllInOne at Norton Symantec
BehaviorSpyware.RelyAllInOne is a spyware program that records keystrokes and other information on the
computer....
Backdoor.Spakrab - Backdoor.Spakrab at Norton Symantec
Backdoor.Spakrab is a Trojan horse that opens a back door and may send spam emails from the compromised
computer....
MalWarrior - MalWarrior at McAfee
When run this trojan will run a scan and generate false detection alert messages and warnings
like the one shown in the below. The following registry entries are added:HKEY_CURRENT_USER\Software\Adsl
Software Limited\MalWarrior 2007\4.0 InstallTime = Bin Data HKEY_CURRENT_USER\Software\Adsl Software
Limited\MalWar...
TROJ_AGENT.LJY - TROJ_AGENT.LJY at Trend Micro
This memory-resident Trojan arrives on a system as an attachment to email messages spammed by another malware
or a malicious user. It may also be downloaded unknowingly by a user when visiting a certain malicious Web
site.Below is a screenshot of the said email spam: When executed, it drops copies of itself. It then modifies
the a...
TROJ_ARTIEF.T - TROJ_ARTIEF.T at Trend Micro
...
Troj/Agent-GVO - Troj/Agent-GVO at Sophos
Troj/Agent-GVO is a Trojan for the Windows platform. Troj/Agent-GVO
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-GVO copies itself to <System>\RedGirl.exe and creates the file
<System>\RedGir...
Troj/Iframe-AA - Troj/Iframe-AA at Sophos
Troj/Iframe-AA is an iframe with a src= attribute pointing to a malicious script or an html file
containing malicious script.
...
W32/Rbot-GWR - W32/Rbot-GWR at Sophos
W32/Rbot-GWR spreads - to computers vulnerable to common exploits, including:
LSASS (MS04-011) - to network shares protected by weak passwords When
first run W32/Rbot-GWR copies itself to <System>\svehost.exe and creates the following files:
...
Mal/BHO-H - Mal/BHO-H at Sophos
Mal/BHO-H is a malicious Browser Helper Object.
...
Troj/Agent-GVM - Troj/Agent-GVM at Sophos
Troj/Agent-GVM is a Trojan for the Windows platform. When first run
Troj/Agent-GVM copies itself to <System>\mswinsock.exe. The following registry
entry is created to run mswinsock.exe on startup: HKLM\SOFTWARE\Microsoft\Active
Setup\Installed Comp...
Troj/Agent-GVN - Troj/Agent-GVN at Sophos
Troj/Agent-GVN is a Trojan for the Windows platform. When first run
Troj/Agent-GVN copies itself to <System>\1054j.exe and creates the file <System>\371211237.dat.
The file 371211237.dat is not malicious and may be deleted. The file 1054j.exe is
registered as a new...
Troj/Bdoor-AJY - Troj/Bdoor-AJY at Sophos
Troj/Bdoor-AJY is a Trojan for the Windows platform. When Troj/Bdoor-AJY is
installed the following files are created: <Windows>\ptmp2\install.bat
<Windows>\ptmp2\ptmp.ini <Windows>\ptmp2\sc.txt <Windows>\ptmp2\sptmp2.
ex...
Troj/Bdoor-AKA - Troj/Bdoor-AKA at Sophos
...
Troj/Mdrop-BRJ - Troj/Mdrop-BRJ at Sophos
Troj/Mdrop-BRJ is a Trojan for the Windows platform. Troj/Mdrop-BRJ
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Mdrop-BRJ is installed the following files are created:
<Temp>\_check32.bat ...
W32/Autorun-CQ - W32/Autorun-CQ at Sophos
W32/AutoRun-CQ is a worm for the Windows platform. The worm spreads via removable media, such as
USB sticks. When first run W32/AutoRun-CQ copies itself to <User>\svchost.exe and
creates the following files to a shared network folder: Counterstrike.Source.aimbot.zip
...
0 writebacks [04/09/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080407
TROJ_AGENT.VLW - TROJ_AGENT.VLW at Trend Micro
...
TROJ_SPAMBOT.AF - TROJ_SPAMBOT.AF at Trend Micro
This Trojan may be dropped by other malware.It may be downloaded unknowingly by a user when visiting malicious
Web sites.It creates registry entries to enable its automatic execution at every system startup.It opens a
port and acts as a proxy server. As a proxy server, it is an intermediary between a remote malicious user and
a targe...
TROJ_DROPPER.LCZ - TROJ_DROPPER.LCZ at Trend Micro
This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
be downloaded unknowingly by a user when visiting malicious Web sites.It drops files/components.It drops files.
Trend Micro detects the said file as TSPY_ONLINEG.AKY. It then executes the dropped file(s). As a result,
mali...
Troj/BHODLL-D - Troj/BHODLL-D at Sophos
...
Troj/Delf-FAD - Troj/Delf-FAD at Sophos
...
Troj/Dldr-K - Troj/Dldr-K at Sophos
...
Troj/Mdrop-BRK - Troj/Mdrop-BRK at Sophos
...
Troj/Bancban-QV - Troj/Bancban-QV at Sophos
Troj/Bancban-QV is a Trojan for the Windows platform. Troj/Bancban-QV
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Bancban-QV copies itself to <Windows>\regedits.exe. The
following...
Troj/BHODLL-C - Troj/BHODLL-C at Sophos
...
Troj/Busky-FA - Troj/Busky-FA at Sophos
Troj/Busky-FA is a Trojan for the Windows platform. Troj/Busky-FA contains
the functionality to communicate with a remote server via HTTP. When run, Troj/Busky-FA
copies itself to: <All Users>\Application Data\<Random>\<Random>.exe
...
Troj/EncLoad-B - Troj/EncLoad-B at Sophos
...
Troj/StartP-BE - Troj/StartP-BE at Sophos
Troj/StartP-BE is a Trojan for the Windows platform. When Troj/StartP-BE is
installed it copies itself to <Windows>\win.exe. The Trojan then sets the
following registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Win ...
Mal/Behav-213 - Mal/Behav-213 at Sophos
Mal/Behav-213 detection is behavior based. It is important that customers report detections of
Mal/Behav-213 to Sophos and send a sample for analysis.
...
0 writebacks [04/08/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080406
W32.Momib.A - W32.Momib.A at Norton Symantec
W32.Momib.A is a worm that may delete files and copies itself to all removable and network drives.
...
TROJ_DLOADER.UEF - TROJ_DLOADER.UEF at Trend Micro
This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
be downloaded unknowingly by a user when visiting malicious Web sites.It creates folders. It drops copies of
itself. It drops files/components.This Trojan creates an entry in the registry to enable its automatic
execution ...
Mal/EncPk-DB - Mal/EncPk-DB at Sophos
Mal/EncPk-DA is a malicious packed executable file.
...
Troj/DwnLdr-HCE - Troj/DwnLdr-HCE at Sophos
...
Troj/MalDoc-Fam - Troj/MalDoc-Fam at Sophos
Troj/MalDoc-Fam is a family of exploited OLE2 documents which typically drop and execute other
binary files.
...
Troj/Calif-A - Troj/Calif-A at Sophos
Troj/Calif-A is a malicious script often seen appended to legitimate web pages. The script
attempts to install a cookie and redirect the user to a remote website.
...
Troj/Iframe-Z - Troj/Iframe-Z at Sophos
...
Troj/Pushdo-Gen - Troj/Pushdo-Gen at Sophos
Troj/Pushdo-Gen is a family of Trojans for the Windows platform. When
members of Troj/Pushdo-Gen are installed they drop and run a further file in memory, usually detected as
Troj/Pushu-Gen or Mal/Basine-C. This may then drop further files, including some of the following:
<...
W32/Autorun-CP - W32/Autorun-CP at Sophos
W32/Autorun-CP is a worm for the Windows platform. W32/Autorun-CP attempts
to spread by coping itself to removable storage devices as the file QQDoctor.exe and creates a hidden autorun.
inf to launch QQDoctor.exe automatically when the device is plugged in. The file autorun.inf should be deleted.
...
W32/Dorf-BD - W32/Dorf-BD at Sophos
W32/Dorf-BD is a worm for the Windows platform. When first run W32/Dorf-BD
copies itself to <Windows>\aromis.exe. The following registry entry is created to
run aromis.exe on startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ar...
W32/IRCBot-ABH - W32/IRCBot-ABH at Sophos
W32/IRCBot-ABH is a worm with IRC backdoor functionality for the Windows platform.
W32/IRCBot-ABH runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. When first run
W32/...
0 writebacks [04/07/2008 04:44]
[]
permanent link
|
Virus Malware and Threat News for 20080405
TROJ_DLOADER.EJC - TROJ_DLOADER.EJC at Trend Micro
...
Troj/SpyCore-A - Troj/SpyCore-A at Sophos
Troj/SpyCore-A is a Trojan for the Windows platform. When Troj/SpyCore-A is
installed it creates the file <Temp>\tni1.tmp. This file is detected as Troj/NtRootK-DF.
...
Troj/NtRootK-DF - Troj/NtRootK-DF at Sophos
Troj/NtRootK-DF is a rootkit for the Windows platform.
...
W32/Bckdr-QMV - W32/Bckdr-QMV at Sophos
W32/Bckdr-QMV is a worm with IRC backdoor functionality for the Windows platform.
W32/Bckdr-QMV runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. When first run
W32/Bck...
W32/Kapucen-D - W32/Kapucen-D at Sophos
W32/Kapucen-D attempts to copy itself to various shared folders used by peer-to-peer clients.
When first run W32/Kapucen-D copies itself to <Temp>\svchost.exe and creates the file
<Current Folder>\Log.txt - clean text file, can be safely deleted.
...
0 writebacks [04/06/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080404
Bloodhound.Exploit.185 - Bloodhound.Exploit.185 at Norton Symantec
Bloodhound.Exploit.185 is a heuristic detection for files that attempt to exploit the Symantec AutoFix Tool
ActiveX Control Remote Share 'launchProcess()' Insecure Method Vulnerability (BID 28509).
...
Troj/MDrop-BRI - Troj/MDrop-BRI at Sophos
...
Troj/Zlob-AJZ - Troj/Zlob-AJZ at Sophos
...
W32/IRCBot-ABG - W32/IRCBot-ABG at Sophos
W32/IRCBot-ABG is a worm for the Windows platform. When first run
W32/IRCBot-ABG copies itself to <System>\svehost.exe and creates the following files:
<System>\drivers\npf.sys <System>\packet.dll <System>\wpcap.dll
...
Mal/Behav-210 - Mal/Behav-210 at Sophos
...
Troj/Dorf-BA - Troj/Dorf-BA at Sophos
Troj/Dorf-BA is a Trojan for the Windows platform. Troj/Dorf-BA alters the
local computer to so that it synchronizes to another time server. Troj/Dorf-BA contains
network functionality.
...
Troj/Photo-Zip - Troj/Photo-Zip at Sophos
Troj/Photo-Zip is a family of zip files that contain malware. Members of
Troj/Photo-Zip are usually sent in spam pretending to have a photograph attached.
...
Mal/Banspy-I - Mal/Banspy-I at Sophos
Mal/Banspy-I is an internet banking Trojan. Typical functionality includes
hooking system events, stealing information, and sending it to a remote server.
...
Troj/Drop-O - Troj/Drop-O at Sophos
Troj/Drop-O is a Trojan for the Windows platform. Troj/Drop-O includes
functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Drop-O is installed the following files are created: <User>\cftmon.exe
&...
Troj/FakeAle-BA - Troj/FakeAle-BA at Sophos
Troj/FakeAle-BA displays fake spyware alerts in order to lure the user into installing software
from a remote location.
...
0 writebacks [04/05/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080403
JS_DLOADER.TVP - JS_DLOADER.TVP at Trend Micro
...
JS_IFRAME.US - JS_IFRAME.US at Trend Micro
...
TROJ_AGENT.AZZZ - TROJ_AGENT.AZZZ at Trend Micro
This memory-resident Trojan arrives on a system as a dropped file of other malware. It may also be downloaded
unknowingly by a user when visiting malicious Web sites.It contains the following text and image: When the
user clicks the Microsoft WordPad icon, it then drops and executes an embedded .EXE file, which Trend Micro
also dete...
TROJ_MSJET.Y - TROJ_MSJET.Y at Trend Micro
This is the Trend Micro detection for a specially crafted .MDB file which attempts to exploit a vulnerability
in Microsoft Jet Database Engine (Jet) that could allow remote code execution. More information about the said
vulnerability can be found in the following link: http://www.microsoft.com/technet/security/advisory/950627.
mspxOn...
WORM_NUWAR.JQ - WORM_NUWAR.JQ at Trend Micro
...
Rungbu.D - Rungbu.D at Panda
It passes itself off as a Word document in order to deceive users and changes the default icon of the Word
documents to a similar one created by itself. It reduces the information about the files displayed when the
cursor is placed over them. It spreads through mapped, shared and removable drives.
...
JS/ObfJS-C - JS/ObfJS-C at Sophos
...
Mal/Behav-212 - Mal/Behav-212 at Sophos
Mal/Behav-212 is a malicious executable file exhibiting behaviours often seen in Trojan
downloaders.
...
Mal/EncPk-CE - Mal/EncPk-CE at Sophos
...
Troj/Agent-GVF - Troj/Agent-GVF at Sophos
...
Troj/Agent-GVG - Troj/Agent-GVG at Sophos
...
Troj/Bckdr-ZLC - Troj/Bckdr-ZLC at Sophos
...
Troj/DwnLdr-HCC - Troj/DwnLdr-HCC at Sophos
...
Troj/NtRootK-DE - Troj/NtRootK-DE at Sophos
...
Troj/Proxy-IJ - Troj/Proxy-IJ at Sophos
...
Troj/Rootkit-CH - Troj/Rootkit-CH at Sophos
...
0 writebacks [04/04/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080402
QQHelper.Z - QQHelper.Z at Panda
It uses several rootkits in order to make its detection more difficult, as it hides the files processes and
registry entries belonging to the Trojan. It addds a link to a Chinese website in the section Favorites of
Internet Explorer. It does not spread automatically by its own means.
...
Mal/ObfJS-AF - Mal/ObfJS-AF at Sophos
Mal/ObfJS-AF is a maliciously obfuscated script often seen associated with browser exploit
toolkits which attempt to download and execute a further file by exploiting a variety of browser
vulnerabilities. This downloaded file is often a member of the Dorf family of Trojans.
...
Troj/Dloadr-BKD - Troj/Dloadr-BKD at Sophos
Troj/Dloadr-BKD is a Trojan for the Windows platform. Troj/Dloadr-BKD drops
msinet.ocx which is a clean file used to manage Internet communications.
Troj/Dloadr-BKD downloads the following files: <System>\CatRoot2\services.exe - detected as
Mal/Banspy-G at the...
Troj/Dloadr-BKE - Troj/Dloadr-BKE at Sophos
Troj/Dloadr-BKE attempts to create and download a file to <Windows>\svchost.exe.
Troj/Dloadr-BKE often appears in spam.
...
Troj/Dorf-BB - Troj/Dorf-BB at Sophos
Troj/Dorf-BB is a Trojan for the Windows platform. Troj/Dorf-BB may attempt
to copy itself to the Windows folder and set a registry entry at the following location to run itself on
startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Troj/Dorf-BB ...
Troj/FakeAle-AZ - Troj/FakeAle-AZ at Sophos
Troj/FakeAle-AZ is a Trojan for the Windows platform. Troj/FakeAle-AZ
includes functionality to access the internet and communicate with a remote server via HTTP.
The Trojan displays fake spyware alerts for trying to lure the user into installing software from a
remote locati...
Troj/Poison-S - Troj/Poison-S at Sophos
...
Troj/Psyme-HY - Troj/Psyme-HY at Sophos
Troj/Psyme-HY is a malicious script which attempts to download and execute a further file by
exploiting a variety of browser vulnerabilities. This downloaded file is often a member of the Dorf family of
Trojans, and is usually saved to the startup folder.
...
Troj/Zlob-AJR - Troj/Zlob-AJR at Sophos
...
Troj/Zlob-AJS - Troj/Zlob-AJS at Sophos
...
0 writebacks [04/03/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080401
Bloodhound.Exploit.186 - Bloodhound.Exploit.186 at Norton Symantec
Bloodhound.Exploit.186 is a heuristic detection for javascript files attempting to exploit the Rising Web Scan
Object 'OL2005.dll' ActiveX Control Remote Code Execution Vulnerability (BID 27997).
...
PrivacyRedeemer - PrivacyRedeemer at Norton Symantec
BehaviorPrivacyRedeemer is a misleading application that may give exaggerated reports of threats on the
computer....
WinXProtector - WinXProtector at Norton Symantec
BehaviorWinXProtector is a misleading application that may give exaggerated reports of threats on the computer.
...
BackDoor-DOE - BackDoor-DOE at McAfee
This trojan is known to have been used in a targeted attack involving a patched Microsoft Excel vulnerability.
Upon opening the malicious Microsoft Excel spreadsheet, an embedded Windows Portable Executable (PE) file may
be saved onto the victim machine at the following location(s):X:\Recycled\IO.COMX:\IO.COM(Where X: is the
Windows ...
OSX/Imunizator - OSX/Imunizator at McAfee
McAfee(R) Avert Labs recognizes that this program may have legitimate uses in contexts where an authorized
administrator has knowingly installed this application. If you agreed to a license agreement for this, or
another bundled application, you may have legal obligations with regard to removing this software, or using
the host appli...
HTool-Exp-MS08-014 - HTool-Exp-MS08-014 at McAfee
This detection is for a tool, which can be used to create specially crafted Microsoft Excel files that use the
MS08-014 Excel exploit.Using this tool, one can create an Excel file embedded with a payload executable. The
Excel file on being launched, drops and runs the embedded EXE on a vulnerable machine.This command line
tool ...
Troj/BHODll-B - Troj/BHODll-B at Sophos
...
Troj/Delf-FAC - Troj/Delf-FAC at Sophos
...
Troj/Psyme-HW - Troj/Psyme-HW at Sophos
...
Troj/Psyme-HX - Troj/Psyme-HX at Sophos
...
Troj/BadMidi-A - Troj/BadMidi-A at Sophos
Troj/BadMidi-A is a Trojan for the Windows platform. Troj/BadMidi-A copies
itself to <System>\<Random Number>.cpx. Troj/BadMidi-A sets itself up as
the midi driver in HKLM\Software\Microsoft\Windows
NT\Currentversion\Drivers32\midimapper...
Troj/Dloadr-BJZ - Troj/Dloadr-BJZ at Sophos
Troj/Dloadr-BJZ is a Trojan for the Windows platform. Troj/Dloadr-BJZ
includes functionality to download, install and run new software. When Troj/Dloadr-BJZ
attempts to download the following files to the <Temp> folder and execute them:
bx18dxv.dat...
Troj/Dloadr-BKA - Troj/Dloadr-BKA at Sophos
Troj/Dloadr-BKA is a Trojan for the Windows platform. Troj/Dloadr-BKA
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Dloadr-BKA copies itself to <User>\Application Data\<random
name>\<random filen...
Troj/Exchan-C - Troj/Exchan-C at Sophos
...
Troj/Mdrop-BRF - Troj/Mdrop-BRF at Sophos
...
Troj/Agent-GUS - Troj/Agent-GUS at Sophos
...
0 writebacks [04/02/2008 04:41]
[]
permanent link
|
|
| March 2010 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
1 |
2 |
3 |
4 |
5 |
6 |
| 7 |
8 |
9 |
10 |
11 |
12 |
13 |
| 14 |
15 |
16 |
17 |
18 |
19 |
20 |
| 21 |
22 |
23 |
24 |
25 |
26 |
27 |
| 28 |
29 |
30 |
31 |
|
|
|
Rss version
|
