Virus Malware and Threat News for 20090111
Troj/Agent-IOV - Troj/Agent-IOV at Sophos
Troj/Agent-IOV is a Trojan for the Windows platform. When run
Troj/Agent-IOV copies itself to <System>\digeste.dll and adds the DLL file to the following registry
entry: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders <e...
Troj/Bckdr-QRC - Troj/Bckdr-QRC at Sophos
...
Troj/Bckdr-QRD - Troj/Bckdr-QRD at Sophos
...
Troj/Inject-DQ - Troj/Inject-DQ at Sophos
Troj/Inject-DQ is a Trojan for the Windows platform. When run
Troj/Inject-DQ copies itself to: <System>\wuaumqr.exe
<System>\kazaabackupfiles\download_me.exe and sets the following registry entries:
HKCU\Software\Micros...
Troj/MDrop-BXT - Troj/MDrop-BXT at Sophos
...
Troj/Crack-Q - Troj/Crack-Q at Sophos
Troj/Crack-Q is used to patch sattelite receiver boxes to allow for viewing of premium TV channels.
...
Troj/Keygen-BW - Troj/Keygen-BW at Sophos
Troj/Keygen-BW is a key generator for Winamp Pro v5.x
...
Mal/WaledPak-A - Mal/WaledPak-A at Sophos
Mal/WaledPak-A is a worm for the Windows platform. Mal/WaledPak-A includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client.
...
Troj/Agent-IOU - Troj/Agent-IOU at Sophos
...
Troj/DwnLdr-HMY - Troj/DwnLdr-HMY at Sophos
Troj/DwnLdr-HMY is a Trojan for the Windows platform. Troj/DwnLdr-HMY
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/DwnLdr-HMY copies itself to the Windows system folder The
following reg...
TROJ_DROPPER.TT - TROJ_DROPPER.TT at Trend Micro
...
WORM_MYTOB.QR - WORM_MYTOB.QR at Trend Micro
This worm arrives as attachment to mass-mailed email messages. It may also arrive via removable drives.It
drops multiple files on the affected system, including copies of itself and possibly malicious component files.
It displays an image when executed.It creates a registry entry to enable its automatic execution at every
system start...
Troj/Agent-IOY - Troj/Agent-IOY at Sophos
...
Troj/Agent-IOT - Troj/Agent-IOT at Sophos
...
Troj/NtRootK-EI - Troj/NtRootK-EI at Sophos
Troj/NtRootK-EI is a Trojan for the Windows platform. Once installed,
Troj/NtRootK-EI attempts to register itself as the service name "RKHit".
...
Troj/FakeAV-IJ - Troj/FakeAV-IJ at Sophos
Troj/FakeAV-IJ is a Trojan for the Windows platform. Troj/FakeAV-IJ
includes functionality to download, install and run new software. The following files
are created: <Desktop>\Internet Antivirus Pro.lnk <Start
Menu>Programs\Inter...
W32/Autorun-TQ - W32/Autorun-TQ at Sophos
W32/Autorun-TQ is a worm that copies itself to removable storage devices.
W32/Autorun-TQ copies itself together with an autorun.inf file that specifies the worm should be run
automatically. The worm also copies itself to the Application Data folder and creates
the following re...
W32/Waled-J - W32/Waled-J at Sophos
...
Troj/Agent-IOW - Troj/Agent-IOW at Sophos
Troj/Agent-IOW is a Trojan for the Windows platform.
...
Troj/Lineag-AN - Troj/Lineag-AN at Sophos
When first run Troj/Lineag-AN copies itself to <Windows>\help\EB6C4499B05F.exe and creates
the following files: <Root>\1.hiv <Root>\2.hiv
<Current Folder>\2.bat <Windows>\1.bat <Windows>\help\EB6C4499B05F.dll
...
W32/Conficker.worm.gen.a - W32/Conficker.worm.gen.a at McAfee
Network portscan on port 445 as per the MS08-067 exploit. Access to the above mentioned domain. Domain
accounts being locked due to maximum login attempts. presence of the above mentioned files and registry keys
in specific files and registryy keys with empty permissions. Scheduled tasks being created. autorun.inf files
being created...
TROJ_DDOS.ISR - TROJ_DDOS.ISR at Trend Micro
This Trojan may be installed manually by a user. It may be downloaded unknowingly by a user when visiting
malicious Web sites.It creates folders and drops several files. It creates a registry entry to enable its
automatic execution at every system startup.Upon execution, it connects to an IRC server in a certain port.
Testing shows t...
Samal.A - Samal.A at Panda
It is designed to carry out malicious actions only on 1st January 2009, such as prevent the computer from
being started properly, among others. It spreads making copies of itself in all the system drives.
...
Troj/Agent-IPI - Troj/Agent-IPI at Sophos
...
Troj/Agent-IPJ - Troj/Agent-IPJ at Sophos
...
Troj/Agent-IPK - Troj/Agent-IPK at Sophos
...
Troj/DwnLdr-HND - Troj/DwnLdr-HND at Sophos
Troj/DwnLdr-HND is a Trojan downloader for the Windows platform. When run
the Batchfile Trojan will attemp to download components from a remote FTP server and add them to the windws
task-scheduler....
Troj/FakeAV-IK - Troj/FakeAV-IK at Sophos
Troj/FakeAV-IK is a Windows platform trojan. When Troj/FakeAV-IK is first
run, it attempts to download an executable from a remote host and save the file under <Program
Files>\Antivirus 2009\av2009.exe Troj/FakeAV-IK creates the following registry entry:
...
Troj/FakeAV-IL - Troj/FakeAV-IL at Sophos
...
Mal/Behav-170 - Mal/Behav-170 at Sophos
...
Troj/Dloadr-CER - Troj/Dloadr-CER at Sophos
Troj/Dloadr-CER is a Trojan for the Windows platform. Troj/Dloadr-CER
downloads and installs Troj/FakeAle-KZ to <PROGRAM FILES>\Antivirus 2009\av2009.
exe...
Troj/DwnLdr-HMQ - Troj/DwnLdr-HMQ at Sophos
...
Troj/FakeAle-KY - Troj/FakeAle-KY at Sophos
...
0 writebacks [01/12/2009 22:42]
[]
permanent link
|
