MWBLOG.ORG

Virus Malware and Threat News for 20081230

Trojan.Downexec.C!inf

- Trojan.Downexec.C!inf at Norton Symantec

Trojan.Downexec.C!inf is a detection for files infected by Trojan.Downexec.C.
...

Infostealer.Tremzi

- Infostealer.Tremzi at Norton Symantec

Infostealer.Tremzi is a generic detection for polymorphic Trojan .dll files.
...

Troj/AdClick-FH

- Troj/AdClick-FH at Sophos

Troj/AdClick-FH is a Trojan for the Windows platform. Troj/AdClick-FH
copies itself to the system folder as prunnet.exe and adds registry entries under
HKLM\Software\Microsoft\CurrentVersion\Run\prunnet
HKCU\Software\Microsoft\CurrentVersion\Run\prunnet
HKLM\SO...

Troj/MDrop-BUY

- Troj/MDrop-BUY at Sophos

...

Troj/Tidola-Gen

- Troj/Tidola-Gen at Sophos

...

Troj/Dloadr-CDP

- Troj/Dloadr-CDP at Sophos

...

Troj/Dloadr-CDQ

- Troj/Dloadr-CDQ at Sophos

...

Troj/Drop-Q

- Troj/Drop-Q at Sophos

...

Troj/FakeVir-IV

- Troj/FakeVir-IV at Sophos

...

W32/Waled-D

- W32/Waled-D at Sophos

W32/Waled-D is a worm for the Windows platform. W32/Waled-D includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client. The worm creates the following registry values to run itself on
Windows start...

Mal/Armada-A

- Mal/Armada-A at Sophos

Mal/Armada-A is a Trojan which may gather system information and send it to a remote attacker.
...

Troj/Agent-IMG

- Troj/Agent-IMG at Sophos

Troj/Agent-IMG is a Trojan for the Windows platform. Troj/Agent-IMG runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/Agent-IMG copies itself
to <...

Exploit:SymbOS/SMSCurse.A

- Exploit:SymbOS/SMSCurse.A at F-Secure

Exploit:/SymbOS/SMSCurse.A is a Denial-of-Service (DoS) exploit that affects messaging components of phones
that use Symbian Series 60 versions 2.6, 2.8, 3.0, 3.1, and Sony Ericsson UiQ devices. When the exploit
crashes SMS messaging on a phone, the phone remains otherwise completely functional. The only effect is that
it cannot rec...

W32.Downadup.B

- W32.Downadup.B at Norton Symantec

W32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote
Code Execution Vulnerability (BID 31874). It also attempts to spread to network shares protected by weak
passwords and blocks access to security-related Web sites.
...

Trojan.Downexec.C

- Trojan.Downexec.C at Norton Symantec

Trojan.Downexec.C is a Trojan horse that may download files and steal information from the compromised
computer....

WORM_DOWNAD.AD

- WORM_DOWNAD.AD at Trend Micro

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
arrive bundled with malware packages as a malware component.It drops copies of itself. This technique prevents
dropping of several copies of itself on already affected systems. It also locks its dropped copy to prevent
users fro...

Troj/Agent-IMR

- Troj/Agent-IMR at Sophos

...

Troj/Agent-IMS

- Troj/Agent-IMS at Sophos

...

Troj/Agent-IMT

- Troj/Agent-IMT at Sophos

...

Troj/FakeVir-IZ

- Troj/FakeVir-IZ at Sophos

...

Troj/Renos-CF

- Troj/Renos-CF at Sophos

Troj/Renos-CF is a Trojan for the Windows platform. When run Troj/Renos-CF
creates the file <System>\msxml71.dll (detected as Troj/Renos-CF) and creates the following registry
entries: HKCR\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\InprocServer32
...

W32/Confick-C

- W32/Confick-C at Sophos

...

Troj/Agent-IMO

- Troj/Agent-IMO at Sophos

...

Troj/Agent-IMQ

- Troj/Agent-IMQ at Sophos

...

Troj/BHO-IY

- Troj/BHO-IY at Sophos

...

Troj/Dloadr-CDU

- Troj/Dloadr-CDU at Sophos

...

0 writebacks [12/31/2008 05:43] [] permanent link

Virus Malware and Threat News for 20081229

Packed.Generic.118

- Packed.Generic.118 at Norton Symantec

Packed.Generic.118 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Troj/Agent-IMB

- Troj/Agent-IMB at Sophos

...

Troj/Bypass-E

- Troj/Bypass-E at Sophos

Troj/Bypass-E is a Trojan for the Windows platform. When run Troj/Bypass-E
creates the file <System>\<random characters>.dll (detected as Troj/Virtum-Gen).
Troj/Bypass-E subsequently registers the DLL as a BHO creating registry entries under:
...

Troj/Agent-ILZ

- Troj/Agent-ILZ at Sophos

...

Troj/Agent-IMA

- Troj/Agent-IMA at Sophos

...

Troj/Boaxxe-I

- Troj/Boaxxe-I at Sophos

...

Troj/Daolno-A

- Troj/Daolno-A at Sophos

...

Troj/DownLnk-C

- Troj/DownLnk-C at Sophos

...

Troj/IRCBot-ZI

- Troj/IRCBot-ZI at Sophos

Troj/IRCBot-ZI is a Trojan for the Windows platform. Troj/IRCBot-ZI runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/IRCBot-ZI copies itself
to <...

Troj/Agent-ILY

- Troj/Agent-ILY at Sophos

...

Troj/PWS-AXE

- Troj/PWS-AXE at Sophos

...

Trojan.Downexec.C!inf

- Trojan.Downexec.C!inf at Norton Symantec

Trojan.Downexec.C!inf is a detection for files infected by Trojan.Downexec.C.
...

Infostealer.Tremzi

- Infostealer.Tremzi at Norton Symantec

Infostealer.Tremzi is a generic detection for polymorphic Trojan .dll files.
...

Troj/AdClick-FH

Troj/MDrop-BUY

- Troj/MDrop-BUY at Sophos

...

Troj/Tidola-Gen

- Troj/Tidola-Gen at Sophos

...

Troj/Dloadr-CDP

- Troj/Dloadr-CDP at Sophos

...

Troj/Dloadr-CDQ

- Troj/Dloadr-CDQ at Sophos

...

Troj/Drop-Q

- Troj/Drop-Q at Sophos

...

Troj/FakeVir-IV

- Troj/FakeVir-IV at Sophos

...

W32/Waled-D

Mal/Armada-A

- Mal/Armada-A at Sophos

Mal/Armada-A is a Trojan which may gather system information and send it to a remote attacker.
...

Troj/Agent-IMG

0 writebacks [12/30/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081228

Troj/Agent-ILV

- Troj/Agent-ILV at Sophos

...

Troj/PWS-AXD

- Troj/PWS-AXD at Sophos

...

Troj/DownLnk-A

- Troj/DownLnk-A at Sophos

Troj/DownLnk-A is a Windows Shortcut (.lnk) file which executes a command prompt with paramaters
to download and execute a file from the internet.
...

Troj/Waled-C

- Troj/Waled-C at Sophos

Troj/Waled-C is a backdoor Trojan for the Windows platform. When run
Troj/Waled-C sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PromoReg <path to Trojan
executable>
...

Troj/PSW-GG

- Troj/PSW-GG at Sophos

Troj/PSW-GG is a Trojan for the Windows platform. When run Troj/PSW-GG
creates the files: <Windows>\help\<random characters 1>.dll - detected as Troj/PSW-GG
<Windows>\help\<random characters 2>.dll - detected as Troj/PSW-GG
and set...

Packed.Generic.118

- Packed.Generic.118 at Norton Symantec

Packed.Generic.118 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Troj/Agent-IMB

- Troj/Agent-IMB at Sophos

...

Troj/Bypass-E

Troj/Agent-ILZ

- Troj/Agent-ILZ at Sophos

...

Troj/Agent-IMA

- Troj/Agent-IMA at Sophos

...

Troj/Boaxxe-I

- Troj/Boaxxe-I at Sophos

...

Troj/Daolno-A

- Troj/Daolno-A at Sophos

...

Troj/DownLnk-C

- Troj/DownLnk-C at Sophos

...

Troj/IRCBot-ZI

Troj/Agent-ILY

- Troj/Agent-ILY at Sophos

...

Troj/PWS-AXE

- Troj/PWS-AXE at Sophos

...

0 writebacks [12/29/2008 05:57] [] permanent link

Virus Malware and Threat News for 20081227

W32/Waledac

- W32/Waledac at McAfee

Note: Detection for this threat is available as Generic.dx from DAT version 5475. This threat will be detected
as W32/Waledec from DAT version 5478.A spammed message containing an attachment "ecard.exe" arrives
with the following subject lines:Free christmas Ecards Christmas card from a friend Merry Xmas!Given below is
a sc...

TROJ_BANKER.DPX

- TROJ_BANKER.DPX at Trend Micro

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by
users when visiting malicious sites.It monitors the Internet Explorer (IE) activities of the affected system,
specifically the title bar. It recreates a legitimate Web site with a spoofed login page if a user visits
banking sites...

TROJ_ZBOT.ACY

- TROJ_ZBOT.ACY at Trend Micro

This Trojan arrives as a file downloaded from the URL. Upon execution, this malware drops a copy of itself in
the system folder and appends garbage code to the dropped copy to avoid easy detection. It creates the folder
with its attributes set to system and hidden to prevent users from discovering and removing its components. It
cre...

Emogen.B

- Emogen.B at Panda

It is designed to connect to a remote server through which the computer can be remotely controlled
by an attacking user. It does not spread automatically by its own means.
...

Troj/Bckdr-QOZ

- Troj/Bckdr-QOZ at Sophos

Troj/Bckdr-QOZ is a Trojan for the Windows platform. When Troj/Bckdr-QOZ is
installed it creates the file <System>\jomoruho. This file is not malicious and may be deleted.
Troj/Bckdr-QOZ sets the following registry entries, disabling the automatic startup of other
softwa...

VBS/Autorun-ST

- VBS/Autorun-ST at Sophos

VBS/Autorun-ST is a Trojan downloader for the Windows platform.
...

W32/Autorun-SU

- W32/Autorun-SU at Sophos

W32/Autorun-SU is a worm for the Windows platform. W32/Autorun-SU spreads
to other network computers. W32/Autorun-SU includes functionality to access the
internet and communicate with a remote server via HTTP. When first run W32/Autorun-SU
copies itself ...

W32/VB-DOC

- W32/VB-DOC at Sophos

W32/VB-DOC is a worm for the Windows platform. When executed the worm
copies itself to: <Windows>\SYSTEMIL.EXE <Documents and
Settings>\user\Start Menu\Programs\Startup\SYSTEMIL1.EXE <Documents and Settings>\All
Users\Start Menu\Programs...

W32/Waled-B

- W32/Waled-B at Sophos

W32/Waled-B is a worm for the Windows platform. W32/Waled-B includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client. The worm creates the following registry values to run itself on
Windows start...

Troj/AdClick-FG

- Troj/AdClick-FG at Sophos

...

Troj/Agent-HLE

- Troj/Agent-HLE at Sophos

...

Troj/Agent-HLO

- Troj/Agent-HLO at Sophos

...

Troj/FakeVir-IU

- Troj/FakeVir-IU at Sophos

...

Troj/Agent-ILV

- Troj/Agent-ILV at Sophos

...

Troj/PWS-AXD

- Troj/PWS-AXD at Sophos

...

Troj/DownLnk-A

- Troj/DownLnk-A at Sophos

Troj/DownLnk-A is a Windows Shortcut (.lnk) file which executes a command prompt with paramaters
to download and execute a file from the internet.
...

Troj/Waled-C

Troj/PSW-GG

0 writebacks [12/28/2008 05:51] [] permanent link

Virus Malware and Threat News for 20081226

W32.Grenail.B!inf

- W32.Grenail.B!inf at Norton Symantec

W32.Grenail.B!inf is a detection for files infected to run other threats when executed.
...

W32/AutoRun-SS

- W32/AutoRun-SS at Sophos

...

W32/Frethog-A

- W32/Frethog-A at Sophos

...

W32/Sybamed-A

- W32/Sybamed-A at Sophos

...

Troj/Dload-CY

- Troj/Dload-CY at Sophos

...

Troj/DwnLdr-HMC

- Troj/DwnLdr-HMC at Sophos

...

Troj/FakeVir-IT

- Troj/FakeVir-IT at Sophos

...

Troj/PWS-AXC

- Troj/PWS-AXC at Sophos

...

Troj/SWFexp-G

- Troj/SWFexp-G at Sophos

Troj/SWFexp-G is a Trojan that exploits a vulnerability in Adobe Flash Player (CVE-2007-0071) to
download and run further malware from the internet
...

W32/Kriptik-A

- W32/Kriptik-A at Sophos

W32/Kriptik-A is a worm for the Windows platform. W32/Kriptik-A includes
functionality to access the internet and communicate with a remote server via HTTP.
When W32/Kriptik-A is installed the following files are created: <Root>\autorun.
inf ...

Troj/AdClick-FF

- Troj/AdClick-FF at Sophos

...

W32/Waledac

TROJ_BANKER.DPX

TROJ_ZBOT.ACY

Emogen.B

- Emogen.B at Panda

It is designed to connect to a remote server through which the computer can be remotely controlled
by an attacking user. It does not spread automatically by its own means.
...

Troj/Bckdr-QOZ

VBS/Autorun-ST

- VBS/Autorun-ST at Sophos

VBS/Autorun-ST is a Trojan downloader for the Windows platform.
...

W32/Autorun-SU

W32/VB-DOC

W32/Waled-B

Troj/AdClick-FG

- Troj/AdClick-FG at Sophos

...

Troj/Agent-HLE

- Troj/Agent-HLE at Sophos

...

Troj/Agent-HLO

- Troj/Agent-HLO at Sophos

...

Troj/FakeVir-IU

- Troj/FakeVir-IU at Sophos

...

0 writebacks [12/27/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081225

Email-Worm:W32/Waledac.A

- Email-Worm:W32/Waledac.A at F-Secure

This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing
networks....

BackDoor-DSG.dldr

- BackDoor-DSG.dldr at McAfee

BackDoor-DSG.dldr is currently being spammed and arrives as a zipped email attachment.Upon execution,
the trojan downloads a file from the remote site:http://217.13.[removed]/img/media/update/irs_efill.phpThe
downloaded files are copied to the following locations: %WinDir%\inf\svchost.exe (BackDoor-DSG
trojan) %Wi...

Downloader-BLF

- Downloader-BLF at McAfee

Upon execution, the trojan drops the following files:%System%\msansspc.dll (identical to the
original file except the file is an dll)%Windir%\wiaservb.logIt adds msansspc.dll to the following registry
entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProvidersIt injects
malicious ...

Exp/MS04-028

- Exp/MS04-028 at Sophos

Exp/MS04-028 detects Jpeg files which exploit a vulnerability in "GDIPLUS.DLL" used
for Jpeg parsing in many Windows applications. When vulnerable applications read the
Jpeg file they will crash and may execute malicious code. A full list of vulnerable applications is
availab...

Troj/Dloadr-CDO

- Troj/Dloadr-CDO at Sophos

When run Troj/Dloadr-CDO copies itself to <System>\prunnet.exe. The
following registry entries are created by Troj/Dloadr-CDO:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet <System>\prunnet.exe
HKCU\Software\Microsoft\...

Troj/FakeAV-HS

- Troj/FakeAV-HS at Sophos

...

Troj/YahooSpy-D

- Troj/YahooSpy-D at Sophos

Troj/YahooSpy-D attempts to steal information from Yahoo Messenger and send it to a preconfigured
email address.
...

Troj/Zbot-BB

- Troj/Zbot-BB at Sophos

...

W32/Zbot-BA

- W32/Zbot-BA at Sophos

...

W32/Zbot-BB

- W32/Zbot-BB at Sophos

...

W32/Zbot-BQ

- W32/Zbot-BQ at Sophos

...

Troj/Agent-HII

- Troj/Agent-HII at Sophos

...

W32.Grenail.B!inf

- W32.Grenail.B!inf at Norton Symantec

W32.Grenail.B!inf is a detection for files infected to run other threats when executed.
...

W32/AutoRun-SS

- W32/AutoRun-SS at Sophos

...

W32/Frethog-A

- W32/Frethog-A at Sophos

...

W32/Sybamed-A

- W32/Sybamed-A at Sophos

...

Troj/Dload-CY

- Troj/Dload-CY at Sophos

...

Troj/DwnLdr-HMC

- Troj/DwnLdr-HMC at Sophos

...

Troj/FakeVir-IT

- Troj/FakeVir-IT at Sophos

...

Troj/PWS-AXC

- Troj/PWS-AXC at Sophos

...

Troj/SWFexp-G

- Troj/SWFexp-G at Sophos

Troj/SWFexp-G is a Trojan that exploits a vulnerability in Adobe Flash Player (CVE-2007-0071) to
download and run further malware from the internet
...

W32/Kriptik-A

Troj/AdClick-FF

- Troj/AdClick-FF at Sophos

...

0 writebacks [12/26/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081224

Trojan-Downloader:W32/Banload.FVQ

- Trojan-Downloader:W32/Banload.FVQ at F-Secure

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the
files....

Trojan-Spy:W32/Banbra.RM

- Trojan-Spy:W32/Banbra.RM at F-Secure

This type of trojan secretly installs spy programs and/or keylogger programs.
...

W32.Imaut.E

- W32.Imaut.E at Norton Symantec

W32.Imaut.E is a worm that attempts to spread through instant messaging clients. It also spreads through
mapped drives and network shares. The worm may also download files on to the compromised computer.
...

W32.Waledac

- W32.Waledac at Norton Symantec

W32.Waledac is a worm that spreads by sending copies of itself by email. It also opens a back door on the
compromised computer.
...

Exploit-XMLhttp.d.gen

- Exploit-XMLhttp.d.gen at McAfee

Exploit-XMLhttp.d.gen is a generic detection for a vulnerability in Internet Explorer that has been patched by
Microsoft in MS08-78 bulletin.
...

TROJ_GENETIK.TI

- TROJ_GENETIK.TI at Trend Micro

This Trojan may be downloaded from certain remote sites.Links to the above sites may be contained in
mass-mailed e-mail messages. The said messages may have the several specified subject lines.It adds multiple
entries to the Windows Registry. One of these added entries allows it to run at every system startup.
...

MoonLight.V

- MoonLight.V at Panda

Its main objective is to spread through peer-to-peer (P2P) file sharing programs and email. It reaches the
computer in a file which has the default icon of a Windows folder.
...

Mal/TibsPk-A

- Mal/TibsPk-A at Sophos

Mal/TibsPk-A is a malicious program.
...

Troj/Agent-ILU

- Troj/Agent-ILU at Sophos

...

Troj/FakeVir-IS

- Troj/FakeVir-IS at Sophos

...

Troj/Zbot-BO

- Troj/Zbot-BO at Sophos

...

Troj/Dloadr-CDM

- Troj/Dloadr-CDM at Sophos

...

Troj/PWS-AWZ

- Troj/PWS-AWZ at Sophos

...

Troj/Zlob-ALW

- Troj/Zlob-ALW at Sophos

...

Troj/Agent-ILR

- Troj/Agent-ILR at Sophos

...

Troj/Agent-ILS

- Troj/Agent-ILS at Sophos

...

Troj/Agent-ILT

- Troj/Agent-ILT at Sophos

...

Email-Worm:W32/Waledac.A

- Email-Worm:W32/Waledac.A at F-Secure

This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing
networks....

BackDoor-DSG.dldr

Downloader-BLF

Exp/MS04-028

Troj/Dloadr-CDO

Troj/FakeAV-HS

- Troj/FakeAV-HS at Sophos

...

Troj/YahooSpy-D

- Troj/YahooSpy-D at Sophos

Troj/YahooSpy-D attempts to steal information from Yahoo Messenger and send it to a preconfigured
email address.
...

Troj/Zbot-BB

- Troj/Zbot-BB at Sophos

...

W32/Zbot-BA

- W32/Zbot-BA at Sophos

...

W32/Zbot-BB

- W32/Zbot-BB at Sophos

...

W32/Zbot-BQ

- W32/Zbot-BQ at Sophos

...

Troj/Agent-HII

- Troj/Agent-HII at Sophos

...

0 writebacks [12/25/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081223

Backdoor:W32/Agent.IFX

- Backdoor:W32/Agent.IFX at F-Secure

Backdoors are Remote Administration Tools (RAT) that expose infected machines to external control via the
Internet....

Trojan.Gimfan.A

- Trojan.Gimfan.A at Norton Symantec

Trojan.Gimfan.A is a Trojan horse that exploits the Microsoft Windows Server Service RPC Handling Remote Code
Execution Vulnerability (BID 31874) in order to download a file on to the compromised computer.
...

Autorun.AOL

- Autorun.AOL at Panda

It spreads exploiting the vulnerability called MS04-011, across networks and through removable drives. It has
backdoor characteristics, as it attempts to connect to an IRC channel in order to receive remote instructions.
...

Troj/Agent-ILO

- Troj/Agent-ILO at Sophos

...

Troj/Banker-EKT

- Troj/Banker-EKT at Sophos

Troj/Banker-EKT is a Trojan for the Windows platform. Troj/Banker-EKT will
attempt to harness confidential banking login information and send them to a remote location via SMTP.
...

Troj/Dload-CR

- Troj/Dload-CR at Sophos

...

Troj/Dropr-AR

- Troj/Dropr-AR at Sophos

...

Troj/DwnLdr-HMB

- Troj/DwnLdr-HMB at Sophos

Troj/DwnLdr-HMB is a downloader Trojan for the Windows platform.
...

W32/IRCBot-XA

- W32/IRCBot-XA at Sophos

W32/IRCBot-XA is a worm for the Windows program. W32/IRCBot-XA can be used
in DDoS attacks and can spread when instructed to exploit network accessible systems.
When first run, W32/IRCBot-XA moves itself to: <Windows>\system\msddll.exe
...

Troj/Dloadr-BYA

- Troj/Dloadr-BYA at Sophos

...

Troj/AdClick-EZ

- Troj/AdClick-EZ at Sophos

Troj/AdClick-EZ is a Trojan for the Windows platform. Troj/AdClick-EZ
includes functionality to access the internet and communicate with a remote server via HTTP.
The following registry entry is created to run Troj/AdClick-EZ on startup:
HKLM\SOFTWARE\Mi...

Troj/Bckdr-QMY

- Troj/Bckdr-QMY at Sophos

When run Troj/Bckdr-QMY copies itself to <System>\algs.exe The
following registry entry is created to run Troj/Bckdr-QMY on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Application Layer Gateway Service
<System>\algs.exe...

Trojan-Downloader:W32/Banload.FVQ

- Trojan-Downloader:W32/Banload.FVQ at F-Secure

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the
files....

Trojan-Spy:W32/Banbra.RM

- Trojan-Spy:W32/Banbra.RM at F-Secure

This type of trojan secretly installs spy programs and/or keylogger programs.
...

W32.Imaut.E

W32.Waledac

- W32.Waledac at Norton Symantec

W32.Waledac is a worm that spreads by sending copies of itself by email. It also opens a back door on the
compromised computer.
...

Exploit-XMLhttp.d.gen

- Exploit-XMLhttp.d.gen at McAfee

Exploit-XMLhttp.d.gen is a generic detection for a vulnerability in Internet Explorer that has been patched by
Microsoft in MS08-78 bulletin.
...

TROJ_GENETIK.TI

MoonLight.V

Mal/TibsPk-A

- Mal/TibsPk-A at Sophos

Mal/TibsPk-A is a malicious program.
...

Troj/Agent-ILU

- Troj/Agent-ILU at Sophos

...

Troj/FakeVir-IS

- Troj/FakeVir-IS at Sophos

...

Troj/Zbot-BO

- Troj/Zbot-BO at Sophos

...

Troj/Dloadr-CDM

- Troj/Dloadr-CDM at Sophos

...

Troj/PWS-AWZ

- Troj/PWS-AWZ at Sophos

...

Troj/Zlob-ALW

- Troj/Zlob-ALW at Sophos

...

Troj/Agent-ILR

- Troj/Agent-ILR at Sophos

...

Troj/Agent-ILS

- Troj/Agent-ILS at Sophos

...

Troj/Agent-ILT

- Troj/Agent-ILT at Sophos

...

0 writebacks [12/24/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081222

Danmec.b

- Danmec.b at McAfee

Upon execution, the trojan copies itself to the following locations:%system%\svchotjp.exeIt adds the
following registry value to be executed at system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "svchotjp.
exe"="%system%\svchotjp.exe"It adds the following registry values to...

Troj/IRCBot-WD

- Troj/IRCBot-WD at Sophos

...

W32/AutoInf-P

- W32/AutoInf-P at Sophos

W32/AutoInf-P is a worm for the Windows platform.
...

Troj/Agent-IJC

- Troj/Agent-IJC at Sophos

...

Troj/Renos-CC

- Troj/Renos-CC at Sophos

...

Troj/Dload-CE

- Troj/Dload-CE at Sophos

...

Troj/Dropr-AP

- Troj/Dropr-AP at Sophos

...

Troj/Dropr-AQ

- Troj/Dropr-AQ at Sophos

...

W32/Sohana-AW

- W32/Sohana-AW at Sophos

...

Troj/Agent-IGI

- Troj/Agent-IGI at Sophos

...

Troj/PWS-AWW

- Troj/PWS-AWW at Sophos

...

Backdoor:W32/Agent.IFX

- Backdoor:W32/Agent.IFX at F-Secure

Backdoors are Remote Administration Tools (RAT) that expose infected machines to external control via the
Internet....

Trojan.Gimfan.A

Autorun.AOL

Troj/Agent-ILO

- Troj/Agent-ILO at Sophos

...

Troj/Banker-EKT

Troj/Dload-CR

- Troj/Dload-CR at Sophos

...

Troj/Dropr-AR

- Troj/Dropr-AR at Sophos

...

Troj/DwnLdr-HMB

- Troj/DwnLdr-HMB at Sophos

Troj/DwnLdr-HMB is a downloader Trojan for the Windows platform.
...

W32/IRCBot-XA

Troj/Dloadr-BYA

- Troj/Dloadr-BYA at Sophos

...

Troj/AdClick-EZ

Troj/Bckdr-QMY

0 writebacks [12/23/2008 05:46] [] permanent link

Virus Malware and Threat News for 20081221

Troj/PWS-AWV

- Troj/PWS-AWV at Sophos

...

Troj/Waled-A

- Troj/Waled-A at Sophos

...

Troj/Agent-IIG

- Troj/Agent-IIG at Sophos

...

Troj/Agent-IIL

- Troj/Agent-IIL at Sophos

...

Troj/Agent-IIZ

- Troj/Agent-IIZ at Sophos

...

Troj/Agent-IJB

- Troj/Agent-IJB at Sophos

...

Troj/Renos-CB

- Troj/Renos-CB at Sophos

...

W32/Autorun-SP

- W32/Autorun-SP at Sophos

...

W32/Lame-B

- W32/Lame-B at Sophos

...

W32/P2P-B

- W32/P2P-B at Sophos

When first run, W32/P2P-B copies itself to the following location:
<Program Files>\p2pmax\p2pmax.exe W32/P2P-B will connect to a website holding a
list of files with names designed to be attractive to filesharers. Repeated attempts are made to download
these files. ...

Danmec.b

Troj/IRCBot-WD

- Troj/IRCBot-WD at Sophos

...

W32/AutoInf-P

- W32/AutoInf-P at Sophos

W32/AutoInf-P is a worm for the Windows platform.
...

Troj/Agent-IJC

- Troj/Agent-IJC at Sophos

...

Troj/Renos-CC

- Troj/Renos-CC at Sophos

...

Troj/Dload-CE

- Troj/Dload-CE at Sophos

...

Troj/Dropr-AP

- Troj/Dropr-AP at Sophos

...

Troj/Dropr-AQ

- Troj/Dropr-AQ at Sophos

...

W32/Sohana-AW

- W32/Sohana-AW at Sophos

...

Troj/Agent-IGI

- Troj/Agent-IGI at Sophos

...

Troj/PWS-AWW

- Troj/PWS-AWW at Sophos

...

0 writebacks [12/22/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081220

Troj/PDFJs-B

- Troj/PDFJs-B at Sophos

...

Troj/PWS-AWV

- Troj/PWS-AWV at Sophos

...

Troj/Waled-A

- Troj/Waled-A at Sophos

...

Troj/Agent-IIG

- Troj/Agent-IIG at Sophos

...

Troj/Agent-IIL

- Troj/Agent-IIL at Sophos

...

Troj/Agent-IIZ

- Troj/Agent-IIZ at Sophos

...

Troj/Agent-IJB

- Troj/Agent-IJB at Sophos

...

Troj/Renos-CB

- Troj/Renos-CB at Sophos

...

W32/Autorun-SP

- W32/Autorun-SP at Sophos

...

W32/Lame-B

- W32/Lame-B at Sophos

...

W32/P2P-B

0 writebacks [12/21/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081219

Trojan-Dropper:W32/Ambler.D

- Trojan-Dropper:W32/Ambler.D at F-Secure

This type of trojan contains one or more malicious programs, which it will secretly install and execute.
...

Trojan-Spy:W32/Ambler.C

- Trojan-Spy:W32/Ambler.C at F-Secure

This type of trojan secretly installs spy programs and/or keylogger programs.
...

JS.Downloader.B

- JS.Downloader.B at Norton Symantec

JS.Downloader.B is a generic detection for a javascript that exploits a vulnerability to download files.
...

Bloodhound.Exploit.218

- Bloodhound.Exploit.218 at Norton Symantec

Bloodhound.Exploit.218 is a heuristic detection for files which exploit Microsoft Word Malformed Value Remote
Code Execution Vulnerability (BID 32583).
...

Bloodhound.Exploit.216

- Bloodhound.Exploit.216 at Norton Symantec

Bloodhound.Exploit.216 is a heuristic detection for files that exploit the Microsoft Excel Formula Handling
Remote Code Execution Vulnerability (BID 32621).
...

Bloodhound.PDF.3

- Bloodhound.PDF.3 at Norton Symantec

Bloodhound.PDF.3 is a heuristic detection for reporting PDF files that may attempt to exploit known
vulnerabilities in Adobe Acrobat.
...

VBS_AUTORUN.HAI

- VBS_AUTORUN.HAI at Trend Micro

This malicious VBScript may be downloaded from remote sites by other malware. It may be dropped by other
malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.It propagates via
physical and removable drives.It creates and modifies a significant number of registry entries as part of its
installation.It ...

MS08-078

- MS08-078 at Panda

It is a critical vulnerability in Internet Explorer versions 5.01 and 6 SP1 on Windows 2000, 6 on Windows
2003/XP computers and 7 on Windows 2008/Vista/2003/XP, which allows hackers to gain remote control of the
affected computer with the same privileges as the logged on user.
...

Troj/Agent-HXR

- Troj/Agent-HXR at Sophos

Troj/Agent-HXR is a Trojan for the Windows platform. When run
Troj/Agent-HXR copies itself to <Random characters>.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon System
<Random characters>....

Troj/Haxdor-B

- Troj/Haxdor-B at Sophos

...

Troj/Zbot-BN

- Troj/Zbot-BN at Sophos

...

W32/Autorun-SG

- W32/Autorun-SG at Sophos

...

W32/AutoRun-SH

- W32/AutoRun-SH at Sophos

W32/AutoRun-SH is a worm for the Windows platform. When run W32/AutoRun-SH
copies itself to <System>\n.vbe and sets the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Main Window Title Microsoft Internet Explorer
...

W32/VB-DXC

- W32/VB-DXC at Sophos

...

Troj/Agent-HTE

- Troj/Agent-HTE at Sophos

...

Troj/Agent-HSX

- Troj/Agent-HSX at Sophos

...

Troj/Bckdr-QLI

- Troj/Bckdr-QLI at Sophos

...

Troj/Dloadr-CDE

- Troj/Dloadr-CDE at Sophos

...

Troj/PDFJs-B

- Troj/PDFJs-B at Sophos

...

0 writebacks [12/20/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081218

Antivirus360

- Antivirus360 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Troj/Fakevir-IL

- Troj/Fakevir-IL at Sophos

...

Troj/Fakevir-IM

- Troj/Fakevir-IM at Sophos

...

Mal/Rustock-A

- Mal/Rustock-A at Sophos

...

Troj/Dloadr-CDB

- Troj/Dloadr-CDB at Sophos

...

Troj/Dloadr-CDC

- Troj/Dloadr-CDC at Sophos

...

Troj/FakeAV-HK

- Troj/FakeAV-HK at Sophos

...

Troj/Mdrop-BTJ

- Troj/Mdrop-BTJ at Sophos

...

Mal/BadNSIS

- Mal/BadNSIS at Sophos

Mal/BadNSIS is a malicious archive file.
...

Mal/GamePSW-J

- Mal/GamePSW-J at Sophos

...

Mal/Pandex-A

- Mal/Pandex-A at Sophos

...

Trojan-Dropper:W32/Ambler.D

- Trojan-Dropper:W32/Ambler.D at F-Secure

This type of trojan contains one or more malicious programs, which it will secretly install and execute.
...

Trojan-Spy:W32/Ambler.C

- Trojan-Spy:W32/Ambler.C at F-Secure

This type of trojan secretly installs spy programs and/or keylogger programs.
...

JS.Downloader.B

- JS.Downloader.B at Norton Symantec

JS.Downloader.B is a generic detection for a javascript that exploits a vulnerability to download files.
...

Bloodhound.Exploit.218

Bloodhound.Exploit.216

Bloodhound.PDF.3

- Bloodhound.PDF.3 at Norton Symantec

Bloodhound.PDF.3 is a heuristic detection for reporting PDF files that may attempt to exploit known
vulnerabilities in Adobe Acrobat.
...

VBS_AUTORUN.HAI

MS08-078

Troj/Agent-HXR

Troj/Haxdor-B

- Troj/Haxdor-B at Sophos

...

Troj/Zbot-BN

- Troj/Zbot-BN at Sophos

...

W32/Autorun-SG

- W32/Autorun-SG at Sophos

...

W32/AutoRun-SH

W32/VB-DXC

- W32/VB-DXC at Sophos

...

Troj/Agent-HTE

- Troj/Agent-HTE at Sophos

...

Troj/Agent-HSX

- Troj/Agent-HSX at Sophos

...

Troj/Bckdr-QLI

- Troj/Bckdr-QLI at Sophos

...

Troj/Dloadr-CDE

- Troj/Dloadr-CDE at Sophos

...

0 writebacks [12/19/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081217

Suspicious.MH690

- Suspicious.MH690 at Norton Symantec

Suspicious.MH690 is a detection technology designed to detect entirely new malware threats without traditional
signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or
morphed by attackers.
...

Bloodhound.Exploit.215

- Bloodhound.Exploit.215 at Norton Symantec

Bloodhound.Exploit.215 is a heuristic detection for the files attempting to exploit the Microsoft Excel Name
Record Array Remote Code Execution Vulnerability (BID 32622).
...

Bloodhound.Exploit.214

- Bloodhound.Exploit.214 at Norton Symantec

Bloodhound.Exploit.214 is a heuristic detection for the files attempting to exploit the Microsoft Windows GDI
WMF Integer Overflow Vulnerability (BID 32634).
...

W32/Autorun.worm.zf.gen

- W32/Autorun.worm.zf.gen at McAfee

This detection is for a worm. It attempts to spread by creating an autorun.inf file, which will run the worm
automatically on systems which use the drives that are set to Autorun.When run, the worm copies
itself to the %Windir%\system32 folder and hides itself there. In addition it drops its autorun.inf file in
the sam...

BKDR_AGENT.VBI

- BKDR_AGENT.VBI at Trend Micro

...

Sinowal.VXR

- Sinowal.VXR at Panda

It is designed to obtain confidential information related to certain British banking entities. It does
not spread automatically by its own means.
...

Troj/Banker-ELG

- Troj/Banker-ELG at Sophos

Troj/Banker-ELG is a Trojan for the Windows platform. When run
Troj/Banker-ELG copies itself to <System>\ocxlist\CefSeg.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CEF-Seg
<System>\ocxlist\CefS...

Troj/Drop-F

- Troj/Drop-F at Sophos

...

Troj/DwnLdr-HFU

- Troj/DwnLdr-HFU at Sophos

...

Troj/PDFJs-N

- Troj/PDFJs-N at Sophos

...

Troj/Zapchas-EI

- Troj/Zapchas-EI at Sophos

...

W32/AutoRun-HP

- W32/AutoRun-HP at Sophos

W32/AutoRun-HP is a worm for the Windows platform. When run W32/AutoRun-HP
creates the files <Root>\autorun.inf - detected as <Root>\iok.exe -
detected as W32/AutoRun-HP <Temp>\nod5.tmp - detected as W32/AutoRun-HP
<System>\kavo.e...

W32/AutoRun-NE

- W32/AutoRun-NE at Sophos

W32/AutoRun-NE is a worm for the Windows platform. When run W32/AutoRun-NE
copies itself as <Program Files>\Microsoft Common\svchost.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
...

W32/AutoRun-PO

- W32/AutoRun-PO at Sophos

W32/AutoRun-PO is a worm for the Windows platform. When run W32/AutoRun-PO
copies itself to <System>\j3ewro.exe and sets the following registry entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run jvsoft <System>\j3ewro.exe
...

Exp/Datbi-A

- Exp/Datbi-A at Sophos

Exp/Datbi-A is an XML parser heap overflow exploit for Microsoft Internet Explorer 7 which may
result in remote code execution when a specifically crafted web page is rendered. For
more information see the Microsoft Security Advisory
961051...

Troj/Dloadr-CCY

- Troj/Dloadr-CCY at Sophos

...

Antivirus360

Troj/Fakevir-IL

- Troj/Fakevir-IL at Sophos

...

Troj/Fakevir-IM

- Troj/Fakevir-IM at Sophos

...

Mal/Rustock-A

- Mal/Rustock-A at Sophos

...

Troj/Dloadr-CDB

- Troj/Dloadr-CDB at Sophos

...

Troj/Dloadr-CDC

- Troj/Dloadr-CDC at Sophos

...

Troj/FakeAV-HK

- Troj/FakeAV-HK at Sophos

...

Troj/Mdrop-BTJ

- Troj/Mdrop-BTJ at Sophos

...

Mal/BadNSIS

- Mal/BadNSIS at Sophos

Mal/BadNSIS is a malicious archive file.
...

Mal/GamePSW-J

- Mal/GamePSW-J at Sophos

...

Mal/Pandex-A

- Mal/Pandex-A at Sophos

...

0 writebacks [12/18/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081216

Exploit:JS/Agent.IHL

- Exploit:JS/Agent.IHL at F-Secure

Exploit:JS/Agent.IHL is JavaScript, usually found on malicious or compromised websites. It is used to
silently install malicious software onto the website visitor's system.
...

Trojan.Chromeinject.A

- Trojan.Chromeinject.A at Norton Symantec

Trojan.Chromeinject.A is a Trojan horse that steals information from the compromised computer.
...

Troj/Dloadr-CCZ

- Troj/Dloadr-CCZ at Sophos

...

Troj/FakeVir-II

- Troj/FakeVir-II at Sophos

...

Troj/Agent-HDK

- Troj/Agent-HDK at Sophos

...

Troj/Dloadr-CCJ

- Troj/Dloadr-CCJ at Sophos

Troj/Dloadr-CCJ is a Trojan for the Windows platform. Troj/Dloadr-CCJ
connects to a remote domain and downloads additional malware, which is detected as Mal/Packer.
...

Troj/Agent-HBZ

- Troj/Agent-HBZ at Sophos

...

Troj/Ciadoor-DW

- Troj/Ciadoor-DW at Sophos

Troj/Ciadoor-DW is a Trojan for the Windows platform. When Troj/Ciadoor-DW
is installed it creates the file <Windows>\fxstaller.exe. Troj/Ciadoor-DW also creates a copy
of the file fxstaller.exe as <Temp>\ixp000.tmp\bur.exe. Troj/Ciadoor-DW creates
the f...

Troj/Decdec-C

- Troj/Decdec-C at Sophos

Troj/Decdec-C is a malicious JavaScript embedded in a web page.
...

Troj/Dloadr-CAK

- Troj/Dloadr-CAK at Sophos

...

Troj/Rootkit-ED

- Troj/Rootkit-ED at Sophos

Troj/Rootkit-ED is a rootkit Trojan for the Windows platform.
...

Suspicious.MH690

Bloodhound.Exploit.215

Bloodhound.Exploit.214

W32/Autorun.worm.zf.gen

BKDR_AGENT.VBI

- BKDR_AGENT.VBI at Trend Micro

...

Sinowal.VXR

- Sinowal.VXR at Panda

It is designed to obtain confidential information related to certain British banking entities. It does
not spread automatically by its own means.
...

Troj/Banker-ELG

Troj/Drop-F

- Troj/Drop-F at Sophos

...

Troj/DwnLdr-HFU

- Troj/DwnLdr-HFU at Sophos

...

Troj/PDFJs-N

- Troj/PDFJs-N at Sophos

...

Troj/Zapchas-EI

- Troj/Zapchas-EI at Sophos

...

W32/AutoRun-HP

W32/AutoRun-NE

W32/AutoRun-PO

Exp/Datbi-A

Troj/Dloadr-CCY

- Troj/Dloadr-CCY at Sophos

...

0 writebacks [12/17/2008 05:44] [] permanent link

Virus Malware and Threat News for 20081215

Bloodhound.Depby

- Bloodhound.Depby at Norton Symantec

Bloodhound.Depby is a detection for executable files that attempt to bypass the Data Execution Prevention
protection feature....

Troj/Agent-GUN

- Troj/Agent-GUN at Sophos

...

Troj/Agent-GVV

- Troj/Agent-GVV at Sophos

...

Troj/Agent-GVZ

- Troj/Agent-GVZ at Sophos

...

Troj/Dloadr-BZI

- Troj/Dloadr-BZI at Sophos

...

Troj/Mdrop-BRL

- Troj/Mdrop-BRL at Sophos

Troj/Mdrop-BRL drops the file <System>\drivers\klif.sys which is detected as Troj/Klif-Gen.
...

Troj/PWS-AVD

- Troj/PWS-AVD at Sophos

...

Troj/PWS-AVG

- Troj/PWS-AVG at Sophos

...

Troj/PWSSc-Gen

- Troj/PWSSc-Gen at Sophos

Troj/PWSSc-Gen is a password-stealing Trojan for the Windows platform.
...

Mal/Delf-L

- Mal/Delf-L at Sophos

...

Mal/Vundeb-A

- Mal/Vundeb-A at Sophos

...

Exploit:JS/Agent.IHL

Trojan.Chromeinject.A

- Trojan.Chromeinject.A at Norton Symantec

Trojan.Chromeinject.A is a Trojan horse that steals information from the compromised computer.
...

Troj/Dloadr-CCZ

- Troj/Dloadr-CCZ at Sophos

...

Troj/FakeVir-II

- Troj/FakeVir-II at Sophos

...

Troj/Agent-HDK

- Troj/Agent-HDK at Sophos

...

Troj/Dloadr-CCJ

- Troj/Dloadr-CCJ at Sophos

Troj/Dloadr-CCJ is a Trojan for the Windows platform. Troj/Dloadr-CCJ
connects to a remote domain and downloads additional malware, which is detected as Mal/Packer.
...

Troj/Agent-HBZ

- Troj/Agent-HBZ at Sophos

...

Troj/Ciadoor-DW

Troj/Decdec-C

- Troj/Decdec-C at Sophos

Troj/Decdec-C is a malicious JavaScript embedded in a web page.
...

Troj/Dloadr-CAK

- Troj/Dloadr-CAK at Sophos

...

Troj/Rootkit-ED

- Troj/Rootkit-ED at Sophos

Troj/Rootkit-ED is a rootkit Trojan for the Windows platform.
...

0 writebacks [12/16/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081214

W32/Hytoo.worm

- W32/Hytoo.worm at McAfee

This worm scans a set of IP ranges carried in the worm body (may vary depending on the variant) and attempts
to spread by using 3 different ways: * By spreading through default ipc$ or admin$ network shares using
the Guest or the Administrator account. It may also use a dictionary file to crack the IPC$ share. * By
taking a...

OSX/Dablink-A

- OSX/Dablink-A at Sophos

OSX/Dablink-A is a Trojan for Apple OSX. When run, OSX/Dablink-A attempts
to download additional applications.
...

Troj/Agent-GTD

- Troj/Agent-GTD at Sophos

Troj/Agent-GTD is a Trojan for the Windows platform. When first run
Troj/Agent-GTD copies itself to: <Windows>\System32\digeste.dll and slightly
alters itself to look more like a dll. Troj/Agent-GTD adds itself under the following
registry entry to ...

Mal/Zbot-H

- Mal/Zbot-H at Sophos

...

Troj/Dloadr-BVT

- Troj/Dloadr-BVT at Sophos

...

Troj/Renos-CA

- Troj/Renos-CA at Sophos

...

Troj/Agent-GTC

- Troj/Agent-GTC at Sophos

...

Troj/FakeAV-CJ

- Troj/FakeAV-CJ at Sophos

...

W32/Juego-B

- W32/Juego-B at Sophos

W32/Juego-B is a worm for the Windows platform. W32/Juego-B attempts to
copy itself to network shares as LucifeR.exe, and create the file AutoruN.inf to run itself automatically.
W32/Juego-B also attempts to copy itself to various P2P shared folders, overwriting
existing execu...

Bloodhound.Depby

- Bloodhound.Depby at Norton Symantec

Bloodhound.Depby is a detection for executable files that attempt to bypass the Data Execution Prevention
protection feature....

Troj/Agent-GUN

- Troj/Agent-GUN at Sophos

...

Troj/Agent-GVV

- Troj/Agent-GVV at Sophos

...

Troj/Agent-GVZ

- Troj/Agent-GVZ at Sophos

...

Troj/Dloadr-BZI

- Troj/Dloadr-BZI at Sophos

...

Troj/Mdrop-BRL

- Troj/Mdrop-BRL at Sophos

Troj/Mdrop-BRL drops the file <System>\drivers\klif.sys which is detected as Troj/Klif-Gen.
...

Troj/PWS-AVD

- Troj/PWS-AVD at Sophos

...

Troj/PWS-AVG

- Troj/PWS-AVG at Sophos

...

Troj/PWSSc-Gen

- Troj/PWSSc-Gen at Sophos

Troj/PWSSc-Gen is a password-stealing Trojan for the Windows platform.
...

Mal/Delf-L

- Mal/Delf-L at Sophos

...

Mal/Vundeb-A

- Mal/Vundeb-A at Sophos

...

0 writebacks [12/15/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081213

Bat/Juego-A

- Bat/Juego-A at Sophos

Bat/Juego-A checks the current date and deletes <System>\hal.dll if the year is not 2008.
Bat/Juego-A disables task manager and registry tools from the registry.
Bat/Juego-A changes the file display settings for Windows Explorer.
...

Troj/Dropr-D

- Troj/Dropr-D at Sophos

...

Troj/Zbot-BL

- Troj/Zbot-BL at Sophos

...

W32/MarioF-G

- W32/MarioF-G at Sophos

W32/MarioF-G is a worm for the Windows platform. When first run
W32/MarioF-G copies itself to <System>\aston.mt and creates the following files:
<System>\dllcache\user32.dll <System>\nvaux32.dll The file
user32.dll is detecte...

Troj/FakeAV-BW

- Troj/FakeAV-BW at Sophos

...

Troj/Psyme-IX

- Troj/Psyme-IX at Sophos

...

Mal/Banker-E

- Mal/Banker-E at Sophos

Mal/Banker-E is a program which displays characteristics unique to phishing Trojans which attempt
to steal bank login information.
...

Mal/Delf-R

- Mal/Delf-R at Sophos

...

Mal/DwndLdr-T

- Mal/DwndLdr-T at Sophos

...

Mal/EncPk-AD

- Mal/EncPk-AD at Sophos

Mal/EncPk-AD is a program that has been packed with a protection system typically used by malware
authors. ...

W32/Hytoo.worm

OSX/Dablink-A

- OSX/Dablink-A at Sophos

OSX/Dablink-A is a Trojan for Apple OSX. When run, OSX/Dablink-A attempts
to download additional applications.
...

Troj/Agent-GTD

Mal/Zbot-H

- Mal/Zbot-H at Sophos

...

Troj/Dloadr-BVT

- Troj/Dloadr-BVT at Sophos

...

Troj/Renos-CA

- Troj/Renos-CA at Sophos

...

Troj/Agent-GTC

- Troj/Agent-GTC at Sophos

...

Troj/FakeAV-CJ

- Troj/FakeAV-CJ at Sophos

...

W32/Juego-B

0 writebacks [12/14/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081212

Worm:W32/AutoRun.DMO

- Worm:W32/AutoRun.DMO at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

Adware.MyCentria

- Adware.MyCentria at Norton Symantec

BehaviorAdware.MyCentria is an adware risk that displays advertisements in search results.
...

TROJ_MCWORDP.A

- TROJ_MCWORDP.A at Trend Micro

This Trojan may be dropped or downloaded by other malware.It arrives a specially-crafted .DOC, .WRI, or .RTF
file that exploits a known vulnerability in Microsoft WordPad. This vulnerability may cause the said
application to crash and may also allow a remote malicious user to take control over an affected system when a
user views the...

JS_AGENT.CSZZ

- JS_AGENT.CSZZ at Trend Micro

...

JS_DLOAD.MD

- JS_DLOAD.MD at Trend Micro

...

MS08-077

- MS08-077 at Panda

It is an important vulnerability in Office SharePoint Server, which allows local privilege escalation in the
vulnerable computer....

MS08-076

- MS08-076 at Panda

It is a group of important vulnerabilities in Windows Media components, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged on user or to disclose information.
...

MS08-075

- MS08-075 at Panda

It is a group of critical vulnerabilities in Windows Search on Windows Server 2008/Vista computers, which
allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.
...

Troj/AdClick-EV

- Troj/AdClick-EV at Sophos

...

Troj/Agent-GHW

- Troj/Agent-GHW at Sophos

...

Troj/DwnLdr-HFF

- Troj/DwnLdr-HFF at Sophos

Troj/DwnLdr-HFF is a downloader Trojan for the Windows platform. When run
Troj/DwnLdr-HFF copies itself to <System>\Ahead\nero.exe and sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion inf <System>\Ahead\
...

Troj/Inject-CF

- Troj/Inject-CF at Sophos

...

Troj/PWS-ASO

- Troj/PWS-ASO at Sophos

...

Mal/Behav-114

- Mal/Behav-114 at Sophos

...

Mal/EncPk-GJ

- Mal/EncPk-GJ at Sophos

Mal/EncPk-GJ is a program which uses an encryption mechanism unique to malware.
...

Troj/Agent-GHE

- Troj/Agent-GHE at Sophos

Troj/Agent-GHE is a Trojan for the Windows platform. When Troj/Agent-GHE is
installed it creates the file <Root>\generator.exe, also detected as Troj/Agent-GHE.
...

Troj/Agent-GHL

- Troj/Agent-GHL at Sophos

...

Bat/Juego-A

Troj/Dropr-D

- Troj/Dropr-D at Sophos

...

Troj/Zbot-BL

- Troj/Zbot-BL at Sophos

...

W32/MarioF-G

Troj/FakeAV-BW

- Troj/FakeAV-BW at Sophos

...

Troj/Psyme-IX

- Troj/Psyme-IX at Sophos

...

Mal/Banker-E

- Mal/Banker-E at Sophos

Mal/Banker-E is a program which displays characteristics unique to phishing Trojans which attempt
to steal bank login information.
...

Mal/Delf-R

- Mal/Delf-R at Sophos

...

Mal/DwndLdr-T

- Mal/DwndLdr-T at Sophos

...

Mal/EncPk-AD

- Mal/EncPk-AD at Sophos

Mal/EncPk-AD is a program that has been packed with a protection system typically used by malware
authors. ...

0 writebacks [12/13/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081211

Trojan:W32/DNSChanger.ARNF

- Trojan:W32/DNSChanger.ARNF at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. The program is often started by the user, and it does not usually replicate.
...

Trojan-Dropper:W32/Agent.FLN

- Trojan-Dropper:W32/Agent.FLN at F-Secure

This type of trojan contains one or more malicious programs, which it secretly installs and executes.
...

Worm:W32/Downadup

- Worm:W32/Downadup at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

W32.Tidns

- W32.Tidns at Norton Symantec

W32.Tidns is a worm that spreads through removable drives.
...

Bloodhound.Exploit.219

- Bloodhound.Exploit.219 at Norton Symantec

Bloodhound.Exploit.219 is a heuristic detection for files attempting to exploit Microsoft Internet Explorer
XML Handling Remote Code Execution Vulnerability (BID 32721).
...

MS08-074

- MS08-074 at Panda

It is a group of critical vulnerabilities in certain versions of Excel, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged-on user.
...

MS08-073

- MS08-073 at Panda

It is a group of vulnerabilities in Internet Explorer versions 5.01 and 6 SP1 in Windows 2000, 6 on Windows
2003/XP computers and 7 in Windows 2008/Vista/2003/XP, which allows hackers to gain remote control of the
affected computer with the same privileges as the logged on user.
...

MS08-072

- MS08-072 at Panda

It is a group of critical vulnerabilities in certain versions of Word, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged-on user.
...

MS08-071

- MS08-071 at Panda

It is a group of critical vulnerabilities in Microsoft Windows graphics device interface (GDI) on Windows
Server 2008/Vista/2003/XP/2000 computers, which allows hackers to gain remote control of the affected computer
with the same privileges as the logged on user.
...

MS08-070

- MS08-070 at Panda

It is a group of critical vulnerabilities in the ActiveX Control for Visual Basic 6.0, which allows
hackers to gain remote control of the affected computer with the same privileges as the logged-on user.
...

Troj/Agent-FXE

- Troj/Agent-FXE at Sophos

...

Troj/PSW-GD

- Troj/PSW-GD at Sophos

Troj/PSW-GD is a Trojan for the Windows platform. When run Troj/PSW-GD
copies itself to <Windows>\help\EB6C4499B05F.exe and creates the file <Windows>\help\EB6C4499B05F.
dll - detected as Mal/LineDLL-B.
HKCR\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InP...

Troj/PWS-AWQ

- Troj/PWS-AWQ at Sophos

...

Mal/Baals-A

- Mal/Baals-A at Sophos

...

Mal/Banload-G

- Mal/Banload-G at Sophos

Mal/Banload-G is a malicious program that may download additional malware.
...

Mal/Delf-Q

- Mal/Delf-Q at Sophos

...

Mal/Small-D

- Mal/Small-D at Sophos

...

Mal/Whybo-A

- Mal/Whybo-A at Sophos

Mal/Whybo-A is a malicious Browser Helper Object.
...

Troj/Agent-FVR

- Troj/Agent-FVR at Sophos

...

Troj/Bckdr-PFF

- Troj/Bckdr-PFF at Sophos

...

Worm:W32/AutoRun.DMO

Adware.MyCentria

- Adware.MyCentria at Norton Symantec

BehaviorAdware.MyCentria is an adware risk that displays advertisements in search results.
...

TROJ_MCWORDP.A

JS_AGENT.CSZZ

- JS_AGENT.CSZZ at Trend Micro

...

JS_DLOAD.MD

- JS_DLOAD.MD at Trend Micro

...

MS08-077

- MS08-077 at Panda

It is an important vulnerability in Office SharePoint Server, which allows local privilege escalation in the
vulnerable computer....

MS08-076

MS08-075

Troj/AdClick-EV

- Troj/AdClick-EV at Sophos

...

Troj/Agent-GHW

- Troj/Agent-GHW at Sophos

...

Troj/DwnLdr-HFF

Troj/Inject-CF

- Troj/Inject-CF at Sophos

...

Troj/PWS-ASO

- Troj/PWS-ASO at Sophos

...

Mal/Behav-114

- Mal/Behav-114 at Sophos

...

Mal/EncPk-GJ

- Mal/EncPk-GJ at Sophos

Mal/EncPk-GJ is a program which uses an encryption mechanism unique to malware.
...

Troj/Agent-GHE

- Troj/Agent-GHE at Sophos

Troj/Agent-GHE is a Trojan for the Windows platform. When Troj/Agent-GHE is
installed it creates the file <Root>\generator.exe, also detected as Troj/Agent-GHE.
...

Troj/Agent-GHL

- Troj/Agent-GHL at Sophos

...

0 writebacks [12/12/2008 05:43] [] permanent link

Virus Malware and Threat News for 20081210

Net-Worm:W32/Koobface.CY

- Net-Worm:W32/Koobface.CY at F-Secure

A type of worm that replicates by sending complete, independent copies of itself over a network.
...

Packed.Generic.195

- Packed.Generic.195 at Norton Symantec

Packed.Generic.195 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Exploit-XMLhttp.d

- Exploit-XMLhttp.d at McAfee

Exploit-XMLhttp.d is a generic detection for an unidentified buffer overflow vulnerability targeting Internet
Explorer 7.x. Older DATs may detect this threat as Exploit-XMLhttp.c or JS/Exploit-BO.gen.Active exploits were
found to be downloading and installing the Downloader-AZN trojan onto vulnerable target machines from the
followin...

BackDoor-DTD

- BackDoor-DTD at McAfee

This is a remote access Trojan. There are several versions existed. This is a general description. Newer
versions require the latest DATs for detection and cleaning. This trojan is opens iexplore.exe and will inject
a thread to the said browser.This trojan installs itself using the following filenames in either C:
\Program Files\...

W32/Tefo

- W32/Tefo at McAfee

This is a detection for files infected with the loader code of W32/Tefo.dldr. Once executed it loads the file
tefo.dll allowing it to perform its malicious routines:More information for W32/Tefo.dldr can be found at the
following link:http://vil.nai.com/vil/content/v_153498.htm The code may have been inserted by other
components...

BankerFox.A

- BankerFox.A at Panda

It is designed to steal users' banking data related to certain banking entities. When they access the
website of the affected banks through the Firefox browser, the Trojan is activated and logs the
information entered by the users in the website. It does not spread automatically using its own means.
...

P2PShared.U

- P2PShared.U at Panda

Its main objective is to spread through peer-to-peer (P2P) file sharing programs, email and removable drives.
It reaches the computer in a file which has the icon of a snowball.
...

OSX/RSPlug-B

- OSX/RSPlug-B at Sophos

OSX/RSPlug-B is a dysfunctional Trojan installer for Apple OSX.
OSX/RSPlug-B is a disk image that contains an installer that fails to run correctly. The installer claims to
install "MacAccess" and will require 376kb of space.
...

Troj/Inject-DM

- Troj/Inject-DM at Sophos

Troj/Inject-DM is a Trojan for the Windows platform. When run
Troj/Inject-DM copies itself to <System>\msw32prt.exe and creates the file <System>\msw32prt
(which can be deleted). Troj/Inject-DM sets the following registry entry to run itself
on startup: ...

Troj/Mdrop-BXL

- Troj/Mdrop-BXL at Sophos

...

Troj/PSW-GC

- Troj/PSW-GC at Sophos

Troj/PSW-GC is a Trojan for the Windows platform.
...

Mal/Renos-E

- Mal/Renos-E at Sophos

Mal/Renos-E is a malicious program for the Windows platform.
...

Troj/Agent-ILI

- Troj/Agent-ILI at Sophos

Troj/Agent-ILI is a Trojan for the Windows platform. Troj/Agent-ILI runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When Troj/Agent-ILI is installed the
following fil...

Troj/Agent-ILJ

- Troj/Agent-ILJ at Sophos

Troj/Agent-ILJ is a Trojan for the Windows platform and is a member of the Virtumundo family of
Trojans. When run Troj/Agent-ILJ creates the files: <System>\<file
1 with name made of random characters>.dll - detected as Troj/Agent-ILJ <System>\<file
2 with...

Troj/Buzus-AC

- Troj/Buzus-AC at Sophos

...

Troj/Dloadr-CCV

- Troj/Dloadr-CCV at Sophos

...

Troj/Dloadr-CCW

- Troj/Dloadr-CCW at Sophos

...

Trojan:W32/DNSChanger.ARNF

Trojan-Dropper:W32/Agent.FLN

- Trojan-Dropper:W32/Agent.FLN at F-Secure

This type of trojan contains one or more malicious programs, which it secretly installs and executes.
...

Worm:W32/Downadup

W32.Tidns

- W32.Tidns at Norton Symantec

W32.Tidns is a worm that spreads through removable drives.
...

Bloodhound.Exploit.219

MS08-074

MS08-073

MS08-072

MS08-071

MS08-070

Troj/Agent-FXE

- Troj/Agent-FXE at Sophos

...

Troj/PSW-GD

Troj/PWS-AWQ

- Troj/PWS-AWQ at Sophos

...

Mal/Baals-A

- Mal/Baals-A at Sophos

...

Mal/Banload-G

- Mal/Banload-G at Sophos

Mal/Banload-G is a malicious program that may download additional malware.
...

Mal/Delf-Q

- Mal/Delf-Q at Sophos

...

Mal/Small-D

- Mal/Small-D at Sophos

...

Mal/Whybo-A

- Mal/Whybo-A at Sophos

Mal/Whybo-A is a malicious Browser Helper Object.
...

Troj/Agent-FVR

- Troj/Agent-FVR at Sophos

...

Troj/Bckdr-PFF

- Troj/Bckdr-PFF at Sophos

...

0 writebacks [12/11/2008 05:44] [] permanent link

Virus Malware and Threat News for 20081209

Net-Worm:W32/Koobface.CZ

- Net-Worm:W32/Koobface.CZ at F-Secure

A type of worm that replicates by sending complete, independent copies of itself over a network.
...

W32.Chimerux

- W32.Chimerux at Norton Symantec

W32.Chimerux is a virus that infects .exe and .scr files.
...

BackDoor-DTC

- BackDoor-DTC at McAfee

This is a remote access Trojan. There are several versions existed. This is a general description. Newer
versions require the latest DATs for detection and cleaning. Upon execution, it first stops the following
services:wscsvc...

W32/Tefo.dldr

- W32/Tefo.dldr at McAfee

W32/Tefo.dldr arrives as a dll file which was found to be executed by malwares detected as W32\Tefo.
This is scheduled to communicate with a remote server from monday-friday at 8am to 4pm.
Information sent includes the ip address and hostname of the affected machine used as an identifier for
the infect...

BackDoor-DTB

- BackDoor-DTB at McAfee

BackDoor-DTB is the detection for the server component of a Remote Access Trojan. The characteristics could
differ depending on the attackers configuration of the server.Some samples drops a copy of itself with the
following filename: rundl32.exe My_Server.exeat the following directories: %Application
Data% ...

Generic.dx!9428ED31

- Generic.dx!9428ED31 at McAfee

File PropertyProperty ValueFileNameevente~1.exeMcAfee DetectionGeneric.dxLength404,992
bytesCRC9428ED31MD5263DFABD23F98B5B5579EE25EA4E05CESHA15B60B8B02B03D559F8C7B03F7DBF22B4E9FB5698Other Common
Detection AliasesCompany NameDetection NameavastWin32:OligamicrosoftTrojan:Win32/Ilomo.gen!ATrend
MicroTROJ_ILOMO.FAvert� Labs has observed ...

Generic Downloader.x!42AC6048

- Generic Downloader.x!42AC6048 at McAfee

File PropertyProperty ValueFileNameporniv~1.exeMcAfee DetectionGeneric Downloader.xLength123,392
bytesCRC42AC6048MD5178854EF36A73F6E42968935759BE658SHA1803C7410C02DC6A7BF6D2BDC2C118C8FD68FB267Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)Downloader.FraudLoad.AUKasperskyTrojan-Downloader.
Win32.Exchanger.amtmicro...

Spy-Agent.bw.dldr!8EE9EAD1

- Spy-Agent.bw.dldr!8EE9EAD1 at McAfee

File PropertyProperty ValueFileNamedc04jp~1.exeMcAfee DetectionSpy-Agent.bw.dldrLength14,848
bytesCRC8EE9EAD1MD520DFF7FBD844B8E786CF0F2C111E1020SHA188E58D1A51209FD07207BED5C29583F9A7F7BCC6Other Common
Detection AliasesCompany NameDetection NameahnlabWin-Trojan/Fraudpack.GenAviraTR/Crypt.ULPM.
GenFortiNetW32/Tibs.WA!tr.dldrKasperskyTro...

Generic.dx!3023118D

- Generic.dx!3023118D at McAfee

File PropertyProperty ValueFileName2fbee4~1.exeMcAfee DetectionGeneric.dxLength30,208
bytesCRC3023118DMD5AF6E2D8BB7CCDE8955F97B906909A6B9SHA1B8800E9A4F2CAC6D01C2099535F2DFC5E7E9A9B3Other Common
Detection AliasesCompany NameDetection NameavastWin32:OligaBitDefenderBehavesLike:Win32.
ExplorerHijackFortiNetW32/Delf.MF-ProtW32/Injector.A....

Generic.f!C1341B35

- Generic.f!C1341B35 at McAfee

File PropertyProperty ValueFileName55ee4b~1.exeMcAfee DetectionGeneric.fLength378,880
bytesCRCC1341B35MD553811ABE3B3D7D816D84ECD0E5F442D0SHA1FD2166F50D6A814552E18BBBE99797BDFBC5D450Other Common
Detection AliasesCompany NameDetection NameAVG (GriSoft)agent.abbfAviraTR/Agent.378880BitDefenderTrojan.
Generic.754133KasperskyTrojan-Downloa...

BKDR_SINOWAL.EK

- BKDR_SINOWAL.EK at Trend Micro

...

Troj/Agent-ILD

- Troj/Agent-ILD at Sophos

...

Troj/Dloadr-CCS

- Troj/Dloadr-CCS at Sophos

...

Troj/Dloadr-CCT

- Troj/Dloadr-CCT at Sophos

...

Troj/DwnLdr-HLQ

- Troj/DwnLdr-HLQ at Sophos

Troj/DwnLdr-HLQ is a downloader Trojan for the Windows platform. When run
Troj/DwnLdr-HLQ sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cognac <path to Trojan
executable> HKCU\Software...

Troj/LingCrk-A

- Troj/LingCrk-A at Sophos

Troj/LingCrk-A is a Trojan for the Windows platform. Troj/LingCrk-A
attempts to circumvent the registration process for the application Lingvo.
...

Troj/NeroCrk-A

- Troj/NeroCrk-A at Sophos

Troj/NeroCrk-A is a Trojan for the Windows platform. Troj/NeroCrk-A
provides functionality to circumvent the registration process for Ahead Nero Premium.
...

Troj/ZCmd-Gen

- Troj/ZCmd-Gen at Sophos

...

Mal/VidHtml-G

- Mal/VidHtml-G at Sophos

Mal/VidHtml-G is a malicious script that attempts to redirect to a malicious executable file. The
script is often found in a page pretending to be YouTube or another video site. The malicious executable often
pretends to be related to a video codec or a Flash update.
...

Troj/Agent-ILA

- Troj/Agent-ILA at Sophos

...

Troj/Agent-ILB

- Troj/Agent-ILB at Sophos

...

Net-Worm:W32/Koobface.CY

- Net-Worm:W32/Koobface.CY at F-Secure

A type of worm that replicates by sending complete, independent copies of itself over a network.
...

Packed.Generic.195

- Packed.Generic.195 at Norton Symantec

Packed.Generic.195 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Exploit-XMLhttp.d

BackDoor-DTD

W32/Tefo

BankerFox.A

P2PShared.U

OSX/RSPlug-B

Troj/Inject-DM

Troj/Mdrop-BXL

- Troj/Mdrop-BXL at Sophos

...

Troj/PSW-GC

- Troj/PSW-GC at Sophos

Troj/PSW-GC is a Trojan for the Windows platform.
...

Mal/Renos-E

- Mal/Renos-E at Sophos

Mal/Renos-E is a malicious program for the Windows platform.
...

Troj/Agent-ILI

Troj/Agent-ILJ

Troj/Buzus-AC

- Troj/Buzus-AC at Sophos

...

Troj/Dloadr-CCV

- Troj/Dloadr-CCV at Sophos

...

Troj/Dloadr-CCW

- Troj/Dloadr-CCW at Sophos

...

0 writebacks [12/10/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081208

Troj/Banloa-GD

- Troj/Banloa-GD at Sophos

Troj/Banloa-GD is a Trojan for the Windows platform.
...

Troj/FakeVir-HZ

- Troj/FakeVir-HZ at Sophos

...

Troj/PSW-GB

- Troj/PSW-GB at Sophos

Troj/PSW-GB is a Trojan for the Windows platform. When run Troj/PSW-GB
creates the file <Windows>\new_drv.sys (detected as Troj/Rootkit-DK). Troj/PSW-GB
registers the file <Windows>\new_drv.sys as a Windows service with the name "new_drv", a description of
"!!!!" a...

W32/Netsky-BT

- W32/Netsky-BT at Sophos

...

Mal/Behav-319

- Mal/Behav-319 at Sophos

...

Mal/Prunad-A

- Mal/Prunad-A at Sophos

...

Troj/ParDrop-B

- Troj/ParDrop-B at Sophos

Troj/ParDrop-B is a dropper parasite for the Windows platform. The parasite
is attached to a host and when that host is run a 3rd-party component is dropped and executed before control
is passed to the host. The parasite itself is non-infecitous and disinfection will remove it and the 3rd
party com...

W32/Autorun-OQ

- W32/Autorun-OQ at Sophos

W32/Autorun-OQ installs copies of itself as:- - <windows>Regsvr.exe
- <system>Regsvr.exe - <system>svchost .exe Also
W32/Autorun-OQ installs file <system>dotnetfx.dll A scheduled task AT1 is created
to ...

W32/AutoRun-RR

- W32/AutoRun-RR at Sophos

W32/AutoRun-RR is a worm for the Windows platform. When run W32/AutoRun-RR
copies itself to <System>\myrvc.exe and creates the files: <System>\SysResources.dat -
can be deleted <System>\dotnetfx.dll - also detected as W32/AutoRun-RR
W32/...

W32/AutoRun-RS

- W32/AutoRun-RS at Sophos

W32/AutoRun-RS is a worm for the Windows platform. When run W32/AutoRun-RS
copies itself to: <Windows>\data.exe <System>\data.exe
<System>\test.exe and creates the file <System>\dotnetfx.dll - detected as
W32/AutoRun-RS ...

Net-Worm:W32/Koobface.CZ

- Net-Worm:W32/Koobface.CZ at F-Secure

A type of worm that replicates by sending complete, independent copies of itself over a network.
...

W32.Chimerux

- W32.Chimerux at Norton Symantec

W32.Chimerux is a virus that infects .exe and .scr files.
...

BackDoor-DTC

W32/Tefo.dldr

BackDoor-DTB

Generic.dx!9428ED31

Generic Downloader.x!42AC6048

Spy-Agent.bw.dldr!8EE9EAD1

Generic.dx!3023118D

Generic.f!C1341B35

BKDR_SINOWAL.EK

- BKDR_SINOWAL.EK at Trend Micro

...

Troj/Agent-ILD

- Troj/Agent-ILD at Sophos

...

Troj/Dloadr-CCS

- Troj/Dloadr-CCS at Sophos

...

Troj/Dloadr-CCT

- Troj/Dloadr-CCT at Sophos

...

Troj/DwnLdr-HLQ

Troj/LingCrk-A

- Troj/LingCrk-A at Sophos

Troj/LingCrk-A is a Trojan for the Windows platform. Troj/LingCrk-A
attempts to circumvent the registration process for the application Lingvo.
...

Troj/NeroCrk-A

- Troj/NeroCrk-A at Sophos

Troj/NeroCrk-A is a Trojan for the Windows platform. Troj/NeroCrk-A
provides functionality to circumvent the registration process for Ahead Nero Premium.
...

Troj/ZCmd-Gen

- Troj/ZCmd-Gen at Sophos

...

Mal/VidHtml-G

Troj/Agent-ILA

- Troj/Agent-ILA at Sophos

...

Troj/Agent-ILB

- Troj/Agent-ILB at Sophos

...

0 writebacks [12/09/2008 05:46] [] permanent link

Virus Malware and Threat News for 20081207

TROJ_DROP.BP

- TROJ_DROP.BP at Trend Micro

...

OSX_RSPLUG.A

- OSX_RSPLUG.A at Trend Micro

...

Troj/Agent-IKP

- Troj/Agent-IKP at Sophos

...

Troj/Dloadr-CCM

- Troj/Dloadr-CCM at Sophos

...

Troj/FakeAle-KH

- Troj/FakeAle-KH at Sophos

...

Troj/Mdrop-BXK

- Troj/Mdrop-BXK at Sophos

Troj/Mdrop-BXK drops the file <Windows>\new_drv.sys which is detected as Troj/Rootkit-DK.
...

Troj/Agent-IKM

- Troj/Agent-IKM at Sophos

...

Troj/Dloadr-CCL

- Troj/Dloadr-CCL at Sophos

...

Troj/Mdrop-BXJ

- Troj/Mdrop-BXJ at Sophos

Troj/Mdrop-BXJ drops the file <Windows>\new_drv.sys which is detected as Troj/Rootkit-DK.
...

Troj/Pushdo-AA

- Troj/Pushdo-AA at Sophos

Troj/Pushdo-AA is a Trojan for the Windows platform. Troj/Pushdo-AA
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Pushdo-AA copies itself to <System>\rs32net.exe. The
following regi...

W32/Autorun-RU

- W32/Autorun-RU at Sophos

W32/Autorun-RU is a worm for the Windows platform. When executed
W32/Autorun-RU copies itself to the following locations: <System>\daemon.exe
<RECYCLER>\<S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX>\redmond.exe
where X is...

Mal/EncPk-GN

- Mal/EncPk-GN at Sophos

...

Troj/Banloa-GD

- Troj/Banloa-GD at Sophos

Troj/Banloa-GD is a Trojan for the Windows platform.
...

Troj/FakeVir-HZ

- Troj/FakeVir-HZ at Sophos

...

Troj/PSW-GB

W32/Netsky-BT

- W32/Netsky-BT at Sophos

...

Mal/Behav-319

- Mal/Behav-319 at Sophos

...

Mal/Prunad-A

- Mal/Prunad-A at Sophos

...

Troj/ParDrop-B

W32/Autorun-OQ

W32/AutoRun-RR

W32/AutoRun-RS

0 writebacks [12/08/2008 05:58] [] permanent link

Virus Malware and Threat News for 20081206

TROJ_PIDIEFX.B

- TROJ_PIDIEFX.B at Trend Micro

This Trojan may be downloaded from remote site(s) by other malware. It may be downloaded unknowingly by a user
when visiting malicious Web site(s).It is the Trend Micro detection for malicious .PDF files with embedded
JavaScript that attempts to connect to a certain URL to download possibly malicious files. However, as of this
writin...

Mal/FakeAvJs-B

- Mal/FakeAvJs-B at Sophos

Mal/FakeAvJs-B is a malicious script, usually found in a page pretending to relate to anti-virus
software. The script will eventually try to download a malicious executable file, either by itself or by
misleading the user.
...

Troj/Agent-IKN

- Troj/Agent-IKN at Sophos

...

Troj/Agent-IKO

- Troj/Agent-IKO at Sophos

...

Troj/FakeAle-KG

- Troj/FakeAle-KG at Sophos

Troj/FakeAle-KG is a Trojan for the Windows platform. Troj/FakeAle-KG is a
rogue security application that displays false alerts regarding malicious software on the computer.
Troj/FakeAle-KG also drops a DLL file in the same folder as itself, which is detected as
Mal/Behav-3...

Troj/FakeAV-HI

- Troj/FakeAV-HI at Sophos

...

W32/Febelneck-B

- W32/Febelneck-B at Sophos

W32/Febelneck-B is a worm for the Windows platform. W32/Febelneck-B copies
itself to the <SYSTEM> folder and sets registry entries to run on startup.
W32/Febelneck-B may also set DisallowRun registry entries to prevent common anti-virus programs from running.
...

W32/Sohana-BO

- W32/Sohana-BO at Sophos

...

Troj/Agent-IKL

- Troj/Agent-IKL at Sophos

...

Troj/Bancos-BEZ

- Troj/Bancos-BEZ at Sophos

...

Troj/Dloadr-CCF

- Troj/Dloadr-CCF at Sophos

Troj/Dloadr-CCF is a backdoor Trojan which allows a remote intruder to gain access and control
over the computer. Troj/Dloadr-CCF includes functionality to access the internet and
communicate with a remote server via HTTP. When installed Troj/Dloadr-CCF creates the
following f...

TROJ_DROP.BP

- TROJ_DROP.BP at Trend Micro

...

OSX_RSPLUG.A

- OSX_RSPLUG.A at Trend Micro

...

Troj/Agent-IKP

- Troj/Agent-IKP at Sophos

...

Troj/Dloadr-CCM

- Troj/Dloadr-CCM at Sophos

...

Troj/FakeAle-KH

- Troj/FakeAle-KH at Sophos

...

Troj/Mdrop-BXK

- Troj/Mdrop-BXK at Sophos

Troj/Mdrop-BXK drops the file <Windows>\new_drv.sys which is detected as Troj/Rootkit-DK.
...

Troj/Agent-IKM

- Troj/Agent-IKM at Sophos

...

Troj/Dloadr-CCL

- Troj/Dloadr-CCL at Sophos

...

Troj/Mdrop-BXJ

- Troj/Mdrop-BXJ at Sophos

Troj/Mdrop-BXJ drops the file <Windows>\new_drv.sys which is detected as Troj/Rootkit-DK.
...

Troj/Pushdo-AA

W32/Autorun-RU

Mal/EncPk-GN

- Mal/EncPk-GN at Sophos

...

0 writebacks [12/07/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081205

Backdoor:W32/TDSS

- Backdoor:W32/TDSS at F-Secure

A remote administration utility which bypasses normal security mechanisms to secretly control a program,
computer or network....

Trojan:W32/Krap.B

- Trojan:W32/Krap.B at F-Secure

This detection is of "packed" software. Packers are used to compress files and to disguise the malicious
contents....

Backdoor:W32/SdBot.CNJ

- Backdoor:W32/SdBot.CNJ at F-Secure

Backdoor:W32/SdBot.CNJ is a piece of malicious software that tries to disable various firewalls and antivirus
programs, steal passwords from the infected machine and spread through removable media
devices...

PrivacyCommander

- PrivacyCommander at Norton Symantec

BehaviorPrivacyCommander is a misleading application that may give exaggerated reports of threats on the
computer....

Infostealer.Vipect

- Infostealer.Vipect at Norton Symantec

Infostealer.Vipect is a generic detection for encrypted DLL files that are injected into processes to steal
information from the compromised computer.
...

W32.Lopown!inf

- W32.Lopown!inf at Norton Symantec

W32.Lopown!inf is a detection for files infected to download other threats when executed.
...

Generic.dx!707DA3A8

- Generic.dx!707DA3A8 at McAfee

-- Update December 4, 2008 --The risk assessment of this threat has been updated to Low-Profiled due to media
attention at:http://www.theregister.co.uk/2008/12/04/firefox_plug_in_trojan/This malware is detected by McAfee
as Generic.dx.Once executed, this malware attempts to obtain credentials when an affected host browses to one
of t...

Troj/Dloadr-CCD

- Troj/Dloadr-CCD at Sophos

...

Troj/Tiotua-AB

- Troj/Tiotua-AB at Sophos

Troj/Tiotua-AB is a backdoor Trojan which allows a remote intruder to gain access and control over
the computer. Troj/Tiotua-AB includes functionality to access the internet and
communicate with a remote server via HTTP. When Troj/Tiotua-AB is installed the
following files are...

Mal/Gampass-C

- Mal/Gampass-C at Sophos

Members of the Mal/Gampass-C family of malware attempt to steal passwords related to on-line
gaming. ...

Troj/Agent-IKI

- Troj/Agent-IKI at Sophos

When first run Troj/Agent-IKI copies itself to <System>\rs32net.exe.
The following registry entries are created to run rs32net.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run rs32net <System>\rs32net.exe
...

Troj/Dloadr-CCA

- Troj/Dloadr-CCA at Sophos

...

Troj/Dloadr-CCC

- Troj/Dloadr-CCC at Sophos

...

Troj/Lolyda-A

- Troj/Lolyda-A at Sophos

Troj/Lolyda-A is a password stealing Trojan for the Windows platform.
Troj/Lolyda-A targets usernames and passwords related to on-line gaming.
...

Troj/OLGame-A

- Troj/OLGame-A at Sophos

Troj/OLGame-A is a password stealing Trojan for the Windows platform.
Troj/OLGame-A targets usernames and passwords related to on-line gaming.
...

Troj/OLGame-B

- Troj/OLGame-B at Sophos

Troj/OLGame-B is a password stealing Trojan for the Windows platform.
Troj/OLGame-B targets usernames and passwords related to on-line gaming.
...

Troj/OLGame-C

- Troj/OLGame-C at Sophos

Troj/OLGame-C is a password stealing Trojan for the Windows platform.
Troj/OLGame-C targets usernames and passwords related to on-line gaming.
...

TROJ_PIDIEFX.B

Mal/FakeAvJs-B

Troj/Agent-IKN

- Troj/Agent-IKN at Sophos

...

Troj/Agent-IKO

- Troj/Agent-IKO at Sophos

...

Troj/FakeAle-KG

Troj/FakeAV-HI

- Troj/FakeAV-HI at Sophos

...

W32/Febelneck-B

W32/Sohana-BO

- W32/Sohana-BO at Sophos

...

Troj/Agent-IKL

- Troj/Agent-IKL at Sophos

...

Troj/Bancos-BEZ

- Troj/Bancos-BEZ at Sophos

...

Troj/Dloadr-CCF

0 writebacks [12/06/2008 05:50] [] permanent link

Virus Malware and Threat News for 20081204

Trojan-Downloader:W32/Agent.IDO

- Trojan-Downloader:W32/Agent.IDO at F-Secure

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the
files....

Bloodhound.PDF.2

- Bloodhound.PDF.2 at Norton Symantec

Bloodhound.PDF.2 is a heuristic detection for reporting PDF files that may attempt to exploit known
vulnerabilities in Adobe Acrobat.
...

Trojan.Flush.M

- Trojan.Flush.M at Norton Symantec

Trojan.Flush.M is a Trojan horse that impacts network traffic with Address Resolution Protocol (ARP) requests
and lowers security settings.
...

W32.Ackantta@mm

- W32.Ackantta@mm at Norton Symantec

W32.Ackantta@mm is a mass-mailing worm that gathers email addresses from the compromised computer and spreads
by copying itself to removable media. It also opens a back door on the compromised computer.
...

W32/Caveduck.a

- W32/Caveduck.a at McAfee

W32/Caveduck.a is a parasitic virus that infects Win32 PE executable files.It can connect to an IRC server
hosted on the domain ircgalaxy.pl to receive orders and download further malwares.
...

BKDR_AGENT.CAZZ

- BKDR_AGENT.CAZZ at Trend Micro

...

WORM_MYDOOM.CG

- WORM_MYDOOM.CG at Trend Micro

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may also
be downloaded from remote site(s) by other malware.It drops files on the affected system, including a copy of
itself. It also makes multiple changes to the Windows registry; one of these allows it to run at every system
start...

WORM_AUTORUN.JJ

- WORM_AUTORUN.JJ at Trend Micro

...

Bankolimb.BX

- Bankolimb.BX at Panda

It is designed to steal users' banking data related to certain banking entities. When they access the
website of the affected banks, the Trojan is activated and logs the information entered by the
users in the website. It does not spread automatically using its own means.
...

Troj/Agent-IKF

- Troj/Agent-IKF at Sophos

...

Troj/Dloadr-CBY

- Troj/Dloadr-CBY at Sophos

Troj/Dloadr-CBY is a Trojan for the Windows platform. Troj/Dloadr-CBY
contacts a remote website and downloads additional malware, which is detected as Mal/Banspy-F.
...

Troj/Dloadr-CBZ

- Troj/Dloadr-CBZ at Sophos

...

Mal/EncPk-FL

- Mal/EncPk-FL at Sophos

...

Troj/Bckdr-QQQ

- Troj/Bckdr-QQQ at Sophos

Troj/Bckdr-QQQ copies itself to: <Windows>\msnd.exe
The following registry entry is added to autostart Troj/Bckdr-QQQ
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Live Messenger msnd.
exe...

Troj/Dloadr-CBX

- Troj/Dloadr-CBX at Sophos

...

Troj/Mdrop-BXH

- Troj/Mdrop-BXH at Sophos

Troj/Mdrop-BXH drops royal86.sys which is detected as Mal/Packer.
...

Troj/Zbot-BF

- Troj/Zbot-BF at Sophos

...

Troj/Zlob-ARN

- Troj/Zlob-ARN at Sophos

...

Troj/Crack-P

- Troj/Crack-P at Sophos

Troj/Crack-P is a cracking tool used to bypass the authentication process of certain applications.
...

Backdoor:W32/TDSS

- Backdoor:W32/TDSS at F-Secure

A remote administration utility which bypasses normal security mechanisms to secretly control a program,
computer or network....

Trojan:W32/Krap.B

- Trojan:W32/Krap.B at F-Secure

This detection is of "packed" software. Packers are used to compress files and to disguise the malicious
contents....

Backdoor:W32/SdBot.CNJ

PrivacyCommander

- PrivacyCommander at Norton Symantec

BehaviorPrivacyCommander is a misleading application that may give exaggerated reports of threats on the
computer....

Infostealer.Vipect

- Infostealer.Vipect at Norton Symantec

Infostealer.Vipect is a generic detection for encrypted DLL files that are injected into processes to steal
information from the compromised computer.
...

W32.Lopown!inf

- W32.Lopown!inf at Norton Symantec

W32.Lopown!inf is a detection for files infected to download other threats when executed.
...

Generic.dx!707DA3A8

Troj/Dloadr-CCD

- Troj/Dloadr-CCD at Sophos

...

Troj/Tiotua-AB

Mal/Gampass-C

- Mal/Gampass-C at Sophos

Members of the Mal/Gampass-C family of malware attempt to steal passwords related to on-line
gaming. ...

Troj/Agent-IKI

Troj/Dloadr-CCA

- Troj/Dloadr-CCA at Sophos

...

Troj/Dloadr-CCC

- Troj/Dloadr-CCC at Sophos

...

Troj/Lolyda-A

- Troj/Lolyda-A at Sophos

Troj/Lolyda-A is a password stealing Trojan for the Windows platform.
Troj/Lolyda-A targets usernames and passwords related to on-line gaming.
...

Troj/OLGame-A

- Troj/OLGame-A at Sophos

Troj/OLGame-A is a password stealing Trojan for the Windows platform.
Troj/OLGame-A targets usernames and passwords related to on-line gaming.
...

Troj/OLGame-B

- Troj/OLGame-B at Sophos

Troj/OLGame-B is a password stealing Trojan for the Windows platform.
Troj/OLGame-B targets usernames and passwords related to on-line gaming.
...

Troj/OLGame-C

- Troj/OLGame-C at Sophos

Troj/OLGame-C is a password stealing Trojan for the Windows platform.
Troj/OLGame-C targets usernames and passwords related to on-line gaming.
...

0 writebacks [12/05/2008 05:47] [] permanent link

Virus Malware and Threat News for 20081203

BitTera.C

- BitTera.C at Panda

It is a malicious tool which allows to create any type of malware with different functions, such as to disable
the Task Manager, hide the Start button or prevent the execution of the Notepad.
...

Mal/TibsPk-D

- Mal/TibsPk-D at Sophos

Mal/TibsPk-D is a malicious program.
...

Troj/Agent-IKD

- Troj/Agent-IKD at Sophos

...

Troj/BHO-IR

- Troj/BHO-IR at Sophos

...

Troj/Dloadr-CBR

- Troj/Dloadr-CBR at Sophos

...

Troj/Dloadr-CBS

- Troj/Dloadr-CBS at Sophos

...

Troj/Dloadr-CBT

- Troj/Dloadr-CBT at Sophos

...

Troj/Keygen-CH

- Troj/Keygen-CH at Sophos

Troj/Keygen-CH is a key generator for SecureCRT 6.1.
...

Troj/Spamsrv-G

- Troj/Spamsrv-G at Sophos

Troj/Spamsrv-G is a Trojan for the Windows platform. When run,
Troj/Spamsrv-G installs itself in global memory, monitors browser activity and reports information collected
to remote web servers.
...

Troj/Zlob-ARJ

- Troj/Zlob-ARJ at Sophos

...

JS/Baals-A

- JS/Baals-A at Sophos

...

Trojan-Downloader:W32/Agent.IDO

- Trojan-Downloader:W32/Agent.IDO at F-Secure

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the
files....

Bloodhound.PDF.2

- Bloodhound.PDF.2 at Norton Symantec

Bloodhound.PDF.2 is a heuristic detection for reporting PDF files that may attempt to exploit known
vulnerabilities in Adobe Acrobat.
...

Trojan.Flush.M

- Trojan.Flush.M at Norton Symantec

Trojan.Flush.M is a Trojan horse that impacts network traffic with Address Resolution Protocol (ARP) requests
and lowers security settings.
...

W32.Ackantta@mm

W32/Caveduck.a

BKDR_AGENT.CAZZ

- BKDR_AGENT.CAZZ at Trend Micro

...

WORM_MYDOOM.CG

WORM_AUTORUN.JJ

- WORM_AUTORUN.JJ at Trend Micro

...

Bankolimb.BX

Troj/Agent-IKF

- Troj/Agent-IKF at Sophos

...

Troj/Dloadr-CBY

- Troj/Dloadr-CBY at Sophos

Troj/Dloadr-CBY is a Trojan for the Windows platform. Troj/Dloadr-CBY
contacts a remote website and downloads additional malware, which is detected as Mal/Banspy-F.
...

Troj/Dloadr-CBZ

- Troj/Dloadr-CBZ at Sophos

...

Mal/EncPk-FL

- Mal/EncPk-FL at Sophos

...

Troj/Bckdr-QQQ

Troj/Dloadr-CBX

- Troj/Dloadr-CBX at Sophos

...

Troj/Mdrop-BXH

- Troj/Mdrop-BXH at Sophos

Troj/Mdrop-BXH drops royal86.sys which is detected as Mal/Packer.
...

Troj/Zbot-BF

- Troj/Zbot-BF at Sophos

...

Troj/Zlob-ARN

- Troj/Zlob-ARN at Sophos

...

Troj/Crack-P

- Troj/Crack-P at Sophos

Troj/Crack-P is a cracking tool used to bypass the authentication process of certain applications.
...

0 writebacks [12/04/2008 05:41] [] permanent link

Virus Malware and Threat News for 20081202

TROJ_RANDSOM.A

- TROJ_RANDSOM.A at Trend Micro

...

WORM_AUTORUN.BUO

- WORM_AUTORUN.BUO at Trend Micro

This worm may be dropped by other malware. It may arrive bundled with malware packages as a malware component.
It arrives as a .DLL file that exports functions used by other malware.This worm is a DLL component of the
WORM_AUTORUN family, which is capable of dropping files in physical and removable drives. However, it needs
the execut...

WinWebSecurity2008

- WinWebSecurity2008 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Mal/FakeAvJs-A

- Mal/FakeAvJs-A at Sophos

Mal/FakeAvJs-A is a malicious script, usually found in a page pretending to relate to anti-virus
software. The script will eventually try to download a malicious executable file, either by itself or by
misleading the user.
...

Troj/Dloadr-CBQ

- Troj/Dloadr-CBQ at Sophos

Troj/Dloadr-CBQ is a Trojan for the Windows platform. Troj/Dloadr-CBQ
attempts to contact remote FTP sites to download additional malware, which is already detected as Mal/Emogen-T.
...

Troj/PWS-AWL

- Troj/PWS-AWL at Sophos

...

Troj/PWS-AWM

- Troj/PWS-AWM at Sophos

...

W32/AutoIt-AI

- W32/AutoIt-AI at Sophos

W32/AutoIt-AI is a worm for the Windows platform. W32/AutoIt-AI includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/AutoIt-AI copies itself to: <Windows>\regsvr.exe
<System&g...

Troj/Agent-IJZ

- Troj/Agent-IJZ at Sophos

...

Troj/Banker-EOR

- Troj/Banker-EOR at Sophos

Troj/Banker-EOR is a Trojan for the Windows platform that attempts to steal banking information.
Troj/Banker-EOR modifies the HOSTS file to redirect access to certain banking websites.
...

Troj/Dloadr-CBO

- Troj/Dloadr-CBO at Sophos

...

Troj/Dloadr-CBP

- Troj/Dloadr-CBP at Sophos

...

Troj/VBDown-I

- Troj/VBDown-I at Sophos

Troj/VBDown-I is a Trojan for the Windows platform. Troj/VBDown-I includes
functionality to access the internet and communicate with a remote server via HTTP.
...

BitTera.C

Mal/TibsPk-D

- Mal/TibsPk-D at Sophos

Mal/TibsPk-D is a malicious program.
...

Troj/Agent-IKD

- Troj/Agent-IKD at Sophos

...

Troj/BHO-IR

- Troj/BHO-IR at Sophos

...

Troj/Dloadr-CBR

- Troj/Dloadr-CBR at Sophos

...

Troj/Dloadr-CBS

- Troj/Dloadr-CBS at Sophos

...

Troj/Dloadr-CBT

- Troj/Dloadr-CBT at Sophos

...

Troj/Keygen-CH

- Troj/Keygen-CH at Sophos

Troj/Keygen-CH is a key generator for SecureCRT 6.1.
...

Troj/Spamsrv-G

Troj/Zlob-ARJ

- Troj/Zlob-ARJ at Sophos

...

JS/Baals-A

- JS/Baals-A at Sophos

...

0 writebacks [12/03/2008 05:59] [] permanent link

Virus Malware and Threat News for 20081201

W32/AutoRun-RD

- W32/AutoRun-RD at Sophos

W32/AutoRun-RD is a worm for the Windows platform. When run W32/AutoRun-RD
copies itself to <System>\myrvc.exe and sets the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Main FormSuggest PW Ask yes
HKCU...

Troj/FakeAV-HD

- Troj/FakeAV-HD at Sophos

...

Troj/FakeAV-HE

- Troj/FakeAV-HE at Sophos

...

Troj/Agent-IJP

- Troj/Agent-IJP at Sophos

Troj/Agent-IJP is a Trojan for the Windows platform. When first run
Troj/Agent-IJP copies itself to <System>\kd<random>.exe. The following
registry entry is changed to run the Trojan on startup: HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersi...

Troj/Agent-IJQ

- Troj/Agent-IJQ at Sophos

...

W32/Agent-IJO

- W32/Agent-IJO at Sophos

W32/Agent-IJO is a worm for the Windows platform. W32/Agent-IJO includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Agent-IJO copies itself to <System>\rs32net.exe. The following
registry ...

Troj/Banker-EON

- Troj/Banker-EON at Sophos

...

Troj/Banker-EOO

- Troj/Banker-EOO at Sophos

Troj/Banker-EOO is a Trojan for the Windows platform. Troj/Banker-EOO
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Banker-EOO is installed the following files are created:
<Windows>\System32...

Troj/Banloa-GC

- Troj/Banloa-GC at Sophos

Troj/Banloa-GC is a Trojan for the Windows platform. Troj/Banloa-GC
includes functionality to access the internet and communicate with a remote server via HTTP.
...

TROJ_RANDSOM.A

- TROJ_RANDSOM.A at Trend Micro

...

WORM_AUTORUN.BUO

WinWebSecurity2008

Mal/FakeAvJs-A

Troj/Dloadr-CBQ

Troj/PWS-AWL

- Troj/PWS-AWL at Sophos

...

Troj/PWS-AWM

- Troj/PWS-AWM at Sophos

...

W32/AutoIt-AI

Troj/Agent-IJZ

- Troj/Agent-IJZ at Sophos

...

Troj/Banker-EOR

Troj/Dloadr-CBO

- Troj/Dloadr-CBO at Sophos

...

Troj/Dloadr-CBP

- Troj/Dloadr-CBP at Sophos

...

Troj/VBDown-I

- Troj/VBDown-I at Sophos

Troj/VBDown-I is a Trojan for the Windows platform. Troj/VBDown-I includes
functionality to access the internet and communicate with a remote server via HTTP.
...

0 writebacks [12/02/2008 05:42] [] permanent link

Virus Malware and Threat News for 20081130

Troj/FakeVir-HV

- Troj/FakeVir-HV at Sophos

...

Troj/Agent-IJN

- Troj/Agent-IJN at Sophos

...

Troj/Agent-IJM

- Troj/Agent-IJM at Sophos

...

Troj/FakeAV-HC

- Troj/FakeAV-HC at Sophos

...

Troj/KeySteal-A

- Troj/KeySteal-A at Sophos

Troj/KeySteal-A obtains keys related to the game Call of Duty 5 from the registry and posts them
to a remote site from where they are retailed to buyers illegally.
...

W32/IRCbot-ADE

- W32/IRCbot-ADE at Sophos

W32/IRCbot-ADE is a worm with IRC backdoor functionality for the Windows platform.
W32/IRCbot-ADE runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. When first run
W32/I...

Troj/Agent-IJK

- Troj/Agent-IJK at Sophos

...

Troj/Agent-IJL

- Troj/Agent-IJL at Sophos

...

Troj/Dloadr-CBH

- Troj/Dloadr-CBH at Sophos

...