Virus Malware and Threat News for 20090128
W32/Conficker.worm!inf - W32/Conficker.worm!inf at McAfee
This is a generic detection for a configuration text file (autorun.inf) used by the W32/Conficker.worm. This
file is usually dropped onto the root of all removable drivers and mapped drives in an attempt to autorun an
executable when the drive is accesed.The size for this file varies.Some copies of this file has the System (S)
and Hi...
Mal/EncPk-GV - Mal/EncPk-GV at Sophos
...
Troj/Bdoor-ASH - Troj/Bdoor-ASH at Sophos
...
Troj/Dloadr-CFT - Troj/Dloadr-CFT at Sophos
...
Troj/FakeAV-JS - Troj/FakeAV-JS at Sophos
...
Troj/MDrop-BYN - Troj/MDrop-BYN at Sophos
When Troj/MDrop-BYN is installed it creates the file <Current Folder>\dfxspc.dll.
The file dfxspc.dll is detected as Mal/Behav-304.
...
Troj/Mosuck-AX - Troj/Mosuck-AX at Sophos
...
W32/Mytob-C - W32/Mytob-C at Sophos
W32/Mytob-C is a mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable
to the LSASS (MS04-011) exploit.When first run the worm copies itself to the Windows system folder as wfdmgr.
exe and creates the following registry entries so as to auto-start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Ru...
Mal/Alureon-B - Mal/Alureon-B at Sophos
...
Mal/Behav-010 - Mal/Behav-010 at Sophos
Mal/Behav-010 is a file that displays characteristics or behavior found exclusively within malware.
...
Mal/Behav-224 - Mal/Behav-224 at Sophos
...
Trojan:W32/Waledac.gen - Trojan:W32/Waledac.gen at F-Secure
Trojan:W32/Waledac.gen is generic detection of the Waledac trojan.
...
Trojan:W32/Waledac.A - Trojan:W32/Waledac.A at F-Secure
A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. The program is often started by the user, and it does not usually replicate.
...
Bloodhound.PDF.7 - Bloodhound.PDF.7 at Norton Symantec
Bloodhound.PDF.7 is a heuristic detection for potentially malicious PDF files that may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...
AquaPlay - AquaPlay at Panda
It passes itself off as a codec to view videos. Once installed, it downloads the worm Autorun.AST to the
affected computer. It can be downloaded from certain dubious websites passing itself as a codec to view videos.
...
Mal/Mdrop-K - Mal/Mdrop-K at Sophos
...
Troj/Dloadr-CFS - Troj/Dloadr-CFS at Sophos
...
Troj/FakeAV-JW - Troj/FakeAV-JW at Sophos
...
Troj/Agent-IRL - Troj/Agent-IRL at Sophos
Troj/Agent-IRL copies itself to <Temp>\ms<random number>.exe.
Troj/Agent-IRL creates the following registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
InetChk <Temp>\ms<random value>.exe work Troj/Agent-IRL
continuou...
Troj/Bdoor-ASK - Troj/Bdoor-ASK at Sophos
...
Troj/Punad-E - Troj/Punad-E at Sophos
...
Troj/Waled-U - Troj/Waled-U at Sophos
Troj/Waled-U is a Trojan for the Windows platform. Troj/Waled-U includes
functionality to access the internet and communicate with a remote server via HTTP. The
following registry entry is created to run Troj/Waled-U on startup:
HKLM\SOFTWARE\Microsoft\W...
W32/AutoRun-WB - W32/AutoRun-WB at Sophos
...
W32/Autorun-WC - W32/Autorun-WC at Sophos
...
W32/Autorun-WD - W32/Autorun-WD at Sophos
W32/Autorun-WD creates the file autoinf.ini which is detected as W32/Autorun-VA.
W32/Autorun-WS copies itself to <System>\macfee_.exe <Windows>\macfee_.
exe W32/Autorn-WS creates a scheduled task called at1 to run itself.
...
0 writebacks [01/29/2009 22:41]
[]
permanent link
|
