Virus Malware and Threat News for 20080530
Spyware.SpyBossPro - Spyware.SpyBossPro at Norton Symantec
BehaviorSpyware.SpyBossPro is a spyware program that records keystrokes from the computer.
...
W32/Sality.ae!B90C3BB3 - W32/Sality.ae!B90C3BB3 at McAfee
File PropertyProperty ValueFile Name16642~1.exeMcAfee DetectionW32/Sality.aeLength81,920
bytesCRC32B90C3BB3MD50455442ce0ea54116107c19a81dc0730SHA12534E1C3EBFC5910B3190AE2E0C5E023EB31C695Other Common
Detection AliasesCompany NameDetection NameAhnLabWin32/Kashu.BAvastWin32:SalityAviraW32/SalityBitDefenderWin32.
Sality.NXDr.WebWin32.Sect...
Banbra.FTI - Banbra.FTI at Panda
It is designed to obtain confidential information related with banking entities. Once stolen, it is sent to
its author via email. It does not spread automatically by its own means.
...
Troj/Mdrop-BST - Troj/Mdrop-BST at Sophos
Troj/Mdrop-BST is a Trojan for the Windows platform. Troj/Mdrop-BST
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Mdrop-BST copies itself to <System>\cltmon.exe and creates the following files:
...
W32/Hupigo-N - W32/Hupigo-N at Sophos
W32/Hupigo-N is a worm for the Windows platform. When run W32/Hupigo-N
copies itself to: <Root>\svrhost.exe <Program Files>\Common Files\Microsoft
Shared\MSInfo\svrhost.exe <System>\_svrhost.exe W32/Hupigo-N also
spreads via ...
W32/MarioF-Gen - W32/MarioF-Gen at Sophos
W32/MarioF-Gen copies itself to network shares that are protected by weak passwords.
After copying to a network share, W32/MarioF-Gen creates the SCNa service with the display name "SCNa
Service" on the remote computer.
...
Mal/EncPk-CZ - Mal/EncPk-CZ at Sophos
Mal/EncPk-CZ is a program packed with a protection system typically used by malware authors.
Files detected as Mal/EncPk-CZ are frequently fraudulent security programs.
...
Troj/SWFdldr-C - Troj/SWFdldr-C at Sophos
Troj/SWFdldr-C is a Trojan that attempts to download and run further code from the internet via a
malicious Flash file.
...
Troj/SWFexp-A - Troj/SWFexp-A at Sophos
Troj/SWFexp-A is a Trojan that exploits a currently unknown vulnerability in Adobe Flash Player to
download and run further malware from the internet.
...
Troj/SWFexp-D - Troj/SWFexp-D at Sophos
Troj/SWFexp-D is a Trojan that exploits a currently unknown vulnerability in Adobe Flash Player to
download and run further malware from the internet.
...
Troj/FakeAle-BS - Troj/FakeAle-BS at Sophos
Troj/FakeAle-BS is a Trojan that facilitates the coercion of users into purchasing
anti-malware/anti-spyware software. The technique employed involves displaying a fake alert indicating that
the computer is infected.
...
Troj/SWFifra-A - Troj/SWFifra-A at Sophos
Troj/SWFifram-A is a malicious Flash file that will use an Iframe tag to attempt to redirect users
to malicious websites.
...
0 writebacks [05/31/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080529
Backdoor:W32/SdBot.CKF - Backdoor:W32/SdBot.CKF at F-Secure
Backdoor:W32/SdBot.CKF is a backdoor. Backdoors are remote administration utilities that open infected
machines to external control via the Internet or a local network. Upon execution, SdBot.CKF will attempt to
connect to an IRC server and try to download additional malware to the infected machine.
...
Spyware.ExpressKeylog - Spyware.ExpressKeylog at Norton Symantec
BehaviorSpyware.ExpressKeylog is a spyware program that records keystrokes on the computer.
...
Generic.dx!1DAEE3B9 - Generic.dx!1DAEE3B9 at McAfee
File PropertyProperty ValueFile Nameastry.exeMcAfee DetectionNew Malware.dqLength2,342,912
bytesCRC321DAEE3B9MD5e13841f33f8a0bf9c50b61e154983bddSHA1E9C3067FA964F607A62DBDEC67754A74534660F1Other Common
Detection AliasesCompany NameDetection NameAhnLabWin32/Xema.worm.154436AvastWin32:VB-EYD [Wrm]AVG
(GriSoft)Worm/VB.BWFAviraTR/Crypt.CF...
PWS-OnlineGames.p!7D9FF6EC - PWS-OnlineGames.p!7D9FF6EC at McAfee
File PropertyProperty ValueFile Namea8.exeMcAfee DetectionPWS-OnlineGames.pLength24,948
bytesCRC327D9FF6ECMD59589afc9b707a616ddec82c21a0f3c77SHA1461793C34FC6B2D4AE7100D5021E497AF5B31525Other Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-CYO [Trj]AVG (GriSoft)PSW.OnlineGames.
APUHAviraTR/PSW.OnlineGames.ajnnB...
PWS-Mmorpg.gen!6623DDD5 - PWS-Mmorpg.gen!6623DDD5 at McAfee
File PropertyProperty ValueFile Namea15.exeMcAfee DetectionPWS-Mmorpg.genLength18,445
bytesCRC326623DDD5MD53E9B6A7D4AA81CBA19DB98FE23E67DFFSHA113898329D7BB3740815815971E7EF6171D46A994Other Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-DQS [Trj]AVG (GriSoft)psw.onlinegames.
ardlAviraTR/Dropper.GenBitDefenderT...
PWS-Mmorpg.gen!118D1797 - PWS-Mmorpg.gen!118D1797 at McAfee
File PropertyProperty ValueFile Namea10.exeMcAfee DetectionPWS-Mmorpg.genLength19,281
bytesCRC32118D1797MD5D426FFF79F910D94F217BC75B469F44DSHA1C86B390FE2F06ECA76CF659665A77BA3AB5B5ABBOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)psw.onlinegames.aqypNormansuspicious_f.
genSophosMal/EncPk-CSymantecInfostealer.Gamp...
PWS-Banker!19C47855 - PWS-Banker!19C47855 at McAfee
File PropertyProperty ValueFile Namerechnu~1.exeMcAfee DetectionPWS-BankerLength982,016
bytesCRC3219C47855MD55B82C2B7E89A40FB8CD9BF80CAC653B5SHA1623ECBF2DF8433BCFE3E0F37F9514A617B9E6F4DOther Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/Banker.982016.EAvastWin32:Banker-FGS [Trj]AVG
(GriSoft)Delf.EWWAviraTR/Spy.Ba...
Troj/Badsrc-C - Troj/Badsrc-C at Sophos
Troj/Badsrc-C is a web page that has been compromised to load a script from a malicious website.
...
Troj/BHO-FP - Troj/BHO-FP at Sophos
...
W32/Autorun-EL - W32/Autorun-EL at Sophos
When run W32/Autorun-EL copies itself to <System>/sys.vbs and also copies itself to all
available drives to the file <Root>/sys.vbs and creates an autorun.inf file which will autorun sys.vbs.
W32/Autorun-EL will create or edit the following registry entries:
HKCU\S...
W32/Rbot-GWX - W32/Rbot-GWX at Sophos
W32/Rbot-GWX is a network worm with backdoor Trojan functionality for the Windows platform.
The worm copies itself to <System>\nvdsc.exe and creates the following registry entries:
HKCU\Software\Microsoft\OLE NvidiaDisplayService
<System>\nvds...
Mal/Behav-228 - Mal/Behav-228 at Sophos
Mal/Behav-228 is a malicious program for the Windows platform. Detection
for members of Mal/Behav-228 is behavior based. It is extremely important that customers report detections of
Mal/Behav-228 to Sophos and send a sample for analysis.
...
Mal/EncPk-BX - Mal/EncPk-BX at Sophos
...
Mal/ObfJS-M - Mal/ObfJS-M at Sophos
Mal/ObfJS-M is a script obfuscated in a manner typical of malware.
...
Troj/Agent-HAP - Troj/Agent-HAP at Sophos
Troj/Agent-HAP has the functionality to communicate with a remote server via the internet.
Troj/Agent-HAP may have associated rootkit SYS files which are also detected as Troj/Agent-HAP.
...
Troj/DwnLdr-HDX - Troj/DwnLdr-HDX at Sophos
Troj/DwnLdr-HDX is a Trojan for the Windows platform. Troj/DwnLdr-HDX
attempts to download files from the Internet into subfolders of C:\WINDOWS.
...
0 writebacks [05/30/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080528
Zinaps - Zinaps at Norton Symantec
BehaviorZinaps is a misleading application that may give exaggerated reports of threats on the computer.
...
Spyware.Borzoi - Spyware.Borzoi at Norton Symantec
BehaviorSpyware.Borzoi is a spyware program that records keystrokes and other information on the computer.
...
W32.Emsenush.A - W32.Emsenush.A at Norton Symantec
W32.Emsenush.A is a worm that spreads through Windows instant messaging clients.
...
HTML_DLDR.BF - HTML_DLDR.BF at Trend Micro
This HyperText Markup Language (HTML) may be hosted on a Web site and run when a user accesses the said Web
site. It may be downloaded unknowingly by a user when visiting malicious Web sites.When executed, it attempts
to access a certain Web site to download and execute file(s). Trend Micro detects the downloaded files as
SWF_DLOADE...
SWF_DLOADER.ZTS - SWF_DLOADER.ZTS at Trend Micro
This malicious Shockwave Flash (.SWF) object arrives on a system as a downloaded file from remote sites by
JS_AGENT.AINS.It is a specially crafted .SWF file that exploits an unknown vulnerability in Adobe Flash Player.
Once the said vulnerability is successfully exploited, it then checks the Flash player version installed on
the aff...
SWF_DLOADER.YVN - SWF_DLOADER.YVN at Trend Micro
...
SWF_DLOADER.YVM - SWF_DLOADER.YVM at Trend Micro
This malicious Shockwave Flash (.SWF) object arrives on a system as attachment to email messages spammed by
another malware or a malicious user. It may also be installed manually by a user.When executed, it exploits
the following vulnerability:Integer Overflow in Adobe Flash Player Allows Remote Arbitrary Code ExecutionOnce
the sai...
JS_AGENT.AINS - JS_AGENT.AINS at Trend Micro
This obfuscated JavaScript (JS) malware may be downloaded unknowingly by a user when visiting a certain
malicious Web site. It may also be hosted on a Web site and run when a user accesses the said site.When users
access the site where it is hosted, users are then directed to more sites where files that Trend Micro
detected as SWF_D...
Tixcet.A - Tixcet.A at Panda
It deletes files with several extensions (.DOC, .MP3, .MOV, .ZIP, .JPG, among others) and replaces them with a
copy of itself, keeping the same name as the original files. It reaches the computer passing itself off as a
Word document in order to deceive users and spreads making copies of itself in all the system.
...
AdvancedXPFixer - AdvancedXPFixer at Panda
It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....
Troj/Mdrop-BSR - Troj/Mdrop-BSR at Sophos
Troj/Mdrop-BSR drops a file detected as Troj/KeyLog-KB.
...
Troj/Proxy-IM - Troj/Proxy-IM at Sophos
...
Troj/Pushu-Gen - Troj/Pushu-Gen at Sophos
Troj/Pushu-Gen is a family of Trojans for the Windows platform. When
members of Troj/Pushu-Gen are installed one of the following files is usually created:
<Windows>\system32\drivers\ip6fw.sys <Windows>\system32\drivers\netdtect.sys
<Window...
W32/Spar-A - W32/Spar-A at Sophos
W32/Spar-A is a P2P worm for the Windows platform. W32/Spar-A copies an RAR
archive of itself using over 300 filenames to a number of P2P folders, including those for the following
applications: eMule LimeWire
eDonkey ...
Mal/EncPk-CC - Mal/EncPk-CC at Sophos
Mal/EncPk-CC is a program which is packed with an encryption layer typically used by a family of
Trojans which display fake messages about threats found on the computer.
...
Mal/RKRustok-B - Mal/RKRustok-B at Sophos
Mal/RKRustok-B is a member of the Rustok family of rootkits or is a file infected by the Rustok
family of rootkits.
...
Troj/Agent-GZX - Troj/Agent-GZX at Sophos
Troj/Agent-GZX is a malware component that includes functionality to inject code into other
processes.
...
Troj/AutoInf-M - Troj/AutoInf-M at Sophos
...
0 writebacks [05/29/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080527
Email-Worm:W32/VB.FW - Email-Worm:W32/VB.FW at F-Secure
Email-Worm:W32/VB.FW is a type of worm that uses e-mail as its spreading vector.
...
Downloader.Swif.C - Downloader.Swif.C at Norton Symantec
Downloader.Swif.C is a malicious file that exploits the Adobe Flash Player SWF File Unspecified Remote Code
Execution Vulnerability (BID 29386) in order to download more malware on to the compromised computer.
...
PWS-LegMir.gen.h.dll!1D1FCC20 - PWS-LegMir.gen.h.dll!1D1FCC20 at McAfee
File PropertyProperty ValueFile Nameaa9.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,147
bytesCRC321D1FCC20MD536f62182e460ca9d2bbeb8d60fc36262SHA18E8110314100340E030C268968D35E230EE5E430Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACGZAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.82DCF0A8ClamAV...
PWS-LegMir.gen.h.dll!2D4B7C01 - PWS-LegMir.gen.h.dll!2D4B7C01 at McAfee
File PropertyProperty ValueFile Nameaa8.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,231
bytesCRC322D4B7C01MD516eeaf2c3d29f4ab3fd059b6233404caSHA11055D469E286A1787D0B2A048394E73E90820990Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACHKAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.A4B8007AClamAV...
PWS-LegMir.gen.h.dll!C22B9688 - PWS-LegMir.gen.h.dll!C22B9688 at McAfee
File PropertyProperty ValueFile Nameaa7.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,057
bytesCRC32C22B9688MD52a50ca1507495ced1578a4a1edd36b82SHA1360DE424AEF92FAC2BB080C44E94173183B58323Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACODAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.CE26C5ABDr.Web...
PWS-LegMir.gen.h.dll!565A4326 - PWS-LegMir.gen.h.dll!565A4326 at McAfee
File PropertyProperty ValueFile Nameaa5.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,316
bytesCRC32565A4326MD5bcda8d20c2622a3591f3f7f3f16f9fe8SHA141A1A0D94037D517897691E148FD392FBA73C2A5Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACJRAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.CFDDAB94Dr.Web...
PWS-LegMir.gen.h.dll!B6D92AA8 - PWS-LegMir.gen.h.dll!B6D92AA8 at McAfee
File PropertyProperty ValueFile Nameaa4.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,009
bytesCRC32B6D92AA8MD533f0ab3fbb745b4a755669f5a63054f4SHA119BDE098ED8252604438062178B8A40667490253Other Common
Detection AliasesCompany NameDetection NameAviraTR/Spy.GenBitDefenderGeneric.Malware.SBdldg.6749C3AEDr.
WebTrojan.PWS.Gamania.origineS...
PWS-LegMir.gen.h.dll!E84C2CDE - PWS-LegMir.gen.h.dll!E84C2CDE at McAfee
File PropertyProperty ValueFile Nameaa2.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,531
bytesCRC32E84C2CDEMD5e3e1c43c242aec4638d5d445d960562bSHA1002049D81F4D0D649F862A8F75E1B73D30E40F9FOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACRPAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.9890C629Dr.Web...
PWS-LegMir.gen.h.dll!F5E9B6FF - PWS-LegMir.gen.h.dll!F5E9B6FF at McAfee
File PropertyProperty ValueFile Nameaa19.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength15,662
bytesCRC32F5E9B6FFMD538c8e3451250d7bc254ce4f0dc17a34aSHA10B2E7E82AE8B53AB103B4CC387A2B633054090F5Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ADQOAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.5ED7F07FClamA...
PWS-LegMir.gen.h.dll!2EA8E596 - PWS-LegMir.gen.h.dll!2EA8E596 at McAfee
File PropertyProperty ValueFile Nameaa18.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength15,123
bytesCRC322EA8E596MD58a18f0b9924c3463eeb252ed49309d2fSHA1958906F9E83562426B47C3483286F31BFA037BB1Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACOMAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.44584B85ClamA...
PWS-LegMir.gen.h.dll!BA7FD231 - PWS-LegMir.gen.h.dll!BA7FD231 at McAfee
File PropertyProperty ValueFile Nameaa16.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength15,914
bytesCRC32BA7FD231MD5c556395c5123bb82c940cd80bed5649cSHA1B0B892DBCA8A6934617E2638E1FE208C29B2B1EAOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACHCAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.6444C9D6Dr.We...
PWS-LegMir.gen.h.dll!091987FC - PWS-LegMir.gen.h.dll!091987FC at McAfee
File PropertyProperty ValueFile Nameaa15.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,383
bytesCRC32091987FCMD58ff4399dabfd571e67ae06de09a978eeSHA1063DFF490B4F8EC9A3E356AB762B288EF4CBF1A8Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACIFAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.E2725197ClamA...
PWS-LegMir.gen.h.dll!23D8366A - PWS-LegMir.gen.h.dll!23D8366A at McAfee
File PropertyProperty ValueFile Nameaa13.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,340
bytesCRC3223D8366AMD5f3ce426e4e48faec2a85c6b36b3bf5ccSHA104CBB1280CCC3E55281ACC2C05923FBAD63BA2EBOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACHBAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.BCA7C180ClamA...
PWS-LegMir.gen.h.dll!ABF17075 - PWS-LegMir.gen.h.dll!ABF17075 at McAfee
File PropertyProperty ValueFile Nameaa14.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength16,314
bytesCRC32ABF17075MD51bea38bfcc7644332fa7405415621a69SHA1C2DBD7C44D84FDCCB465DC1CEAE071AA563137BEOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)PSW.OnlineGames.AQVYAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.B8A4A2B...
PWS-LegMir.gen.h.dll!82FFB393 - PWS-LegMir.gen.h.dll!82FFB393 at McAfee
File PropertyProperty ValueFile Nameaa12.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength14,882
bytesCRC3282FFB393MD5141cd13799d46d3ec3788a030529843fSHA13EA4D457083F135EC02CCEDD54713DCB9D84B6AEOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACYWAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.14A80FCCClamA...
PWS-LegMir.gen.h.dll!009B9348 - PWS-LegMir.gen.h.dll!009B9348 at McAfee
File PropertyProperty ValueFile Nameaa17.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength14,895
bytesCRC32009B9348MD58d3c04ed933bf05b0f11f9c92e6f17faSHA12A2C158308260A7A2CCE5559F2A997C88BBD14BCOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACHAAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdld.2F6E95A7ClamAV...
PWS-LegMir.gen.h.dll!80EB96E2 - PWS-LegMir.gen.h.dll!80EB96E2 at McAfee
File PropertyProperty ValueFile Nameaa11.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength15,857
bytesCRC3280EB96E2MD50cfa742b7fbd70926c57d7e9c5b2e575SHA1CA1F11C14391D0CCF1400A69E5C945FE71044BA5Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ACHEAviraTR/Spy.GenBitDefenderGeneric.
Malware.SBdldg.F06FA26CClamA...
PWS-LegMir.gen.h.dll!D32CE04F - PWS-LegMir.gen.h.dll!D32CE04F at McAfee
File PropertyProperty ValueFile Nameaa1.exeMcAfee DetectionPWS-LegMir.gen.h.dllLength17,254
bytesCRC32D32CE04FMD5850f955507c4040667b9d78dc58527eaSHA1DC5AF3392515AF69C4FE30F530EAC63A72E70BBCOther Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/OnlineGameHack.17254.CAVG (GriSoft)Generic10.
ACOCAviraTR/Spy.GenBitDefend...
Generic PUP.x!5DD15E4F - Generic PUP.x!5DD15E4F at McAfee
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are
any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of
and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose,
but th...
Generic PUP.x!67D2E998 - Generic PUP.x!67D2E998 at McAfee
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are
any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of
and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose,
but th...
Generic.dx!2909BA88 - Generic.dx!2909BA88 at McAfee
File PropertyProperty ValueFile Name72.exeMcAfee DetectionGeneric.dxLength168,193
bytesCRC322909BA88MD519b58475a675afa793072ed77549ac17SHA1AAC419A567F3843147895843CB449FAE185634CDOther Common
Detection AliasesCompany NameDetection NameAvastWin32:Agent-GRW [Trj]AviraDR/Drop.Agent.qoa.
55BitDefenderTrojan.Generic.273620Dr.WebTrojan.Clic...
PWS-QQPass.dll!4276189D - PWS-QQPass.dll!4276189D at McAfee
File PropertyProperty ValueFile Name2.exeMcAfee DetectionPWS-QQPass.dllLength59,570
bytesCRC324276189DMD54db298a5701182443a0f7c642342a8baSHA1389A5539B53E30922C0474FE7E2DEF294CF1975AOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Generic10.ADOEAviraTR/ATRAPS.GenBitDefenderDropped:
Generic.Malware.Fdldg.CA8527A3Clam...
TROJ_YABE.BB - TROJ_YABE.BB at Trend Micro
...
Troj/FakeVir-BH - Troj/FakeVir-BH at Sophos
Troj/FakeVir-BH pretends to scan the hard drive and will always find non-existant threats. It
pretends to clean up the threats once the user pays a license fee. Troj/FakeVir-BH
creates the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ...
Troj/Noreger-A - Troj/Noreger-A at Sophos
Troj/Noreger-A is an automated tool used to register accounts on a popular social networking
website. ...
Troj/Agent-GZR - Troj/Agent-GZR at Sophos
Troj/Agent-GZR runs continuously in the background, providing a backdoor server which allows a
remote intruder to gain access and control over the computer via IRC channels. When
first run Troj/Agent-GZR copies itself to
<Root>\recycler\S-1-5-21-1482476501-1644491937-682003330-1013...
Troj/Agent-HAG - Troj/Agent-HAG at Sophos
Troj/Agent-HAG is a downloading Trojan for the Windows platform.
Troj/Agent-HAG copies itself to <System>\exp1orer.exe and creates the following registry entry to run
itself on system restart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
exp1orer.exe ...
Troj/FakeVir-BG - Troj/FakeVir-BG at Sophos
Troj/FakeVir-BG is a Trojan for the Windows platform. Troj/FakeVir-BG
includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/FakeVir-BG will periodically display fake virus alert messages to try and trick the user into
paying a fee b...
Troj/Mdrop-BSQ - Troj/Mdrop-BSQ at Sophos
Troj/Mdrop-BSQ is a Trojan for the Windows platform which installs other malware.
When first run, Troj/Mdrop-BSQ copies itself to <Temp>\tru<random character>.tmp and creates
the following files: <Temp>\rvruytx2.dll <Root>\autorun.inf
...
Mal/ExpJS-H - Mal/ExpJS-H at Sophos
Mal/ExpJS-H is a malicious web page intended to exploit client-side vulnerabililties in order to
download and execute other malicious content.
...
0 writebacks [05/28/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080526
Backdoor:W32/IRCBot.DDR - Backdoor:W32/IRCBot.DDR at F-Secure
A Bot, sometimes referred to as Zombie, is a computer that has been infected with malware that allows a remote
malicious user access to the computer. This Bot attempts to spread via MSN Messenger.
...
Trojan.Spryct - Trojan.Spryct at Norton Symantec
Trojan.Spryct is a Trojan horse that may download files on to the compromised computer.
...
Troj/Agent-GXD - Troj/Agent-GXD at Sophos
...
Troj/Dloadr-BKM - Troj/Dloadr-BKM at Sophos
...
Troj/Dwnldr-HDN - Troj/Dwnldr-HDN at Sophos
Troj/Dwnldr-HDN is a Trojan downloader for the Windows platform. When first
run,Troj/Dwnldr-HDN copies itself to <windows>\csvhost.exe then run it.
Troj/Dwnldr-HDN creates <windows>\file.bat to delete itself. Troj/Dwnldr-HDN has
the functiona...
Troj/Mdrop-BSO - Troj/Mdrop-BSO at Sophos
...
Troj/Rootkit-CP - Troj/Rootkit-CP at Sophos
...
Troj/Wiessy-A - Troj/Wiessy-A at Sophos
...
Troj/Wiessy-Gen - Troj/Wiessy-Gen at Sophos
...
Troj/Ole2Drop-B - Troj/Ole2Drop-B at Sophos
...
Troj/Dloadr-BLX - Troj/Dloadr-BLX at Sophos
Troj/Dloadr-BLX is a downloader Trojan for the Windows platform. When
Troj/Dloadr-BLX is installed the following files are created: <System>\msiesetup.
exe <System>\msupdate.dll The above files are also detected as
Troj/Dloadr-BLX. ...
0 writebacks [05/27/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080525
Trojan.Apisnuf!inf - Trojan.Apisnuf!inf at Norton Symantec
Trojan.Apisnuf!inf is a detection for files that have been infected by Trojan.Apisnuf.
...
Trojan.Apisnuf - Trojan.Apisnuf at Norton Symantec
Trojan.Apisnuf is a Trojan horse that infects .dll files and gathers information from the compromised computer.
...
Spy-Agent.cw!219039D1 - Spy-Agent.cw!219039D1 at McAfee
File PropertyProperty ValueFile Namenogotgen.exeMcAfee DetectionW32/Virut.remnantsLength42,496
bytesCRC32219039D1MD554D4A9BA1F59F54AE0B438EAD222919ASHA17A1235B0C8CD93E753EA8EE001C6DCB3590BB3DBOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)agent.3.sMicrosoftvirus:win32/virut.agNormanw32/virut.
oPandaTrj/Downloader...
Spy-Agent.cw!E6C26B06 - Spy-Agent.cw!E6C26B06 at McAfee
File PropertyProperty ValueFile Namenogotgen.exeMcAfee DetectionW32/Virut.remnantsLength42,496
bytesCRC32E6C26B06MD5926F5F985099FE4E02982CB9C05D6A6DSHA1FBEC707922273260917B54F4F960EA7F4586A608Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)generic6.lzgMicrosoftvirus:win32/virut.
iNormanw32/virut.gPandaTrj/Download...
PWS-Mmorpg.gen!E8AD592E - PWS-Mmorpg.gen!E8AD592E at McAfee
File PropertyProperty ValueFile Nameck3jpg~1.exeMcAfee DetectionPWS-Mmorpg.genLength27,292
bytesCRC32E8AD592EMD5a25c64062da65c9bff4ee8521ce2fec3SHA1469687D69F85E33886C78D0324055011FA08D68AOther Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/QQPass.GenAvastWin32:Delf-EQR [Trj]AVG
(GriSoft)Delf.EVXAviraTR/ATRAPS.Gen...
Mal/VBDos-A - Mal/VBDos-A at Sophos
Mal/VBDos-A is a malicious executable that contains the functionality to launch a denial of
service attack.
...
Troj/Delfin-A - Troj/Delfin-A at Sophos
Troj/Delfin-A is a Trojan that attempts to decrypt a file detected as Mal/IRCBot-C and then inject
it into memory.
...
Troj/Hoplit-A - Troj/Hoplit-A at Sophos
Troj/Hoplit-A is an IRC backdoor Trojan that allows a remote intruder to gain access and control
over the computer via IRC channels. Troj/Hoplit-A attempts to copy itself from the
file winrar.exe to the following files: <System>\syschk.exe
<Windows>\svc...
W32/Tilebot-KX - W32/Tilebot-KX at Sophos
W32/Tilebot-KX is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-KX spreads to other network computers by: Exploiting common buffer overflow
vulnerabilites, including RealVNC (CVE-2006-2369) Weak password MSSQL server spread
Network share sprea...
Troj/Flatse-A - Troj/Flatse-A at Sophos
Troj/Flatse-A is a Trojan for the Windows platform. Troj/Flatse-A attempts
to send messages through AIM and Yahoo IM. Messages include: http:
//<website removed> - check this website out *Search the Web*
...
Troj/Poluma-A - Troj/Poluma-A at Sophos
...
Troj/Poluma-B - Troj/Poluma-B at Sophos
...
Troj/Agent-HAH - Troj/Agent-HAH at Sophos
...
W32/Ircbot-ABW - W32/Ircbot-ABW at Sophos
W32/Ircbot-ABW is a worm with IRC backdoor functionality for the Windows platform.
W32/Ircbot-ABW runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. When first run
W32/I...
0 writebacks [05/26/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080524
PWS-Mmorpg.gen!A6739880 - PWS-Mmorpg.gen!A6739880 at McAfee
File PropertyProperty ValueFile Namesajpg~1.exeMcAfee DetectionNew Malware.huLength24,715
bytesCRC32A6739880MD579fd498b79873fc49e86bd0d9072d5f2SHA17B6CB063E2D2AC4D905A0E88639BA121CC540287Other Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/QQPass.GenAvastWin32:Delf-DUO [Trj]AVG
(GriSoft)Delf.EVYAviraTR/ATRAPS.GenB...
PWS-Mmorpg.gen!16F1C42D - PWS-Mmorpg.gen!16F1C42D at McAfee
File PropertyProperty ValueFile Namec8jpg~1.exeMcAfee DetectionNew Malware.huLength23,673
bytesCRC3216F1C42DMD51af8a64679ec63b6f8113dbc5d755fbcSHA190A517861E17836D5D60F9C5157C851864E86B42Other Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/QQPass.GenAvastWin32:Delf-FGW [Trj]AVG
(GriSoft)Delf.EWLAviraTR/ATRAPS.Gene...
PWS-Mmorpg.gen!5442A5FC - PWS-Mmorpg.gen!5442A5FC at McAfee
File PropertyProperty ValueFile Nameticisms.exeMcAfee DetectionPWS-Mmorpg.genLength20,760
bytesCRC325442A5FCMD57ba9010a9d1fc81f83abb9255b5ff43aSHA15E840BE7C1DB6BACBA7F8937CD4F20D6DC0D93ACOther Common
Detection AliasesCompany NameDetection NameAhnLabDropper/QQPass.20760AvastWin32:OnLineGames-DQS [Trj]AVG
(GriSoft)Generic10.AAIOAviraTR...
PWS-QQPass.dll!4C647849 - PWS-QQPass.dll!4C647849 at McAfee
File PropertyProperty ValueFile Namemfchlp64.exeMcAfee DetectionPWS-QQPass.dllLength17,672
bytesCRC324C647849MD54439d7366d2ff7cc2423f6d02057293fSHA1D53C75BA689A34A72DF01AD562DD24D5236C5BC9Other Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-DQS [Trj]AVG (GriSoft)PSW.OnlineGames.
APZVAviraTR/Dropper.GenBitDefe...
PWS-Mmorpg.gen!F3210265 - PWS-Mmorpg.gen!F3210265 at McAfee
File PropertyProperty ValueFile Namefmsjhif.exeMcAfee DetectionPWS-Mmorpg.genLength19,905
bytesCRC32F3210265MD5a78b6db12e30387ad3339be3aec7a0d8SHA1FB75E5E6DC3C61707C715CDDA03628DB3DEBB82COther Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/OnlineGameHack.19905.BAvastWin32:OnLineGames-DQN
[Trj]AVG (GriSoft)Generic1...
PWS-QQPass.dll!95A3685D - PWS-QQPass.dll!95A3685D at McAfee
File PropertyProperty ValueFile Namefmsiocps.exeMcAfee DetectionPWS-QQPass.dllLength19,740
bytesCRC3295A3685DMD57ed8038cc514febecfa1c587fe5ea46eSHA12A358E5C8C796BDE8BD3136DD64E5A05DAD12941Other Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-DQS [Trj]AVG (GriSoft)Generic10.
ZYVAviraTR/Dropper.GenBitDefenderTro...
PWS-QQPass.dll!850E8F91 - PWS-QQPass.dll!850E8F91 at McAfee
File PropertyProperty ValueFile Namefmsbbqi.exeMcAfee DetectionPWS-QQPass.dllLength19,216
bytesCRC32850E8F91MD5527a05accf77bbb4bd9d00a85f97b71cSHA129ABF886BDDEC1A410DFDB6553118F3837F98064Other Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/OnlineGameHack.19216.DAvastWin32:OnLineGames-DQS
[Trj]AVG (GriSoft)Generic1...
Generic PWS.y!711AD335 - Generic PWS.y!711AD335 at McAfee
File PropertyProperty ValueFile Namecinfonmc.exeMcAfee DetectionGeneric PWS.yLength18,717
bytesCRC32711AD335MD5370b0ac95b8249c33af36b9354ddc2d4SHA100909176063C9C5C103CC7978B3523938A0BA0C6Other Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/OnlineGameHack.18717AvastWin32:OnLineGames-DYA
[Trj]AVG (GriSoft)PSW.Online...
PWS-QQPass.dll!671C9FAC - PWS-QQPass.dll!671C9FAC at McAfee
File PropertyProperty ValueFile Nameatculvuo.exeMcAfee DetectionPWS-QQPass.dllLength20,705
bytesCRC32671C9FACMD59d13a032ddbffaf32f51ccbc2c9b34d1SHA130F15902C1AEB5310301D4904CBB047A079F49C3Other Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/OnlineGameHack.20705AvastWin32:OnLineGames-DJX
[Trj]AVG (GriSoft)Generic10...
Generic.dx!0228059F - Generic.dx!0228059F at McAfee
File PropertyProperty ValueFile Nameanistio.exeMcAfee DetectionGeneric.dxLength16,257
bytesCRC320228059FMD54d71b2a7c68599950c5ca0f68513e5f6SHA1A61584A41BECBE2453D3F3CF56A2C85A90AF0869Other Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-DQS [Trj]AviraHEUR/MalwareBitDefenderTrojan.
PWS.OnlineGames.WQLDr.WebTroj...
Troj/Bckdr-QNQ - Troj/Bckdr-QNQ at Sophos
Troj/Bckdr-QNQ is a Trojan for the Windows platform Troj/Bckdr-QNQ includes
functionality to access the internet and communicate with a remote server via HTTP.
Troj/Bckdr-QNQ sets the following registry entries:
HKCR\SOFTWARE\Classes\CLSID\{EB09879C...
Troj/Dloadr-BLV - Troj/Dloadr-BLV at Sophos
...
Mal/ObfJS-AQ - Mal/ObfJS-AQ at Sophos
Mal/ObfJS-AQ is a script obfuscated in a manner typical of malware.
...
Troj/PWSDlb-B - Troj/PWSDlb-B at Sophos
Troj/PWSDlb-B is a Trojan for the Windows platform. When first run
Troj/PWSDlb-B copies itself to <Windows>\ticisms.exe and creates the file <System>\ticisms.dll.
The following registry entry is created to run ticisms.exe on startup:
HKLM\SOF...
W32/Sohana-AZ - W32/Sohana-AZ at Sophos
W32/Sohana-AZ is a worm for the Windows platform. W32/Sohana-AZ includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Sohana-AZ copies itself to: <Windows>\regsvr.exe
<System&g...
Troj/FakeVir-BF - Troj/FakeVir-BF at Sophos
Troj/FakeVir-BF claims to be an anti-virus scanner called "Antivirus 2008". Troj/FakeVir-BF scans
the computer and reports clean files as being infected with malware. When first run
Troj/FakeVir-BF copies itself to <Program Files>\Antivirus2008\Antvrs.exe and creates the following
files: ...
Troj/GrayBir-L - Troj/GrayBir-L at Sophos
Troj/GrayBir-L is a Trojan for the Windows platform When first run,
Troj/GrayBir-L copies itself to <System>\winlogo.exe and creates the file <System>\Deleteme.bat.
When Troj/GrayBir-L copies itself, it also runs Deleteme.bat which deletes the Trojan from its original
location. ...
Troj/Hupig-F - Troj/Hupig-F at Sophos
...
Troj/IRCBot-ABV - Troj/IRCBot-ABV at Sophos
Troj/IRCBot-ABV runs continuously in the background, providing a backdoor server which allows a
remote intruder to gain access and control over the computer via IRC channels. When
first run Troj/IRCBot-ABV copies itself to <System>\ws2_32.exe. The file ws2_32.
exe is regi...
Troj/KeyLog-JN - Troj/KeyLog-JN at Sophos
...
0 writebacks [05/25/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080523
SpyGuarder - SpyGuarder at Norton Symantec
BehaviorSpyGuarder is a misleading application that may give exaggerated reports of threats on the computer.
...
Generic.dx!4A6F48A6 - Generic.dx!4A6F48A6 at McAfee
File PropertyProperty ValueFile Nameekknmmnt.exeMcAfee DetectionGeneric.dxLength40,960
bytesCRC324A6F48A6MD52521213704DE8FB58FD3E3BD0A296B30SHA1D611212F0529AA07C1087C14E087E488267A0EB5Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)SHeur.BJRTAviraBDS/Small.Proxy.NPBitDefenderTrojan.
Proxy.MRHDr.WebTrojan.Spambot.3...
BackDoor-CKB!2AAD7A73 - BackDoor-CKB!2AAD7A73 at McAfee
File PropertyProperty ValueFile Name1.exeMcAfee DetectionBackDoor-CKBLength242,938
bytesCRC322AAD7A73MD5CBF31BA720F7A7053E2231461F5B8168SHA1D662B0E9C19E697DB0EA78744BC8C5C7930F7077Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)BackDoor.PcClient.2.SAviraTR/Crypt.XPACK.
GenBitDefenderBackdoor.Generic.46559FortiNetW...
PWS-LegMir.dll.a!3052A7DC - PWS-LegMir.dll.a!3052A7DC at McAfee
File PropertyProperty ValueFile Name2008-5~3.exeMcAfee DetectionPWS-LegMir.dll.aLength28,733
bytesCRC323052A7DCMD52eef6f20fe370e9762f17e2e8aa13ff8SHA1642BF1C6148BAF3E09B8BD0DC2F9D4DAD47B43B4Other Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/LmirHack.28733AvastWin32:Lmir-RC [Trj]AVG
(GriSoft)PSW.Legendmir.KDKAvir...
Generic.dx!4D99186A - Generic.dx!4D99186A at McAfee
File PropertyProperty ValueFile Name1265.exeMcAfee DetectionGeneric.dxLength310,788
bytesCRC324D99186AMD54c4d1c80fd25a7cbf44302a5f183227eSHA1CF000E163F6CE01B2E6B62AAA579415C2131FB98Other Common
Detection AliasesCompany NameDetection NameAvastWin32:Ejik-B [Adw]AVG (GriSoft)adware generic3.eyvAviraTR/BHO.
GenBitDefenderTrojan.Generic.26...
PWS-OnlineGames.a!48399F35 - PWS-OnlineGames.a!48399F35 at McAfee
File PropertyProperty ValueFile Nameb7cd1f~1.exeMcAfee DetectionPWS-OnlineGames.aLength23,880
bytesCRC3248399F35MD5b7cd1fcbb1ba2e8d08e6e984ed56d676SHA1E49ACCF6A4C56AA371185DB6E689060EEC3239ADOther Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-CYO [Trj]AVG (GriSoft)PSW.OnlineGames.
APUIAviraTR/PSW.OnlineGames...
PWS-Mmorpg.gen!E6C0FE69 - PWS-Mmorpg.gen!E6C0FE69 at McAfee
File PropertyProperty ValueFile Name9dc074~1.exeMcAfee DetectionPWS-Mmorpg.genLength20,248
bytesCRC32E6C0FE69MD59dc074ab3a53ff9ed8e025f0f697bb25SHA14F86F44C9331CB8AC92788572F9140360434A821Other Common
Detection AliasesCompany NameDetection NameAvastWin32:Agent-CNF [Trj]AVG (GriSoft)Generic10.AAIIAviraTR/ATRAPS.
GenBitDefenderGeneric.P...
Generic PWS.y!1FA9FE71 - Generic PWS.y!1FA9FE71 at McAfee
File PropertyProperty ValueFile Nameyuiabct.exeMcAfee DetectionPWS-QQPass.dllLength20,764
bytesCRC321FA9FE71MD559999524f15b9ed53b8868fad29d8e1bSHA19CC4D0E1282D5406750E47D9DB392EB6FEF50F67Other Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-DAB [Trj]AVG (GriSoft)PSW.OnlineGames.
AQATAviraTR/PSW.OnlineGames.ajh...
PWS-Mmorpg.gen!227BD5F9 - PWS-Mmorpg.gen!227BD5F9 at McAfee
File PropertyProperty ValueFile Nameissms32.exeMcAfee DetectionPWS-QQPass.dllLength19,740
bytesCRC32227BD5F9MD52d566428f7f8c4e15d11084e6dc5db9eSHA185CCC6E642FF357360D08EEFEBFEC295EAE57C56Other Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-DQN [Trj]AVG (GriSoft)PSW.OnlineGames.
APYIAviraTR/PSW.OnlineGames.NVI...
StartPage-FT!449015EB - StartPage-FT!449015EB at McAfee
File PropertyProperty ValueFile Nameupdate~1.exeMcAfee DetectionStartPage-FTLength302,764
bytesCRC32449015EBMD57bf17964bc211d3371815e8602be0dc7SHA17B5E115BF438BA13A0393841EA51C0649C813110Other Common
Detection AliasesCompany NameDetection NameAvastWin32:Trojan-gen {Other}AviraDR/Nsis.StartPage.C.15Dr.
WebTrojan.StartPage.21207eSafe (A...
W32/CEP.worm!33925d66 - W32/CEP.worm!33925d66 at McAfee
This variant was previously detected as Generic.dx since 5269 (April 8th, 2008).The W32/CEP.worm!33925d66
virus is a variant that spread via network shared folders and removable media. It drops the BackDoor-CEP
trojan on infected machines.Upon execution, the worm copies itself to the following locations.%Temp%\mgrShell.
exe %Temp...
0 writebacks [05/24/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080522
DisableSpyware - DisableSpyware at Norton Symantec
BehaviorDisableSpyware is a misleading application that may give exaggerated reports of threats on the
computer....
AdvancedXPFixer - AdvancedXPFixer at Norton Symantec
BehaviorAdvancedXPFixer is a misleading application that may give exaggerated reports of threats on the
computer....
Cutwail!BBD59D95 - Cutwail!BBD59D95 at McAfee
File PropertyProperty ValueFile Name90cfb65e.exeMcAfee DetectionCutwailLength22,016
bytesCRC32BBD59D95MD590CFB65E1341CC57E6F26B83E2B529F0SHA1BE0BFAA79D5E275F14E412150E3DCA1DF38FE0C0Other Common
Detection AliasesCompany NameDetection NameAhnLabDropper/Agent.22016.SAvastWin32:Agent-WOD [Trj]AVG
(GriSoft)Downloader.Agent.AGFUAviraTR/Dro...
Cutwail!42B7B8F8 - Cutwail!42B7B8F8 at McAfee
File PropertyProperty ValueFile Name43475d75.exeMcAfee DetectionCutwailLength22,016
bytesCRC3242B7B8F8MD543475d7569cc7359247e7c0e4145a98dSHA1B34B5561D1559C0587DFE4066AFDF9ADA8397E39Other Common
Detection AliasesCompany NameDetection NameAhnLabDropper/Agent.22016.SAvastWin32:Agent-WOD [Trj]AVG
(GriSoft)Downloader.Agent.AGFUAviraTR/Dro...
PWS-OnlineGames.ad!FC75803D - PWS-OnlineGames.ad!FC75803D at McAfee
File PropertyProperty ValueFile Nameuoys11.exeMcAfee DetectionPWS-OnlineGames.pLength23,504
bytesCRC32FC75803DMD57e5316523e19e64692393439e00abe7aSHA13BBF6EDE7C7929103DDD78C353C1EB1F916F0850Other Common
Detection AliasesCompany NameDetection NameAvastWin32:OnLineGames-CYO [Trj]AviraTR/PSW.OnlineGames.
actdBitDefenderTrojan.PWS.OnlineGa...
PWS-OnlineGames.a!9D6CE6AC - PWS-OnlineGames.a!9D6CE6AC at McAfee
File PropertyProperty ValueFile Namenfoe4.exeMcAfee DetectionPWS-OnlineGames.aLength25,740
bytesCRC329D6CE6ACMD50250807737e6aa1a1ece2baedad3fd01SHA18CD25A80065E77EE2143A0932A9FC978913219D6Other Common
Detection AliasesCompany NameDetection NameAhnLabWin-Trojan/OnlineGameHack.25740AvastWin32:OnLineGames-CYO
[Trj]AVG (GriSoft)PSW.Onlin...
PWS-Gina!5F52AEBB - PWS-Gina!5F52AEBB at McAfee
File PropertyProperty ValueFile Nameservic~1.exeMcAfee DetectionPWS-GinaLength73,728
bytesCRC325F52AEBBMD5E5BB11CFDBD9C84AB4A2E72640D8BE13SHA149102341E6B360AC41688140CC496204908B01D3Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)psw.gina.aMicrosoftpws:win32/ginaNormanw32/mumador.
dSophosTroj/Gina-RSymantecTrojan....
W32/Autorun.worm.g!DAFD1E02 - W32/Autorun.worm.g!DAFD1E02 at McAfee
File PropertyProperty ValueFile Namenewfol~1.exeMcAfee DetectionW32/Autorun.worm.gLength727,040
bytesCRC32DAFD1E02MD5bd2a5d470825ddae0fe681dd88de6432SHA1877BE0DB3EAA0D8678E3F4EC65EE474DB9216E36Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)worm/autoit.bclMicrosoftworm:win32/sohanad.
iSymantecW32.Imaut.ATrend Micr...
W32/YahLover.worm!57DAA242 - W32/YahLover.worm!57DAA242 at McAfee
File PropertyProperty ValueFile Nameregsvr.exeMcAfee DetectionW32/YahLover.wormLength617,343
bytesCRC3257DAA242MD557B1E515EE04FFC7E4C9C17749B48A89SHA100CA44DBC3EF9C571EF820890CAB5D7B0BC26CCDOther Common
Detection AliasesCompany NameDetection NameNormanardamax.eloSymantecTrojan.DropperTrend MicroWORM_DELF.
AFAvert® Labs has observed...
Generic.dx!3B91C132 - Generic.dx!3B91C132 at McAfee
File PropertyProperty ValueFile Nameupdate.exe.exeMcAfee DetectionNew Malware.dqLength102,820
bytesCRC323B91C132MD5fb1c3dd7606ab1d893a7a3fa320308d4SHA1C36F6F2BCC84E7348827004B3580A4AA6558E1BFOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)backdoor.generic8.ipwMicrosoftvirtool:win32/delfinject.
gen!aNormanhupigon.g...
Generic Delphi!7D1AFF6F - Generic Delphi!7D1AFF6F at McAfee
File PropertyProperty ValueFile Namehchae.exeMcAfee DetectionGeneric DelphiLength465,920
bytesCRC327D1AFF6FMD58d0d152bbbe6518ec3cb45defaacd430SHA1349DE629ED8B634FD8740C4E6DE7D3A2D7F64EEEOther Common
Detection AliasesCompany NameDetection NameFortiNet~NEW_VIRUSMicrosoftVirTool:Win32/DelfInject.gen!XTrend
MicroPAK_Generic.006Avert® ...
W32/Autorun.worm.h!E8FBB94E - W32/Autorun.worm.h!E8FBB94E at McAfee
File PropertyProperty ValueFile Nameh8txw.exeMcAfee DetectionW32/Autorun.worm.hLength163,627
bytesCRC32E8FBB94EMD5A250A44ABAB97527BAB87D3DED7EF02BSHA11964D5791BA31EFB359FDDDD0FB4BB87E9BE1991Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)psw.onlinegames.aoMicrosoftworm:win32/taterf.
gen!dTrend MicroCryp_Nsanti-2Av...
W32/Autorun.worm.h!1855CC08 - W32/Autorun.worm.h!1855CC08 at McAfee
File PropertyProperty ValueFile Nameapj.exeMcAfee DetectionW32/Autorun.worm.hLength160,686
bytesCRC321855CC08MD5646844B2FF34F452C94C16C65E4AD2FDSHA1287AA4EE38585FBD649A2CD0E5BCF90FB15FAD62Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)psw.onlinegames.aoMicrosoftworm:win32/taterf.
gen!dSymantecPacked.Generic.61Tre...
Spy-Agent.bg!91CE28A3 - Spy-Agent.bg!91CE28A3 at McAfee
File PropertyProperty ValueFile Name9129837.exeMcAfee DetectionSpy-Agent.bgLength30,208
bytesCRC3291CE28A3MD5C7F00CA1AB53E0006BBE8E5A394DB43ESHA12C89313B47356777AAC4AD5C1DE2FECCD60FA7B3Other Common
Detection AliasesCompany NameDetection NameMicrosofttrojan:win32/meredropAvert® Labs has observed the
following system activities:Acti...
ErrorKiller - ErrorKiller at McAfee
Characteristics -McAfee(R) Avert(R) Labs recognizes that this program may have legitimate uses in contexts
where an authorized administrator has knowingly installed this application. If you agreed to a license
agreement for this, or another bundled application, you may have legal obligations with regard to removing
this software, or ...
Troj/Dload-AR - Troj/Dload-AR at Sophos
...
Troj/Mdrop-BSM - Troj/Mdrop-BSM at Sophos
Troj/Mdrop-BSM is a Trojan for the Windows platform. When run
Troj/Mdrop-BSM copies itself to <System>\cltmon.exe and creates the file <System>\omhdt32.dll. The
file <System>\omhdt32.dll is detected as Troj/KeyLog-KB. The following registry
entries are create...
Troj/Nitfun-A - Troj/Nitfun-A at Sophos
Troj/Nitfun-A is a Trojan that attempts to download and execute further files.
When first run, Troj/Nitfun-A injects itself into the process services.exe.
Troj/Nitfun-A attempts to download a file to the folder <Temp>\<random name><random
numbers>\, where <...
Troj/NtRootK-DM - Troj/NtRootK-DM at Sophos
Troj/NtRootK-DM is a rootkit for the Windows platform.
...
Troj/QQHelp-T - Troj/QQHelp-T at Sophos
...
Troj/ServU-FK - Troj/ServU-FK at Sophos
...
Troj/VB-DZS - Troj/VB-DZS at Sophos
Troj/VB-DZS is a Trojan for the Windows platform. When Troj/VB-DZS is
installed, the Trojan copies itself to: <AllUsers>\MSN\MSN.exe
and creates the following file: <User>\Symantec\Symantec.dat
Th...
VBS/NoMouse-A - VBS/NoMouse-A at Sophos
In order to spread via peer to peer networks, VBS/NoMouse-A will attempt to copy itself to the
following locations: C:\hello C:\shared C:\Program
Files\BearShare\Shared...
Troj/Agent-GZZ - Troj/Agent-GZZ at Sophos
...
Troj/Drop-W - Troj/Drop-W at Sophos
...
0 writebacks [05/23/2008 04:44]
[]
permanent link
|
Virus Malware and Threat News for 20080521
Bloodhound.Exploit.192 - Bloodhound.Exploit.192 at Norton Symantec
Bloodhound.Exploit.192 is a heuristic detection for the files which exploit the Microsoft Word RTF Malformed
String Handling Memory Corruption Remote Code Execution Vulnerability (BID 29104).
...
W32/YahLover.worm!9495F537 - W32/YahLover.worm!9495F537 at McAfee
File PropertyProperty ValueFile Nametff.exeMcAfee DetectionW32/YahLover.wormLength260,608
bytesCRC329495F537MD58baf169cd5b97b46c82193f64a81bbcbSHA16ED4F701877F0DEDA4F5B221C68D9814E20A6FCCOther Common
Detection AliasesCompany NameDetection NameAhnLabWin32/Sohanad.worm.239905AvastWin32:Sohanad-O [Wrm]AVG
(GriSoft)SHeur.BBOOBitDefenderW...
PWS-Goldun!B589DB6F - PWS-Goldun!B589DB6F at McAfee
File PropertyProperty ValueFile Namestp.exeMcAfee DetectionPWS-GoldunLength33,734
bytesCRC32B589DB6FMD506CEB2975EC13883A700462A91E589C8SHA125E41E8F40EC82665B8B194EAE69D93486303194Other Common
Detection AliasesCompany NameDetection NameMicrosoftbackdoor:win32/haxdoorNormanw32/smalltroj.efrvTrend
MicroTROJ_GOLDUN.OZAvert® Labs has o...
AdClicker-FC!42231032 - AdClicker-FC!42231032 at McAfee
File PropertyProperty ValueFile Namectfmona.exeMcAfee DetectionAdClicker-FCLength96,256
bytesCRC3242231032MD57A76D6C597C699706565EE280C9DE3A2SHA1CD8C3D1CE976FE4265D341C8D2950D145D05E782Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)pakes.znMicrosoftprogram:win32/winfixerNormanw32/agent.
fpkoSymantecDownloader.Mis...
Generic FakeAlert.a!725CBC9E - Generic FakeAlert.a!725CBC9E at McAfee
File PropertyProperty ValueFile Nameantvrs.exeMcAfee DetectionGeneric FakeAlert.aLength877,056
bytesCRC32725CBC9EMD56ABA53993CAA98B7C384F6FF28187E83SHA1F833C3C14742BA8EEA933B0CA8825B1F0FCE85C9Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)SHeur.BLFABitDefenderPacker.Malware.Crypter.
HMicrosoftprogram:win32/spyshe...
PWS-Banker.dldr!7A492520 - PWS-Banker.dldr!7A492520 at McAfee
File PropertyProperty ValueFile Namecartao.exeMcAfee DetectionPWS-Banker.dldrLength13,688
bytesCRC327A492520MD5C44064044B2888FA87F18E35FB0E59F0SHA130F938CDDF4CA35D14FD210EC77DD4D5223D4209Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)downloader.banload.rwvMicrosofttrojandownloader:
win32/small.gen!xNormanw32/dloa...
Generic.dx!E364E659 - Generic.dx!E364E659 at McAfee
File PropertyProperty ValueFile Name92029f~1.exeMcAfee DetectionGeneric.dxLength287,964
bytesCRC32E364E659MD592029FF30E96FCDFBF0F6C6EB7500B5CSHA10A1A8BD60AC98CD0AAE844C9C0FB8A5D18CED97DOther Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)downloader.zlobAvert® Labs has observed the
following system activities:Activi...
AdClicker-FC.gen.a!A51173AF - AdClicker-FC.gen.a!A51173AF at McAfee
Avert® Labs has observed the following system activities:ActivityRisk LevelRegisters
DLLsInformationalSystem ChangesThese are general defaults for typical path variables. (Although they may
differ, these examples are common.):%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows
NT/2000)%SystemDir% = \WINDOWS\SYSTEM (Windo...
AdClicker-FC.gen.a!D99F0A9C - AdClicker-FC.gen.a!D99F0A9C at McAfee
Avert® Labs has observed the following system activities:ActivityRisk LevelModifies Memory of Other
ProcessesHighEnumerates open windowsLowRegisters DLLsInformationalSystem ChangesThese are general defaults for
typical path variables. (Although they may differ, these examples are common.):%WinDir% = \WINDOWS (Windows
9x/ME/XP/Vist...
FakeAlert-AG!F9D8432D - FakeAlert-AG!F9D8432D at McAfee
File PropertyProperty ValueFile Namectfmona.exeMcAfee DetectionFakeAlert-AGLength96,256
bytesCRC32F9D8432DMD54037D45AC8AD456CA621C6E707248373SHA186E3E03068AC7203FC463C8150B90EED1EEFADB7Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)generic10.zjrMicrosofttrojan:win32/tibs.
gfSymantecDownloader.MisleadAppTrend Micr...
BackDoor-DPE - BackDoor-DPE at McAfee
This trojan is known to have been used in an attack involving Whitehouse.org. Backdoor trojans provide an
attacker means to instruct an infected computer to take certain actions.When the executable is run on the
victim machine, the trojan copies itself to the following locations. "%WINDIR%\system32\ksews.exe (64,512
bytes)Regist...
Generic FakeAlert.c - Generic FakeAlert.c at McAfee
Generic FakeAlert.c runs a scan automatically once installed and displays multiple false virus detection
warnings as shown below:When the user chooses to clean detected files, a popup window is displayed, enticing
to buy the product.Generic FakeAlert.c adds a new value in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ru...
Ridnu.H - Ridnu.H at Panda
It writes romantic messages when the user accesses the Notepad, it switches off the screen every 5 seconds and
replaces certain files related with images and videos with a copy of itself. It spreads via email and through
the different system drives.
...
Troj/Bckdr-QNP - Troj/Bckdr-QNP at Sophos
When first run Troj/Bckdr-QNP copies itself to <System>\ntsasvc.exe.
The file ntsasvc.exe is registered as a new system driver service named "Security Accounts", with a display
name of "Security Accounts" and a startup type of automatic, so that it is started automatically during system
startu...
Troj/IRCBot-ABT - Troj/IRCBot-ABT at Sophos
Troj/IRCBot-ABT runs continuously in the background, providing a backdoor server which allows a
remote intruder to gain access and control over the computer via IRC channels. When
first run Troj/IRCBot-ABT copies itself to <System>\mdm.exe. The following
registry entries...
Troj/Mbroot-Gen - Troj/Mbroot-Gen at Sophos
Troj/Mbroot-Gen is a family of Trojan rootkit files, usually seen dropped by members of the
Troj/Mbroot or Mal/Sinowa family of malware. Members of this family typically include
functionality to access the internet and communicate with a remote server via HTTP.
...
Troj/NtRootK-DK - Troj/NtRootK-DK at Sophos
Troj/NtRootK-DK is a rootkit Trojan for the Windows platform.
...
Troj/NtRootK-DL - Troj/NtRootK-DL at Sophos
Troj/NtRootK-DL is a kernel driver Trojan for the Windows platform which attempts to silently
sniff network traffic.
...
Troj/Agent-GZW - Troj/Agent-GZW at Sophos
When first run Troj/Agent-GZW copies itself to: <System>\lanmanwrk.
exe and drops the files: <System>\lanmandrv.sys - detected
as Troj/RootKit-CK <System>\qmopt.dll - text file, can be safely deleted.
Re...
W32/Malas-E - W32/Malas-E at Sophos
When first run W32/Malas-E copies itself to: - <Startup>\AdobeUpdate.
exe - <User>\Application Data\usrinit.exe - <Temp>\systray.exe -
<User>\Local Settings\startup.exe - <Common Files>\AdobeUpdate.exe -
<Program ...
W32/Tiotua-Q - W32/Tiotua-Q at Sophos
W32/Tiotua-Q is a Trojan for the Windows platform. W32/Tiotua-Q includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Tiotua-Q copies itself to: <Windows>\regsvr.exe
<System>...
W32/VKon-A - W32/VKon-A at Sophos
W32/VKon-A spreads using the social networking site Vkontakte.ru.
W32/VKon-A executes its payload after 10am on the 25th day of the month. At this time it deletes files from
the C: drive. When run W32/VKon-A copies itself to <Application
Data>\Vkontakte\svc.exe. ...
0 writebacks [05/22/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080520
DisaCKT.B - DisaCKT.B at Panda
It passes itself off as a Word document in order to deceive users and make them think it is an inoffensive
document. It carries out several modifications in the Windows Registry, which prevent the computer from
working properly. It spreads through removable, shared and mapped drives.
...
Adware/XP-Shield - Adware/XP-Shield at Panda
It passes itself off as the Windows Security Center in order to deceive users and warns them of unexisting
threats in their computers. In order to eliminate them, they are enticed to purchase a certain program. It can
be downloaded from the website belonging to the company that has developed it.
...
W32/MarioF-A - W32/MarioF-A at Sophos
...
Mal/PWS-S - Mal/PWS-S at Sophos
...
Troj/Agent-GZT - Troj/Agent-GZT at Sophos
When Troj/Agent-GZT is installed the following files are created:
<User>\Start Menu\Brendom.htm <User>\Start Menu\smss.exe The
following registry entries are created to run Troj/Agent-GZT on startup:
HKCU\Software\Micro...
Troj/BHO-FM - Troj/BHO-FM at Sophos
When Troj/BHO-FM is installed the following files are created:
<Temp>\removalfile.bat - can be safely deleted <System>\<random name>.dll - also
detected as Troj/BHO-FM The file <random name>.dll is registered as a COM object
and s...
Troj/Bifrose-VV - Troj/Bifrose-VV at Sophos
...
Troj/Skintrim-A - Troj/Skintrim-A at Sophos
...
Mal/Badsrc-B - Mal/Badsrc-B at Sophos
Mal/Badsrc-B is a malicious web page that has been compromised to load a script from a malicious
website. ...
Mal/ObfJS-AP - Mal/ObfJS-AP at Sophos
Mal/ObfJS-AP is a script obfuscated in a manner typical of malware.
...
Troj/Agent-GZS - Troj/Agent-GZS at Sophos
...
Troj/Bancos-BEB - Troj/Bancos-BEB at Sophos
Troj/Bancos-BEB is a Trojan for the Windows platform. When first run
Troj/Bancos-BEB copies itself to <System>\scvhost.exe and creates the file <Temp>\~df1af7.tmp.
...
0 writebacks [05/21/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080519
KvmSecure - KvmSecure at Norton Symantec
BehaviorKvmSecure is a misleading application that may give exaggerated reports of threats on the computer.
...
XPSecurityCenter - XPSecurityCenter at Norton Symantec
BehaviorXPSecurityCenter is a misleading application that may give exaggerated reports of threats on the
computer....
W32/Baklajan - W32/Baklajan at McAfee
W32/Baklajan is a parasitic virus that infects Win32 PE executable files.It looks for files on all fixed
drives, starting from “D:”, and infects only files whose extension is “.exe”. It will then not infect other PE
files like DLL, SYS or SCR files.W32/Baklajan can also modify applications icon as shown below:
...
JS_IFRAME.AC - JS_IFRAME.AC at Trend Micro
This JavaScript may be downloaded from certain remote sites.It inserts an IFRAME tag to target sites. The
inserted IFRAME tag contains a link to a certain URL. The said URL hosts another malicious script, which Trend
Micro detects as JS_IFRAME.AD.
...
Troj/Zbot-Q - Troj/Zbot-Q at Sophos
...
Troj/Adload-LN - Troj/Adload-LN at Sophos
When first run Troj/Adload-LN copies itself to <Windows>\livemessenger.com and
creates the file <Windows>\admintxt.txt - can be safely deleted. The following
registry entries are created to run livemessenger.com on startup:
HKLM\SOFTWARE\Microsoft\Wind...
Troj/Dorf-BK - Troj/Dorf-BK at Sophos
When first run Troj/Dorf-BK copies itself to <Windows>\herjek.exe.
The following registry entry is created to run herjek.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run herjek <Windows>\herjek.
exe...
Troj/Dorf-BL - Troj/Dorf-BL at Sophos
When first run Troj/Dorf-BL copies itself to <Windows>\herjek.exe.
The following registry entry is created to run herjek.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run herjek <Windows>\herjek.
exe...
Troj/IRCBot-ABS - Troj/IRCBot-ABS at Sophos
Troj/IRCBot-ABS runs continuously in the background, providing a backdoor server which
allows a remote intruder to gain access and control over the computer via IRC channels.
When first run Troj/IRCBot-ABS copies itself to <System>\mdm.exe. The following
regi...
Troj/Banker-ELS - Troj/Banker-ELS at Sophos
Troj/Banker-ELS modifies the Windows HOSTS file in order to redirect the user from a genuine
online banking site to a phishing site.
...
Troj/Dorf-BJ - Troj/Dorf-BJ at Sophos
...
Troj/IRCBot-ABR - Troj/IRCBot-ABR at Sophos
Troj/IRCBot-ABR is a backdoor Trojan which allows a remote intruder to gain access and control
over the computer. When first run Troj/IRCBot-ABR copies itself to:
<User>\tflfibx.exe <System>\ryiixhp.exe and creates the file
<Tem...
Troj/Mdrop-BSL - Troj/Mdrop-BSL at Sophos
...
Troj/Tibs-UI - Troj/Tibs-UI at Sophos
...
0 writebacks [05/20/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080518
Troj/Clicker-EU - Troj/Clicker-EU at Sophos
...
Troj/NtRootK-DH - Troj/NtRootK-DH at Sophos
Troj/NtRootK-DH is a rootkit Trojan for the Windows platform.
...
Troj/Hupigon-TC - Troj/Hupigon-TC at Sophos
...
JS/OperaExp-A - JS/OperaExp-A at Sophos
JS/OperaExp-A exploits the Opera web browser.
...
Troj/Dloadr-BLT - Troj/Dloadr-BLT at Sophos
Troj/Dloadr-BLT is a downloader Trojan for the Windows platform.
Troj/Dloadr-BLT typically arrives as an email attachment with the filename Jolie.exe. Subject lines include:
New "Something Hot" Something hot Hot news Hot pictures
Par...
Troj/KillAV-EU - Troj/KillAV-EU at Sophos
Troj/KillAV-EU is a Trojan for the Windows platform. Troj/KillAV-EU
includes functionality to terminate security and anti-virus applications.
...
0 writebacks [05/19/2008 04:45]
[]
permanent link
|
Virus Malware and Threat News for 20080517
W32.Tufik.E - W32.Tufik.E at Norton Symantec
W32.Tufik.E is a worm that spreads through removable drives and infects .exe files on the compromised computer.
...
W32.Tufik.E!inf - W32.Tufik.E!inf at Norton Symantec
W32.Tufik.E!inf is a detection for files infected with W32.Tufik.E.
...
Bat/Mumu-B - Bat/Mumu-B at Sophos
Bat/Mumu-B, like Bat/Mumu-A, is a network worm that consists of a collection of tools and scripts used to
discover and exploit common configurationproblems of the IPC$ share on Windows computers. Vulnerable systems
are found by scanning random IP addresses. The worm spreads by copying the files ntservice.bat and ipcnl.exe
to the Wind...
Troj/DwnLdr-HDR - Troj/DwnLdr-HDR at Sophos
...
W32/Namor-A - W32/Namor-A at Sophos
W32/Namor-A is a Trojan for the Windows platform. When first run
W32/Namor-A copies itself to: <Startup>\ms-dos.exe
W32/Namor-A also copies itself to \omran.exe on drives C: to M:.
...
Troj/HideProc-M - Troj/HideProc-M at Sophos
Troj/HideProc-M is a utility DLL to hide active processes. Troj/HideProc-M
is installed by malware such as Troj/FakeAle-BJ.
...
Troj/Traf-A - Troj/Traf-A at Sophos
Troj/Traf-A is an adware related DLL for the Windows platform.
...
0 writebacks [05/18/2008 04:44]
[]
permanent link
|
Virus Malware and Threat News for 20080516
Trojan.Cymdos - Trojan.Cymdos at Norton Symantec
Trojan.Cymdos is a Trojan horse that performs denial of service attacks. It may also download files on to the
computer....
Generic Adware.a!F1EE19C7 - Generic Adware.a!F1EE19C7 at McAfee
During the initialization phase, which is initiated by its dropper, Generic Adware.a!F1EE19C7 will first
unpack itself, then proceed in checking if it is executing under a VMWare image. This operation is done to
make analysis of the sample more difficult.In case VMWare is detected, Generic Adware.a!F1EE19C7 will
just terminate w...
PWS-LDPinch!cf5fc8ee - PWS-LDPinch!cf5fc8ee at McAfee
On execution, the trojan searches the system for usernames and passwords from email- and FTP-clients.The
stolen information get posted to a webserver.It does not modify the Windows Registry and does not get loaded
automatically during the boot process.
...
TROJ_ALUREON.AI - TROJ_ALUREON.AI at Trend Micro
...
TROJ_AGENT.AORZ - TROJ_AGENT.AORZ at Trend Micro
...
MS08-029 - MS08-029 at Panda
It is a group of moderate vulnerabilities in the Microsoft Malware Protection Engine, which allows to launch
Denial of Service attacks.
...
MS08-028 - MS08-028 at Panda
It is a critical vulnerability in the Jet 4.0 Database Engine, which allows hackers to gain remote control of
the affected computer with the same privileges as the logged-on user.
...
MS08-027 - MS08-027 at Panda
It is a critical vulnerability in certain versions of Publisher, which allows hackers to gain remote control
of the affected computer with the same privileges as the logged-on user.
...
MS08-026 - MS08-026 at Panda
It is a group of critical vulnerabilities in certain versions of Word, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged-on user.
...
Radulambu.C - Radulambu.C at Panda
It carries out several modifications in the Windows Registry, which prevent the computer from working properly.
It disables the function Search of the Start menu and System Restore. It spreads through removable, shared
and mapped drives....
ManClick.C - ManClick.C at Panda
It passes itself off as Google's original website in order to deceive users and carries out several
modifications in the Windows Registry, which prevent the computer from working properly. It distributes via
spam messages....
Perwall.A - Perwall.A at Panda
It many copies of itself in several directories of the affected computer. It spreads through removable, shared
and mapped drives....
Ceckno.J - Ceckno.J at Panda
It opens a port and remains listening and waiting for remote control instructions, such as downloading or
deleting files from the affected computer. It does not spread automatically by its own means.
...
ManClick.B - ManClick.B at Panda
It passes itself off as Google's original website in order to deceive users and carries out several
modifications in the Windows Registry, which prevent the computer from working properly. It spreads through
removable, shared and mapped drives.
...
Kukuku.A - Kukuku.A at Panda
Its main aim is to infect the PE files (Portable Executable) it finds in the infected computer. It downloads
several samples of malware to the affected computer, among them several Trojans and adware programs.
...
Troj/FakeVir-BE - Troj/FakeVir-BE at Sophos
Troj/FakeVir-BE pretends to scan host computer and will always find infections. It then asks the
user to pay before pretending to clean the infections it found.
...
W32/Sality-AO - W32/Sality-AO at Sophos
...
Troj/Zapchas-EA - Troj/Zapchas-EA at Sophos
Troj/Zapchas-EA is a backdoor IRC Trojan. Troj/Zapchas-EA drops the
following files: <Windows>\system\script.ini
<Windows>\system\svchost.exe The file script.ini is detected as Troj/Zapchas-EA.
The file svchost.exe is the mIRC appl...
JS/Psyme-JA - JS/Psyme-JA at Sophos
...
Mal/ObfJS-X - Mal/ObfJS-X at Sophos
Mal/ObfJS-X uses obfuscation to run other malware.
...
Troj/BHO-FL - Troj/BHO-FL at Sophos
...
Troj/Mdrop-BSJ - Troj/Mdrop-BSJ at Sophos
...
Troj/Zlob-AKV - Troj/Zlob-AKV at Sophos
...
0 writebacks [05/17/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080515
Troj/Dwnldr-HCD - Troj/Dwnldr-HCD at Sophos
Troj/Dwnldr-HCD is a Trojan downloader for the Windows platform.
Troj/Dwnldr-HCD has the functionality to: -download files from preconfigured URLs to following
files <system>\gbpsvn.exe <system>\installplugs.exe
<system>...
Troj/Mdrop-BRH - Troj/Mdrop-BRH at Sophos
Troj/Mdrop-BRH drops the file <Windows>\Debug\<random number>.dll which is detected as
Mal/LineDLL-B.
...
Troj/JShlEx-A - Troj/JShlEx-A at Sophos
Troj/JShlEx-A Is a javascript malware that downloads executable code from a hardcoded URL by using
a HTTP GET request. Executable code is then executed on the host system.
...
Mal/Behav-236 - Mal/Behav-236 at Sophos
...
Mal/Dbot-A - Mal/Dbot-A at Sophos
Mal/Dbot-A is a file with behavioral characteristics typical of backdoor Trojans.
Typical functionality includes: Installation of itself in a system folder and
setting of a runkey; Accessing the internet to communicate with a remote server via HTTP;
Possi...
Mal/ObfJS-AO - Mal/ObfJS-AO at Sophos
Mal/ObfJS-AO is a script obfuscated in a manner typical of malware.
...
Troj/Agent-GZM - Troj/Agent-GZM at Sophos
Troj/Agent-GZM when run copies itself to the <System> folder as kd???.exe and creates the
following registry entry so that it autoruns at startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System "kd???.
exe"...
Troj/Dloadr-BLS - Troj/Dloadr-BLS at Sophos
Troj/Dloadr-BLS when run downloads malware to the following files:
<Windows>\sysinfo.exe <Windows>\Sistema <System>\cservice
<System>\removegb.
sys...
0 writebacks [05/16/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080514
Spyware.SpyMan - Spyware.SpyMan at Norton Symantec
BehaviorSpyware.SpyMan is a spyware program that may steal information from the computer.
...
XPShield - XPShield at Norton Symantec
BehaviorXPShield is a misleading application that may give exaggerated reports of threats on the computer.
...
W32/Mariofev.worm - W32/Mariofev.worm at McAfee
Files AddedUpon execution, this worm drops a number of files of executable format. %SYSDIR%\bmf.cs
%SYSDIR%\ccs.so %SYSDIR%\gh.l %SYSDIR%\mn.n %SYSDIR%\ntpl.bin %SYSDIR%\nvrsma.dll %SYSDIR%\[Random name]
%SYSDIR%\yl.po Files ModifiedIt modifies the following files:%SYSDIR%\user32.dll
%SYSDIR%\dllcache\user32.dll RegistryIt...
Troj/Dloadr-BLR - Troj/Dloadr-BLR at Sophos
Troj/Dloadr-BLR creates the following registry value:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
InstallProgram...
Troj/Iframe-AD - Troj/Iframe-AD at Sophos
Troj/Iframe-AD is an iframe with a src= attribute pointing to a malicious script or an html file
containing malicious script.
...
Troj/RPExpl-A - Troj/RPExpl-A at Sophos
Troj/RPExpl-A is a Trojan for the Windows platform. Troj/RPExpl-A uses an
exploit in Windows RealPlayer to cause cause the download and execution of files from a remote site.
Information on this exploit can be found here: http://service.real.
com/realplayer/security...
Troj/Zlob-AKU - Troj/Zlob-AKU at Sophos
Troj/Zlob-AKU creates a toolbar in Internet Explorer with the following buttons: -
Remove Popups - Scan Spyware - Security Test - Spam Protection
Troj/Zlob-AKU displays a message in the Internet Explorer window with text: "Warning:
possibl...
W32/Autorun-EA - W32/Autorun-EA at Sophos
W32/Autorun-EA copies itself to removable media as: <Root>\pagefile.
exe and creates an autorun.inf file in an attempt to automatically start itself on
insertion. When first run W32/Autorun-EA creates the following registry entry to start
itself: ...
Mal/Hupig-E - Mal/Hupig-E at Sophos
Mal/Hupig-E detects behavior associated with known malware. Please send a sample to Sophos if you
require further analysis.
...
Troj/MalDoc-H - Troj/MalDoc-H at Sophos
Troj/MalDoc-H is a corrupt Excel document containing malicious executable code.
...
Troj/Psyme-GZ - Troj/Psyme-GZ at Sophos
Troj/Psyme-GZ is a Trojan for the Windows platform. Troj/Psyme-GZ uses the
ADODB vulnerability to download and execute files from a remote site. At the time of writing, the downloaded
file is detected as Troj/Agent-GYS. Further details about the ADODB vulnerability are
availab...
Troj/Zlobar-B - Troj/Zlobar-B at Sophos
Troj/Zlobar-B detects installation archives containing Zlob Trojans.
Members of Troj/Zlobar-B typically claim to be installers for media codecs or access to pornagraphic material,
but they also install a component which attempt to download and execute files from remote websites.
...
0 writebacks [05/15/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080513
Trojan-Spy:HTML/Fraud - Trojan-Spy:HTML/Fraud at F-Secure
Trojan-Spy.HTML.Fraud detects fraudulent e-mail messages and website HTML.
...
MalwareScanner - MalwareScanner at Norton Symantec
BehaviorMalwareScanner is a misleading application that may give exaggerated reports of threats on the
computer....
Troj/DwnLdr-HDJ - Troj/DwnLdr-HDJ at Sophos
...
W32/AutoRun-DY - W32/AutoRun-DY at Sophos
W32/AutoRun-DY is a worm for the Windows platform. When first run
W32/AutoRun-DY copies itself to <System>\kxvo.exe and creates the following files:
<Temp>\uci.dll - detected as W32/AutoRun-DY <System>\fool0.dll - detected as
W32/AutoRun-DY <Syst...
Troj/Dloadr-BLQ - Troj/Dloadr-BLQ at Sophos
...
Troj/Dorf-BI - Troj/Dorf-BI at Sophos
When first run Troj/Dorf-BI copies itself to <Windows>\kavir.exe. The
following registry entry is created to run kavir.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run kavir <Windows>\kavir.
exe...
W32/Sality-AN - W32/Sality-AN at Sophos
W32/Sality-AN is a file broken during an attempted infection by the W32/Sality-AM virus, in a way
that is usually still disinfectable, although any appended data will definitely have been lost during the
infection.
...
W32/Sohana-AX - W32/Sohana-AX at Sophos
W32/Sohana-AX is a worm and backdoor Trojan which allows a remote intruder to gain access and
control over the computer. W32/Sohana-AX includes functionality to access the internet
and communicate with a remote server via HTTP. When first run W32/Sohana-AX copies
itself to: ...
Troj/Dload-AN - Troj/Dload-AN at Sophos
Troj/Dload-AN is a Trojan for the Windows platform. Troj/Dload-AN includes
functionality to download, install and run new software.
...
Troj/FakeVir-BD - Troj/FakeVir-BD at Sophos
Troj/FakeVir-BD scans the computer and always reports that it has found viruses.
Troj/FakeVir-BD then asks the user to register the software before pretending to clean up the viruses it
supposedly found....
Troj/Iyus-V - Troj/Iyus-V at Sophos
Troj/Iyus-V is a Trojan for the Windows platform. Troj/Iyus-V includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Iyus-V copies itself to <System>\mshelp.exe and creates the file <System>\sqla.
dll. The fi...
0 writebacks [05/14/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080512
Virus:W32/Small.AJ - Virus:W32/Small.AJ at F-Secure
Virus:W32/Small.AJ is a simple partially encrypted appending parasitic file infector. The virus does not have
any other payload in addition to spreading itself.
...
Infostealer.Fertippy - Infostealer.Fertippy at Norton Symantec
Infostealer.Fertippy is a Trojan horse that steals FTP account details and may infect files on FTP servers.
...
CpuSpike - CpuSpike at Norton Symantec
BehaviorCpuSpike is a security assessment tool that increases CPU usage.
...
Bloodhound.Exploit.189 - Bloodhound.Exploit.189 at Norton Symantec
Bloodhound.Exploit.189 is a heuristic detection for files that attempt to exploit the Microsoft Works 7
'WkImgSrv.dll' ActiveX Control Remote Code Execution Vulnerability (BID 28820).
...
Troj/Clicker-ET - Troj/Clicker-ET at Sophos
...
Troj/RKSal-Gen - Troj/RKSal-Gen at Sophos
Troj/RKSal-Gen is a family of Trojans for the Windows family, usually seen dropped by members of
the Sality family of viruses. Members of Troj/RKSal-Gen usually attempt to terminate
processes and filter network traffic related to anti-virus applications.
...
Troj/VB-DZP - Troj/VB-DZP at Sophos
...
Troj/VBLima-Gen - Troj/VBLima-Gen at Sophos
...
W32/Autoit-H - W32/Autoit-H at Sophos
W32/Autoit-H is a worm for the Windows platform. When first run
W32/Autoit-H copies itself to the Windows folder and creates the file <Windows>\pc-off.bat.
...
Troj/PrivZone-A - Troj/PrivZone-A at Sophos
Troj/PrivZone-A resets the Internet Privacy Zone settings to medium for Internet Explorer.
...
W32/Niya-C - W32/Niya-C at Sophos
W32/Niya-C is a worm for the Windows platform. W32/Niya-C includes
functionality to access the internet and communicate with a remote server via HTTP.
W32/Niya-C spreads by copying itself to removable media. When first run W32/Niya-C
copies itself to: ...
W32/Sality-AD - W32/Sality-AD at Sophos
W32/Sality-AD is a virus for the Windows platform that may corrupt files as it infects them.
...
W32/Sality-AP - W32/Sality-AP at Sophos
W32/Sality-AP is a file broken during an attempted infection by the W32/Sality-AD virus, in a way
that is usually still disinfectable, although any appended data will definitely have been lost during the
infection....
0 writebacks [05/13/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080511
Trojan-Dropper:W32/Agent.REK - Trojan-Dropper:W32/Agent.REK at F-Secure
Trojan-Dropper:W32/Agent.REK drops and executes other malware applications on the infected system, thus
compromising system security.
...
W32/Stayt.a - W32/Stayt.a at McAfee
Upon execution, the infected files drops and loads the dll file in to the temp path:%UserProfile%\Local
Settings\Temp\{random characters}.tmp 33,280 bytes (detected as Generic.dx)(where %UserProfile% is the default
profile folder for the current user, for example C:\Documents and Settings\<USERNAME> )This dll file
searches fo...
FDoS-BEnergy!740DEC3A - FDoS-BEnergy!740DEC3A at McAfee
When executed FDoS-BEnergy copies itself to the system folder and establishes itself as a Windows service. An
additional change is made to the system registry that alters security around creation of raw network sockets.
This change removes the normal security check requrining that a process attempting to create a raw socket have
admi...
TROJ_DNSCHANG.CS - TROJ_DNSCHANG.CS at Trend Micro
This Trojan may be dropped by other malware. It may be installed manually by a user. It may be downloaded
unknowingly by a user when visiting malicious Web sites.It creates folders.It creates registry entries to
enable its automatic execution at every system startup. It creates registry key(s)/entry(ies) as part of its
installatio...
Troj/Binder-C - Troj/Binder-C at Sophos
...
Troj/DwnLdr-HDE - Troj/DwnLdr-HDE at Sophos
...
Troj/IRCBot-ABQ - Troj/IRCBot-ABQ at Sophos
...
Troj/IRCBot-ZC - Troj/IRCBot-ZC at Sophos
...
Troj/PWS-ARE - Troj/PWS-ARE at Sophos
...
Troj/ShlBack-A - Troj/ShlBack-A at Sophos
...
Troj/FakeVir-BB - Troj/FakeVir-BB at Sophos
Troj/FakeVir-BB claims to be an anti-virus scanner called "XP antivirus protection".
Troj/FakeVir-BB scans the computer and reports clean files as being infected with malware.
When Troj/FakeVir-BB is installed the following files are created:
<User>\Application Data\Mic...
Troj/Iframe-AC - Troj/Iframe-AC at Sophos
...
Troj/Psyme-IT - Troj/Psyme-IT at Sophos
...
Troj/Psyme-IU - Troj/Psyme-IU at Sophos
...
0 writebacks [05/12/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080510
TROJ_ALUREON.AH - TROJ_ALUREON.AH at Trend Micro
...
JS_SMALL.QT - JS_SMALL.QT at Trend Micro
...
W32/Thili-A - W32/Thili-A at Sophos
W32/Thili-A is a worm for the Windows platform. W32/Thili-A may attempt to
copy itself to random filenames with a number of extensions, in particular replacing files from the following
location in order to run itself automatically on startup:
HKLM\SOFTWARE\Microsoft\Windows\Cu...
Troj/Pushdo-J - Troj/Pushdo-J at Sophos
Troj/Pushdo-J is a Trojan that has been seen seeded out as a ZIP attachment in spam emails, for
example claiming to contain a screensaver of Scarlett Johansson undressing.
...
Troj/Shark-D - Troj/Shark-D at Sophos
...
Troj/Shark-E - Troj/Shark-E at Sophos
...
Troj/Tipiki-Fam - Troj/Tipiki-Fam at Sophos
Troj/Tipiki-Fam is a family of Trojans for the Windows platform. Members of
Troj/Tipiki-Fam usually copy themselves to the Windows system folder and create a service to run themselves on
startup. Members of Troj/Tipiki-Fam typically attempt to download a file from a remote
web...
Troj/Tipiki-Gen - Troj/Tipiki-Gen at Sophos
Troj/Tipiki-Gen is a family of Trojans for the Windows platform. Members of
Troj/Tipiki-Gen usually copy themselves to the Windows system folder and create a service to run themselves on
startup. Members of Troj/Tipiki-Gen typically attempt to download a file from a remote
web...
Mal/ZipMal-A - Mal/ZipMal-A at Sophos
...
Troj/Agent-GYY - Troj/Agent-GYY at Sophos
Troj/Agent-GYY is a Trojan for the Windows platform. Troj/Agent-GYY
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-GYY copies itself to <Windows>\Debug\UserMode\bqhrmug.exe and creates the
following ...
0 writebacks [05/11/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080509
Worm:W32/AutoRun.CNS - Worm:W32/AutoRun.CNS at F-Secure
Files detected as Worm.Win32.AutoRun.cns can render any system unusable if the date is the 21st of the month.
It does so by deleting the system files. This worm also spread via removable drives and terminates system
processes as well as Anti-Virus processes.
...
Trojan.Virantix.C - Trojan.Virantix.C at Norton Symantec
Trojan.Virantix.C is a Trojan that attempts to end antivirus applications, displays a fake security alert and
attempts to download misleading applications.
...
W32.Mariofev.A - W32.Mariofev.A at Norton Symantec
W32.Mariofev.A is a worm that spreads by copying itself to network shares on the compromised computer.
...
AntiVirus2008 - AntiVirus2008 at Norton Symantec
BehaviorAntiVirus2008 is a misleading application that may give exaggerated reports of threats on the computer.
...
W32.Zapinit - W32.Zapinit at Norton Symantec
W32.Zapinit is a worm that spreads via network shares.
...
FDoS-Tatol - FDoS-Tatol at McAfee
FDoS-Tatol will use ARP spoofing on the local LAN. It will sniff for HTTP replies and inject a
JS script into the body of the HTML page. The script embeds an IFrame which points to a remote site
hosting malicious scripts.The following site was found to host these malicious scripts:http://user1.
33-[removed].nethttp...
TROJ_VUNDO.AO - TROJ_VUNDO.AO at Trend Micro
...
TROJ_ZLOB.CCW - TROJ_ZLOB.CCW at Trend Micro
...
TROJ_DLOAD.HZ - TROJ_DLOAD.HZ at Trend Micro
This Trojan may be installed manually by a user. It may be downloaded unknowingly by a user when visiting
malicious Web sites.It accesses a certain URL to download a file, which in turn is used to download and
execute other malware into the afftected system. The downloaded file contains a list of URLs.
...
WORM_NUWAR.APJ - WORM_NUWAR.APJ at Trend Micro
...
Troj/Agent-GYX - Troj/Agent-GYX at Sophos
...
Troj/Maha-T - Troj/Maha-T at Sophos
Troj/Maha-T is a Trojan for the Windows platform. When first run
Troj/Maha-T copies itself to: <Root>\smartass.dat
<Windows>\cnssr.exe and creates the following file:
<Windows>\sqlserver.dll ...
W32/Expiro-D - W32/Expiro-D at Sophos
...
Mal/Behav-230 - Mal/Behav-230 at Sophos
Mal/Behav-230 is a program which displays characteristics which are exclusive to malware.
...
Troj/Dloadr-BLM - Troj/Dloadr-BLM at Sophos
Troj/Dloadr-BLM is a Trojan for the Windows platform. When
first run Troj/Dloadr-BLM copies itself to <System>\maxpaynow1.exe.
Troj/Dloadr-BLM will attempt to download further malware from the internet and save them to
<System>\maxpaynow.exe. ...
Troj/SpyAgent-I - Troj/SpyAgent-I at Sophos
Troj/SpyAgent-I is a Trojan for the Windows platform.
Troj/SpyAgent-I includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/SpyAgent-I is installed the following files are created:
<System&g...
Mal/IRCBot-B - Mal/IRCBot-B at Sophos
Mal/IRCBot-B is a Trojan for the Windows platform. Mal/IRCBot-B runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels.
...
Troj/Angel-C - Troj/Angel-C at Sophos
...
Troj/Banker-ELR - Troj/Banker-ELR at Sophos
...
0 writebacks [05/10/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080508
Mal/ObfJS-AM - Mal/ObfJS-AM at Sophos
Mal/ObfJS-AM is a maliciously obfuscated script often seen associated with browser exploit
toolkits which attempt to download and execute a further file by exploiting a variety of browser
vulnerabilities.
...
Troj/Agent-GYQ - Troj/Agent-GYQ at Sophos
...
Troj/Agent-GYR - Troj/Agent-GYR at Sophos
...
Troj/Agent-GYU - Troj/Agent-GYU at Sophos
...
Troj/Bckdr-QNL - Troj/Bckdr-QNL at Sophos
...
Troj/Dropr-H - Troj/Dropr-H at Sophos
...
Troj/IRCBot-ABP - Troj/IRCBot-ABP at Sophos
Troj/IRCBot-ABP is a Trojan for the Windows platform. Troj/IRCBot-ABP runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/IRCBot-ABP copies
itself to ...
Troj/Lineag-DN - Troj/Lineag-DN at Sophos
Troj/Lineag-DN displays 2 pictures of a woman celebrating her birthday with cake.
When Troj/Lineag-DN is installed the following files are created:
<Temp>\RarSFX0\8.sfx.exe <Temp>\RarSFX0\mm1\1.jpg <Temp>\RarSFX0\mm1\2.
jpg <...
Troj/MDrop-BSG - Troj/MDrop-BSG at Sophos
...
Troj/Mdrop-BSH - Troj/Mdrop-BSH at Sophos
...
0 writebacks [05/09/2008 04:44]
[]
permanent link
|
Virus Malware and Threat News for 20080507
W32.Wowinzi.A - W32.Wowinzi.A at Norton Symantec
W32.Wowinzi.A is a worm that spreads through mapped, fixed drives removable drives and drops additional
malware on to the compromised computer. It also steals confidential information.
...
JS.Faizal - JS.Faizal at Norton Symantec
JS.Faizal is a JavaScript-based worm that attempts to copy itself to all fixed and removable drives on the
compromised computer.
...
TROJ_DROPPER.IWP - TROJ_DROPPER.IWP at Trend Micro
This Trojan may be installed manually by a user. It may also be downloaded unknowingly by a user when visiting
malicious Web sites.This Trojan drops several component files, some of which are detected as TSPY_LEGMIR.BJN.
It then executes the dropped files. As a result, malicious routines of the dropped files are exhibited on the
affe...
JS_DLDR.AW - JS_DLDR.AW at Trend Micro
This malicious JavaScript may be hosted on a compromised Web site and triggers a set of redirections when a
user accesses the said Web site.Eventually, the affected user is redirected to certain URLs that host files
detected by Trend Micro as JS_DLOADER.AEHM and TROJ_REALPLAY.BR.
...
TROJ_REALPLAY.BR - TROJ_REALPLAY.BR at Trend Micro
This Trojan may be downloaded after a series of redirections triggered by JS_DLDR.AW.It takes advantage of a
known vulnerability in several versions of the media player RealPlayer. The said vulnerability causes a stack
overflow and allows the download of possibly malicious files on the affected system.More information on this
vulnera...
JS_DLOADER.AEHM - JS_DLOADER.AEHM at Trend Micro
This malicious JavaScript file may be downloaded after a series of redirections triggered by JS_DLDR.AW.It
accesses a certain URL to download a malicious file that is detected by Trend Micro as TROJ_AGENT.AKVP. It
then executes the downloaded file(s). As a result, malicious routines of the downloaded files are exhibited on
the affect...
TROJ_MULDROP.CF - TROJ_MULDROP.CF at Trend Micro
This Trojan may arrive bundled with malware packages as a malware component. It may be downloaded unknowingly
by a user when visiting malicious Web site(s).Upon execution, it floods the system by creating multiple
identical processes. This may eventually lead affected systems to crash.
...
Troj/Agent-GYI - Troj/Agent-GYI at Sophos
...
Troj/Badsrc-B - Troj/Badsrc-B at Sophos
Troj/Badsrc-B is a web page that has been compromised to load a script from a malicious website.
...
Troj/BHODLL-F - Troj/BHODLL-F at Sophos
...
Troj/Dloadr-BLJ - Troj/Dloadr-BLJ at Sophos
Troj/Dloadr-BLJ is a Trojan downloader for the Windows platform.
Troj/Dloadr-BLJ downloads further malware to <System>\imglog.exe.
...
Troj/DwnLdr-HDB - Troj/DwnLdr-HDB at Sophos
...
Troj/FakeAle-BE - Troj/FakeAle-BE at Sophos
Troj/FakeAle-BE is a Trojan for the Windows platform. Troj/FakeAle-BE
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/FakeAle-BE is installed the following files are created: <Current
Folder>\r...
Troj/Kbot-A - Troj/Kbot-A at Sophos
Troj/Kbot-A is a Trojan for the windows platform. When first run
Troj/Kbot-A copies itself to <System>\Spcvls.exe and creates the following files:
<System>\Spcvls.dll <System>\Spcvls.ini <System>\Spcvls.sys
T...
Troj/Keylog-KF - Troj/Keylog-KF at Sophos
...
Troj/Mdrop-BSF - Troj/Mdrop-BSF at Sophos
Troj/Mdrop-BSF is a Trojan for the Windows platform. When Troj/Mdrop-BSF is
installed it creates the files <Temp>\dat1.tmp - detected as Troj/Agent-GXV
<Temp>\dat2.tmp - detected as Mal/Behav-119 Registry entries are set as
follows...
Troj/Psyme-IQ - Troj/Psyme-IQ at Sophos
...
0 writebacks [05/08/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080506
W32.Madag.A - W32.Madag.A at Norton Symantec
W32.Madag.A is a worm that spreads by copying itself to removable storage devices and infects .doc files.
...
VBS.Solow.F - VBS.Solow.F at Norton Symantec
VBS.Solow.F is a worm that spreads by copying itself to fixed and removable drives.
...
Downloader.Lozavita - Downloader.Lozavita at Norton Symantec
Downloader.Lozavita is a Trojan horse that downloads potentially malicious code on to the compromised computer.
...
Downloader-UA.h - Downloader-UA.h at McAfee
Downloader-UA.h trojans are fake music and video files associated with fastmp3player.com. File sizes vary as
these files are padded with nulls. The file names varies as well. Here are some of the samples file names.
preview-t-3545425-adult.mpgpreview-t-3545425-changing times earth wind .mp3preview-t-3545425-girls
aloud st ...
TROJ_MULDROP.CFG - TROJ_MULDROP.CFG at Trend Micro
This Trojan may arrive bundled with malware packages as a malware component. It may be downloaded unknowingly
by a user when visiting malicious Web site(s).Upon execution, it floods the system by creating multiple
identical processes. This may eventually lead affected systems to crash.
...
TROJ_DROPPER.MGZ - TROJ_DROPPER.MGZ at Trend Micro
...
TROJ_DROPPER.MAV - TROJ_DROPPER.MAV at Trend Micro
This Trojan arrives as attachment to email messages spammed by another malware or a malicious user. It may be
dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.It
creates folders. It drops file(s)/component(s) detected by Trend Micro as TSPY_ONLINEG.KLS.
...
TROJ_SELEX.A - TROJ_SELEX.A at Trend Micro
This Trojan arrives as attachment to email messages spammed by another malware or a malicious user. It may be
downloaded unknowingly by a user when visiting malicious Web sites.It creates registry key(s)/entry(ies). It
also modifies the registry key(s)/entry(ies) to lower Internet Security Zone settings.It accesses Web sites to
downl...
Troj/Cabad-Fam - Troj/Cabad-Fam at Sophos
Troj/Cabad-Fam is a family of Trojans that attempt to drop more malicious files, often called
Acrobat.exe and detected as Mal/DllHook-A. This family of Trojans is usually seen on
websites pointed to by spam. which is usually related to a complaint, subpoena, tax refund, etc.
...
Troj/FakeVir-BA - Troj/FakeVir-BA at Sophos
...
Troj/Keygen-BX - Troj/Keygen-BX at Sophos
Troj/Keygen-BX is a key generator for Tunebite software.
...
Troj/Lingosky-E - Troj/Lingosky-E at Sophos
...
W32/Braban-Gen - W32/Braban-Gen at Sophos
...
W32/Socks-D - W32/Socks-D at Sophos
W32/Socks-D is a worm for the Windows platform. W32/Socks-D
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Socks-D copies itself to: <User>\cftmon.exe
<Syste...
Linux/Neox-Gen - Linux/Neox-Gen at Sophos
...
Mal/Agent-H - Mal/Agent-H at Sophos
...
Mal/EncPk-DO - Mal/EncPk-DO at Sophos
Mal/EncPk-DO is an encrypted program with a protection typically used by malware authors.
...
Troj/Agent-GXV - Troj/Agent-GXV at Sophos
...
0 writebacks [05/07/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080505
TROJ_DROPPER.MFZ - TROJ_DROPPER.MFZ at Trend Micro
This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
be downloaded unknowingly by a user when visiting malicious Web sites.It drops its component file and a file
that Trend Micro detects as TSPY_LEGMIR.BAK. It then executes the dropped spyware file. As a result,
malicious rou...
JS/Psyme-IP - JS/Psyme-IP at Sophos
...
Troj/Dwnldr-HCX - Troj/Dwnldr-HCX at Sophos
Troj/Dwnldr-HCX is a Trojan downloader for the Windows platform.
Troj/Dwnldr-HCX has the functionality to: -download a file from preconfigured URL to C:\pc\updater.
exe, then run it. The following registry entry is changed to run updater.exe on startup:
H...
Troj/DwnLdr-HCZ - Troj/DwnLdr-HCZ at Sophos
...
Troj/Poison-W - Troj/Poison-W at Sophos
...
W32/AutoRun-DT - W32/AutoRun-DT at Sophos
W32/AutoRun-DT is a worm for the Windows platform. When first run
W32/AutoRun-DT copies itself to: <Root>\SysInfo2.Dll
<System>\SysInfo.dll and creates the file <Root>\autorun.inf.
The file SysInfo.dll ...
W32/Shahrokh-A - W32/Shahrokh-A at Sophos
When first run W32/Shahrokh-A creates the following files:
<System>\explorer.exe - copy of itself <System>\service.exe - copy of itself
<System>\tmp.exe - copy of itself <Root>\autorun.exe - copy of itself
<System>\autorun.inf...
Troj/Agent-GYE - Troj/Agent-GYE at Sophos
...
Troj/Bagle-TS - Troj/Bagle-TS at Sophos
Troj/Bagle-TS is a Trojan for the Windows platform.
...
Mal/Behav-164 - Mal/Behav-164 at Sophos
...
Troj/Agent-GYD - Troj/Agent-GYD at Sophos
...
0 writebacks [05/06/2008 04:41]
[]
permanent link
|
Virus Malware and Threat News for 20080504
TROJ_SINOWAL.CI - TROJ_SINOWAL.CI at Trend Micro
This Trojan may be dropped by TROJ_SINOWAL.CB.It looks for the bootable drive of the affected system. Once
found, it copies the original Master Boot Record (MBR) and saves it to another location in the hard disk. It
then modifies the MBR by inserting its malicious code. It also saves some of its malicious code in other
portion of the...
Troj/Bckdr-QNI - Troj/Bckdr-QNI at Sophos
...
Troj/Dropr-F - Troj/Dropr-F at Sophos
...
Troj/KillAV-EP - Troj/KillAV-EP at Sophos
...
Troj/RKPush-A - Troj/RKPush-A at Sophos
...
Troj/Rootkit-CJ - Troj/Rootkit-CJ at Sophos
...
Troj/DownLD-Z - Troj/DownLD-Z at Sophos
...
Mal/Encpk-DR - Mal/Encpk-DR at Sophos
...
Troj/Boost-A - Troj/Boost-A at Sophos
...
Troj/Agent-GXZ - Troj/Agent-GXZ at Sophos
...
Troj/Agent-GYA - Troj/Agent-GYA at Sophos
...
0 writebacks [05/05/2008 04:43]
[]
permanent link
|
Virus Malware and Threat News for 20080503
Troj/Agent-GXX - Troj/Agent-GXX at Sophos
...
Troj/Agent-GXY - Troj/Agent-GXY at Sophos
...
Troj/DownLD-Y - Troj/DownLD-Y at Sophos
...
Troj/Agent-GXW - Troj/Agent-GXW at Sophos
Troj/Agent-GXW is a Trojan for the Windows platform. Troj/Agent-GXW
includes functionality to download, install and run new software. When Troj/Agent-GXW
is installed the following files are created: <User>\Application
Data\Microsoft\Network\Downlo...
Troj/BackDr-W - Troj/BackDr-W at Sophos
...
Troj/Banloa-FG - Troj/Banloa-FG at Sophos
Troj/Banloa-FG is a Trojan for the Windows platform. When Troj/Banloa-FG is
installed the following files are created: <System>\DConfig
<System>\IConfig <System>\LConfig <System>\Svcshost.exe
The f...
Troj/Codebank-A - Troj/Codebank-A at Sophos
Troj/Codebank-A is a Trojan for the Windows platform. Troj/Codebank-A
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Codebank-A is installed it creates the file <System>\c0debank-UF.txt.
Troj/...
Troj/DwnLdr-HCW - Troj/DwnLdr-HCW at Sophos
Troj/DwnLdr-HCW is a Trojan for the Windows platform. Troj/DwnLdr-HCW
includes functionality to download, install and run new software. When Troj/DwnLdr-HCW
is installed the following files are created: <System>\wuauclt.exe
<System>...
Troj/MDrop-BSD - Troj/MDrop-BSD at Sophos
...
0 writebacks [05/04/2008 04:45]
[]
permanent link
|
Virus Malware and Threat News for 20080502
Net-Worm:W32/Kolab.QA - Net-Worm:W32/Kolab.QA at F-Secure
Net-Worm:W32/Kolab.QA is an IRC bot.
...
RegistryGreat - RegistryGreat at Norton Symantec
BehaviorRegistryGreat is a misleading application that may give a report of exaggerated registry errors on the
computer....
W32/Sality.ae - W32/Sality.ae at McAfee
W32/Sality.ae is a parasitic virus that infects Win32 PE executable files.Upon execution, it drops the
following files into the Windows system directory:%Windir%\System32\Hdaudprop.dll
%Windir%\System32\Hdaudpropres.dll %Windir%\System32\Hdaudpropshortcut.exe %Windir%\System32\drivers\Hdaudbus.
sys%Windir%\System32\drivers\Hdaudio.sys...
TROJ_NUWAR.ABK - TROJ_NUWAR.ABK at Trend Micro
This Trojan arrives as attachment to email messages spammed by another malware or a malicious user. It may
also be downloaded from remote sites by other malware.Upon execution, it drops a copy of itself. It then
registers itself as a system service to ensure its automatic execution at every system startup. It does this
by creating ...
BKDR_SINOWAL.CF - BKDR_SINOWAL.CF at Trend Micro
This backdoor may be dropped by TROJ_SINOWAL.CB.It looks for the bootable drive of the affected system. Once
found, it copies the original Master Boot Record (MBR) and saves it to another location in the hard disk. It
then modifies the MBR by inserting its malicious code. It also saves some of its malicious code in other
portion of t...
JS_AFIR.A - JS_AFIR.A at Trend Micro
This obfuscated JavaScript (JS) malware is hosted in compromised sites.Once users access one of these
compromised sites, it then redirects them to a certain Web site to download a file detected by Trend Micro as
TROJ_SINOWAL.CB. The said Trojan, in turn, downloads another malware, which Trend Micro detects as
BKDR_SINOWAL.CF. This J...
Mal/Sality-A - Mal/Sality-A at Sophos
Mal/Sality-A is a file infected by the Sality family of viruses.
...
Troj/Dorf-BG - Troj/Dorf-BG at Sophos
When first run Troj/Dorf-BG copies itself to <Windows>\kavir.exe. The
following registry entry is created to run kavir.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run kavir <Windows>\kavir.
exe...
Troj/Mdrop-BSC - Troj/Mdrop-BSC at Sophos
Troj/Mdrop-BSC drops and runs a file detected as Troj/LegMir-ART.
...
Mal/RootKit-C - Mal/RootKit-C at Sophos
...
Troj/Agent-GXT - Troj/Agent-GXT at Sophos
...
Troj/Agent-GXU - Troj/Agent-GXU at Sophos
Troj/Agent-GXU drops Troj/Agent-GUE. Troj/Agent-GXU when run drops the
following files: <Windows>\worldevents.wmv <Windows>\wm.exe
The file wm.exe is detected as Troj/Agent-GUE.
...
Troj/LegMir-ART - Troj/LegMir-ART at Sophos
Troj/LegMir-ART is a Trojan for the Windows platform. Troj/LegMir-ART
attempts to steal information relating to online games. When first run Troj/LegMir-ART
copies itself to <Windows>\help\B41346EFA848.exe and creates the following files:
<Root&...
Troj/RKDrop-A - Troj/RKDrop-A at Sophos
Troj/RKDrop-A is a Trojan for the Windows platform. When Troj/RKDrop-A is
installed the following files are created: <Temp>\_it.bat
<System>\drivers\qandr.sys The file qandr.sys is detected as Mal/Rootkit-C. The
file _it.bat can sa...
Troj/VB-DZM - Troj/VB-DZM at Sophos
Troj/VB-DZM is a Trojan for the Windows platform. When Troj/VB-DZM is
installed the following files are created: <Windows>\Config\csrss.exe
<System>\mswinsck.ocx crss.exe is also detected as Troj/VB-DZM.
The...
Mal/EncPk-DQ - Mal/EncPk-DQ at Sophos
...
0 writebacks [05/03/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080501
W32.Bassyl!inf - W32.Bassyl!inf at Norton Symantec
W32.Bassyl!inf is a detection for infected files that drop other malicious files during execution.
...
TROJ_NUWAR.AT - TROJ_NUWAR.AT at Trend Micro
This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
be downloaded unknowingly by a user when visiting malicious Web sites.It drops copies of itself.It registers
itself as a system service to ensure its automatic execution at every system startup. It does this by creating
regist...
Troj/PorpUp-A - Troj/PorpUp-A at Sophos
...
VBS/Lurch-B - VBS/Lurch-B at Sophos
VBS-Lurch-B creates the following registry value to start itself:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
System...
Mal/Behav-225 - Mal/Behav-225 at Sophos
Mal/Behav-225 is a malicious program for the Windows platform. Detection
for members of Mal/Behav-225 is behavior based. It is extremely important that customers report detections of
Mal/Behav-225 to Sophos and send a sample for analysis.
...
Mal/Keylog-F - Mal/Keylog-F at Sophos
...
Troj/Agent-GKW - Troj/Agent-GKW at Sophos
...
Troj/Agent-GSZ - Troj/Agent-GSZ at Sophos
...
Troj/Inject-CI - Troj/Inject-CI at Sophos
Troj/Inject-CI runs an embedded executable by injecting the embedded code into its own process.
...
Troj/Merc-A - Troj/Merc-A at Sophos
...
Troj/SuxBD-Gen - Troj/SuxBD-Gen at Sophos
...
Troj/Goldun-GF - Troj/Goldun-GF at Sophos
Troj/Goldun-GF is a Trojan for the Windows platform. When Troj/Goldun-GF is
installed the following files are created: <System>\divxps.dll - Mal/HckPk-E
<System>\klite.sys - Troj/Goldun-GF The following registry entries are
created...
0 writebacks [05/02/2008 04:42]
[]
permanent link
|
Virus Malware and Threat News for 20080430
Trojan:SymbOS/Flocker - Trojan:SymbOS/Flocker at F-Secure
Trojan:SymbOS/Flocker.A is malware affecting Symbian S60 2nd Edition phones that are running an implementation
of Python....
W32.Zatyudi.A - W32.Zatyudi.A at Norton Symantec
W32.Zatyudi.A is a worm that copies itself to network shares and removable drives.
...
AntiSpywareMaster - AntiSpywareMaster at Norton Symantec
BehaviorAntiSpywareMaster is a misleading application that may give exaggerated reports of threats on the
computer....
Trojan.Garntet - Trojan.Garntet at Norton Symantec
Trojan.Garntet is a Trojan horse that downloads potentially malicious code and opens a back door on the
compromised computer.
...
PWS-FerTP - PWS-FerTP at McAfee
When executed, PWS-FerFTP retrieves FTP account details saved by the following applications, if installed:FAR
ManagerGlobalScape CuteFTPGhisler Total CommanderIt also switches the first network adapter found to
promiscuous mode and save every FTP account transiting through the network.PWS-FerFTP connects to each FTP
account and looks...
WORM_AUTORUN.BSG - WORM_AUTORUN.BSG at Trend Micro
This worm may be downloaded from remote sites by other malware.It may be downloaded unknowingly by a user when
visiting malicious Web sites.It drops copies of itself in all physical drives.It drops copies of itself in all
removable drives.It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are
accesse...
Troj/Agent-GXN - Troj/Agent-GXN at Sophos
When first run Troj/Agent-GXN copies itself to: <User>\cftmon.exe
<System>\drivers\spools.exe and creates the following files:
<User>\ftp34.dll - also detected as Troj/Agent-GXN <System>\ftp34.dll - also
dete...
Troj/Iframe-AB - Troj/Iframe-AB at Sophos
...
Troj/Agent-GXK - Troj/Agent-GXK at Sophos
...
Troj/Agent-GXL - Troj/Agent-GXL at Sophos
Troj/Agent-GXL is a Trojan for the Windows platform. Troj/Agent-GXL
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Agent-GXL is installed the following files may be created:
<System>\ntos.exe ...
Troj/Agent-GXM - Troj/Agent-GXM at Sophos
Troj/Agent-GXM is a Trojan for the Windows platform. Troj/Agent-GXM spreads
to other network computers. Troj/Agent-GXM includes functionality to access the
internet and communicate with a remote server via HTTP. When first run Troj/Agent-GXM
copies itsel...
Troj/Dorf-BH - Troj/Dorf-BH at Sophos
When first run Troj/Dorf-BH copies itself to <Windows>\kavir.exe. The
following registry entry is created to run kavir.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run kavir <Windows>\kavir.
exe...
Troj/DownLD-X - Troj/DownLD-X at Sophos
...
Troj/MatSK-Gen - Troj/MatSK-Gen at Sophos
...
Troj/ZlobDr-G - Troj/ZlobDr-G at Sophos
Troj/ZlobDr-G is a Trojan for the Windows platform. When Troj/ZlobDr-G is
installed the following files are created: <Windows>\afxlspw.dll
<Windows>\bfrgnos.dll <Windows>\dat.txt <Windows>\dwrmntsklr.dll or
<Windows&g...
0 writebacks [05/01/2008 04:41]
[]
permanent link
|
|
| March 2010 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
1 |
2 |
3 |
4 |
5 |
6 |
| 7 |
8 |
9 |
10 |
11 |
12 |
13 |
| 14 |
15 |
16 |
17 |
18 |
19 |
20 |
| 21 |
22 |
23 |
24 |
25 |
26 |
27 |
| 28 |
29 |
30 |
31 |
|
|
|
Rss version
|
