mwblog.org

MWBLOG.ORG

Virus Malware and Threat News for 20090130

Infostealer.Nadebanker

- Infostealer.Nadebanker at Norton Symantec

Infostealer.Nadebanker is a Trojan horse that gathers information from the compromised computer.
...

Spyware.KeyProwler

- Spyware.KeyProwler at Norton Symantec

BehaviorSpyware.KeyProwler is a spyware program that logs keystrokes typed into the computer.
...

WORM_RAKAB.A

- WORM_RAKAB.A at Trend Micro

This worm may be dropped by other malware.It drops multiple files on the affected system, including a copy of
itself.It drops a copy of itself in all physical and removable drives. It also drops an AUTORUN.INF file to
automatically execute dropped copies when the drives are accessed.
...

WORM_SILLY.KAX

- WORM_SILLY.KAX at Trend Micro

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be
downloaded from certain remote sites. It may be downloaded unknowingly by a user when visiting malicious Web
sites.It creates folders. It drops copies of itself. It injects threads into normal processes.It creates
registry en...

Mal/Alureon-C

- Mal/Alureon-C at Sophos

...

Troj/Dloadr-CFW

- Troj/Dloadr-CFW at Sophos

...

Troj/Agent-ISR

- Troj/Agent-ISR at Sophos

...

Troj/Agent-IST

- Troj/Agent-IST at Sophos

...

Troj/Dload-EX

- Troj/Dload-EX at Sophos

...

Troj/Mdrop-BYP

- Troj/Mdrop-BYP at Sophos

...

Troj/Proxy-IV

- Troj/Proxy-IV at Sophos

...

Troj/PWSteal-G

- Troj/PWSteal-G at Sophos

Troj/PWSteal-G is a password stealing Trojan for the Windows platform. When
Troj/PWSteal-G is installed the following files are created: <Program
Files>\Explorer\keys.txt <Program Files>\Explorer\crs.exe
<Windows>\megangoodslideshow1.exe...

Troj/Zbot-CC

- Troj/Zbot-CC at Sophos

...

Troj/Agent-ITA

- Troj/Agent-ITA at Sophos

...

Troj/Agent-ITB

- Troj/Agent-ITB at Sophos

...

Troj/FakeAV-KC

- Troj/FakeAV-KC at Sophos

...

Troj/Agent-IRX

- Troj/Agent-IRX at Sophos

...

Troj/Agent-ISV

- Troj/Agent-ISV at Sophos

...

Troj/Agent-ISW

- Troj/Agent-ISW at Sophos

...

Troj/Agent-ISX

- Troj/Agent-ISX at Sophos

...

Troj/Agent-ISY

- Troj/Agent-ISY at Sophos

...

Troj/Agent-ISZ

- Troj/Agent-ISZ at Sophos

...

Troj/DwnLdr-HNW

- Troj/DwnLdr-HNW at Sophos

...

0 writebacks [01/31/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090129

Trojan:W32/Waledac.gen

- Trojan:W32/Waledac.gen at F-Secure

Trojan:W32/Waledac.gen is generic detection of the Waledac trojan.
...

Trojan:W32/Waledac.A

- Trojan:W32/Waledac.A at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. The program is often started by the user, and it does not usually replicate.
...

Bloodhound.PDF.7

- Bloodhound.PDF.7 at Norton Symantec

Bloodhound.PDF.7 is a heuristic detection for potentially malicious PDF files that may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...

AquaPlay

- AquaPlay at Panda

It passes itself off as a codec to view videos. Once installed, it downloads the worm Autorun.AST to the
affected computer. It can be downloaded from certain dubious websites passing itself as a codec to view videos.
...

Mal/Mdrop-K

- Mal/Mdrop-K at Sophos

...

Troj/Dloadr-CFS

- Troj/Dloadr-CFS at Sophos

...

Troj/FakeAV-JW

- Troj/FakeAV-JW at Sophos

...

Troj/Agent-IRL

- Troj/Agent-IRL at Sophos

Troj/Agent-IRL copies itself to <Temp>\ms<random number>.exe.
Troj/Agent-IRL creates the following registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
InetChk <Temp>\ms<random value>.exe work Troj/Agent-IRL
continuou...

Troj/Bdoor-ASK

- Troj/Bdoor-ASK at Sophos

...

Troj/Punad-E

- Troj/Punad-E at Sophos

...

Troj/Waled-U

- Troj/Waled-U at Sophos

Troj/Waled-U is a Trojan for the Windows platform. Troj/Waled-U includes
functionality to access the internet and communicate with a remote server via HTTP. The
following registry entry is created to run Troj/Waled-U on startup:
HKLM\SOFTWARE\Microsoft\W...

W32/AutoRun-WB

- W32/AutoRun-WB at Sophos

...

W32/Autorun-WC

- W32/Autorun-WC at Sophos

...

W32/Autorun-WD

- W32/Autorun-WD at Sophos

W32/Autorun-WD creates the file autoinf.ini which is detected as W32/Autorun-VA.
W32/Autorun-WS copies itself to <System>\macfee_.exe <Windows>\macfee_.
exe W32/Autorn-WS creates a scheduled task called at1 to run itself.
...

Infostealer.Nadebanker

- Infostealer.Nadebanker at Norton Symantec

Infostealer.Nadebanker is a Trojan horse that gathers information from the compromised computer.
...

Spyware.KeyProwler

- Spyware.KeyProwler at Norton Symantec

BehaviorSpyware.KeyProwler is a spyware program that logs keystrokes typed into the computer.
...

WORM_RAKAB.A

- WORM_RAKAB.A at Trend Micro

This worm may be dropped by other malware.It drops multiple files on the affected system, including a copy of
itself.It drops a copy of itself in all physical and removable drives. It also drops an AUTORUN.INF file to
automatically execute dropped copies when the drives are accessed.
...

WORM_SILLY.KAX

- WORM_SILLY.KAX at Trend Micro

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be
downloaded from certain remote sites. It may be downloaded unknowingly by a user when visiting malicious Web
sites.It creates folders. It drops copies of itself. It injects threads into normal processes.It creates
registry en...

Mal/Alureon-C

- Mal/Alureon-C at Sophos

...

Troj/Dloadr-CFW

- Troj/Dloadr-CFW at Sophos

...

Troj/Agent-ISR

- Troj/Agent-ISR at Sophos

...

Troj/Agent-IST

- Troj/Agent-IST at Sophos

...

Troj/Dload-EX

- Troj/Dload-EX at Sophos

...

Troj/Mdrop-BYP

- Troj/Mdrop-BYP at Sophos

...

Troj/Proxy-IV

- Troj/Proxy-IV at Sophos

...

Troj/PWSteal-G

- Troj/PWSteal-G at Sophos

Troj/PWSteal-G is a password stealing Trojan for the Windows platform. When
Troj/PWSteal-G is installed the following files are created: <Program
Files>\Explorer\keys.txt <Program Files>\Explorer\crs.exe
<Windows>\megangoodslideshow1.exe...

Troj/Zbot-CC

- Troj/Zbot-CC at Sophos

...

0 writebacks [01/30/2009 22:43] [] permanent link



Virus Malware and Threat News for 20090128

W32/Conficker.worm!inf

- W32/Conficker.worm!inf at McAfee

This is a generic detection for a configuration text file (autorun.inf) used by the W32/Conficker.worm. This
file is usually dropped onto the root of all removable drivers and mapped drives in an attempt to autorun an
executable when the drive is accesed.The size for this file varies.Some copies of this file has the System (S)
and Hi...

Mal/EncPk-GV

- Mal/EncPk-GV at Sophos

...

Troj/Bdoor-ASH

- Troj/Bdoor-ASH at Sophos

...

Troj/Dloadr-CFT

- Troj/Dloadr-CFT at Sophos

...

Troj/FakeAV-JS

- Troj/FakeAV-JS at Sophos

...

Troj/MDrop-BYN

- Troj/MDrop-BYN at Sophos

When Troj/MDrop-BYN is installed it creates the file <Current Folder>\dfxspc.dll.
The file dfxspc.dll is detected as Mal/Behav-304.
...

Troj/Mosuck-AX

- Troj/Mosuck-AX at Sophos

...

W32/Mytob-C

- W32/Mytob-C at Sophos

W32/Mytob-C is a mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable
to the LSASS (MS04-011) exploit.When first run the worm copies itself to the Windows system folder as wfdmgr.
exe and creates the following registry entries so as to auto-start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Ru...

Mal/Alureon-B

- Mal/Alureon-B at Sophos

...

Mal/Behav-010

- Mal/Behav-010 at Sophos

Mal/Behav-010 is a file that displays characteristics or behavior found exclusively within malware.
...

Mal/Behav-224

- Mal/Behav-224 at Sophos

...

Trojan:W32/Waledac.gen

- Trojan:W32/Waledac.gen at F-Secure

Trojan:W32/Waledac.gen is generic detection of the Waledac trojan.
...

Trojan:W32/Waledac.A

- Trojan:W32/Waledac.A at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. The program is often started by the user, and it does not usually replicate.
...

Bloodhound.PDF.7

- Bloodhound.PDF.7 at Norton Symantec

Bloodhound.PDF.7 is a heuristic detection for potentially malicious PDF files that may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...

AquaPlay

- AquaPlay at Panda

It passes itself off as a codec to view videos. Once installed, it downloads the worm Autorun.AST to the
affected computer. It can be downloaded from certain dubious websites passing itself as a codec to view videos.
...

Mal/Mdrop-K

- Mal/Mdrop-K at Sophos

...

Troj/Dloadr-CFS

- Troj/Dloadr-CFS at Sophos

...

Troj/FakeAV-JW

- Troj/FakeAV-JW at Sophos

...

Troj/Agent-IRL

- Troj/Agent-IRL at Sophos

Troj/Agent-IRL copies itself to <Temp>\ms<random number>.exe.
Troj/Agent-IRL creates the following registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
InetChk <Temp>\ms<random value>.exe work Troj/Agent-IRL
continuou...

Troj/Bdoor-ASK

- Troj/Bdoor-ASK at Sophos

...

Troj/Punad-E

- Troj/Punad-E at Sophos

...

Troj/Waled-U

- Troj/Waled-U at Sophos

Troj/Waled-U is a Trojan for the Windows platform. Troj/Waled-U includes
functionality to access the internet and communicate with a remote server via HTTP. The
following registry entry is created to run Troj/Waled-U on startup:
HKLM\SOFTWARE\Microsoft\W...

W32/AutoRun-WB

- W32/AutoRun-WB at Sophos

...

W32/Autorun-WC

- W32/Autorun-WC at Sophos

...

W32/Autorun-WD

- W32/Autorun-WD at Sophos

W32/Autorun-WD creates the file autoinf.ini which is detected as W32/Autorun-VA.
W32/Autorun-WS copies itself to <System>\macfee_.exe <Windows>\macfee_.
exe W32/Autorn-WS creates a scheduled task called at1 to run itself.
...

0 writebacks [01/29/2009 22:41] [] permanent link



Virus Malware and Threat News for 20090127

Trojan-Downloader:OSX/Jahlav.A

- Trojan-Downloader:OSX/Jahlav.A at F-Secure

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the
files....

Trojan.Zefarch

- Trojan.Zefarch at Norton Symantec

Trojan.Zefarch is a Trojan horse that installs itself as a browser helper object (BHO) and redirects search
engine traffic....

Packed.Generic.209

- Packed.Generic.209 at Norton Symantec

Packed.Generic.209 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.207

- Packed.Generic.207 at Norton Symantec

Packed.Generic.207 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

OSX.Iservice.B

- OSX.Iservice.B at Norton Symantec

OSX.Iservice.B is a Trojan horse that runs on Mac OS X and opens a back door on the compromised computer.
...

Spyware.MLog360

- Spyware.MLog360 at Norton Symantec

BehaviorSpyware.MLog360 is a spyware program that monitors instant messaging sessions.
...

JS/Shellcode.gen

- JS/Shellcode.gen at McAfee

JS/Shellcode-gen  is a detection for JavaScript-enabled objects that reflects malicious behavior.
Shellcode is a small piece of code used as the payload in the exploitation of a software vulnerabilities. This
detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code.
Malware auth...

BackDoor-CKB.gen.m

- BackDoor-CKB.gen.m at McAfee

BackDoor-CKB.gen.m is a back door server program that allows a remote attacker to perform various actions on a
victims computer. The virus writer can create the file with any name. When it is executed, it creates a copy
of itself in the Windows System directory using the file name it was received on the victims machine. Then it
add t...

Vanebot.A

- Vanebot.A at Panda

It is designed to connect to an IRC server and wait for remote instructions. It spreads through networks
with shared resources configured with weak passwords, SQL servers and instant messaging programs.
...

Troj/BHO-JL

- Troj/BHO-JL at Sophos

...

Troj/FakeVir-JU

- Troj/FakeVir-JU at Sophos

...

Troj/Inject-DY

- Troj/Inject-DY at Sophos

Troj/Inject-DY is a Trojan for the Windows platform. When first run
Troj/Inject-DY copies itself to: <System>\<randomFileName> and edits the
following registry entry to initiate itself at system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\...

Troj/PDFex-AK

- Troj/PDFex-AK at Sophos

...

Troj/Zbot-BY

- Troj/Zbot-BY at Sophos

...

Mal/Alureon-A

- Mal/Alureon-A at Sophos

...

Mal/FakeAV-U

- Mal/FakeAV-U at Sophos

...

OSX/iWorkS-Fam

- OSX/iWorkS-Fam at Sophos

OSX/iWorkS-Fam is a Trojan that is installed in modified versions of legitimate software.
OSX/iWorkS-Fam installs itself into /usr/bin as a legitimate sounding application and will set
itself to startup via /System/Library/StartupItems/<Legit sounding name>
...

Troj/Agent-ISL

- Troj/Agent-ISL at Sophos

...

Troj/PWSA-Fam

- Troj/PWSA-Fam at Sophos

Troj/PWSA-Fam is a family of password stealing Trojans for the Windows platform.
Members of this family typically steal passwords for online games.
...

W32/Conficker.worm!inf

- W32/Conficker.worm!inf at McAfee

This is a generic detection for a configuration text file (autorun.inf) used by the W32/Conficker.worm. This
file is usually dropped onto the root of all removable drivers and mapped drives in an attempt to autorun an
executable when the drive is accesed.The size for this file varies.Some copies of this file has the System (S)
and Hi...

Mal/EncPk-GV

- Mal/EncPk-GV at Sophos

...

Troj/Bdoor-ASH

- Troj/Bdoor-ASH at Sophos

...

Troj/Dloadr-CFT

- Troj/Dloadr-CFT at Sophos

...

Troj/FakeAV-JS

- Troj/FakeAV-JS at Sophos

...

Troj/MDrop-BYN

- Troj/MDrop-BYN at Sophos

When Troj/MDrop-BYN is installed it creates the file <Current Folder>\dfxspc.dll.
The file dfxspc.dll is detected as Mal/Behav-304.
...

Troj/Mosuck-AX

- Troj/Mosuck-AX at Sophos

...

W32/Mytob-C

- W32/Mytob-C at Sophos

W32/Mytob-C is a mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable
to the LSASS (MS04-011) exploit.When first run the worm copies itself to the Windows system folder as wfdmgr.
exe and creates the following registry entries so as to auto-start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Ru...

Mal/Alureon-B

- Mal/Alureon-B at Sophos

...

Mal/Behav-010

- Mal/Behav-010 at Sophos

Mal/Behav-010 is a file that displays characteristics or behavior found exclusively within malware.
...

Mal/Behav-224

- Mal/Behav-224 at Sophos

...

0 writebacks [01/28/2009 22:46] [] permanent link



Virus Malware and Threat News for 20090126

W32/Lujer

- W32/Lujer at McAfee

All Users:Use current engine and DAT files for detection and removal.Modifications made to the system Registry
and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the
recommended engine and DAT combination (or higher).Additional Windows ME/XP removal
considerations...

VBS/Step

- VBS/Step at McAfee

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%SYSTEMDIR% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows
NT/2000When the infected web-page loads, it will execute a VBS script to copy itself into the %SYSTEMDIR%
folder.&n...

Downloader-BMF

- Downloader-BMF at McAfee

This is a generic detection for shortcut files which contain scripts to drop and run ftp batch files to
download files from the remote ftp sites.
...

FakeAlert-av360

- FakeAlert-av360 at McAfee

Upon installation, the host will present a window that appears to be a scan. It may appear similar to the one
below: Several other windows may also appear during and after the scan such as: The following registry keys
are created:HKEY_CLASSES_ROOT\CLSID\{0B014B81-4E12-46F9-806F-55867AF8FD3C}
HKEY_CLASSES_ROOT\CLSID\{0B014B81-4E12-46...

W32/Mokaksu

- W32/Mokaksu at McAfee

Upon execution, the virus enumerate directories in the victim machines. Each directory found, the virusdrops
polymorphic copies of itself with some junk files..exe : (detected as W32/Mokaksu virus).suxxs : 0
byte<RANDOM filenames>: text file (detected as W32/Mokaksu!txt virus).It also drops the following
files:%Windir%\Fonts\...

TROJ_VB.KAK

- TROJ_VB.KAK at Trend Micro

...

OSX_KROWI.A

- OSX_KROWI.A at Trend Micro

This malware arrives as a file bundled with pirated versions of Apple's iWork '09 suite which may be
downloaded from file sharing Web sites.It attempts to install itself as iWorkServices. It then modifies the
attribute of the installation folder by executing the command chmod 755 to set read and execute access for
everyone and also w...

SpySkype.C

- SpySkype.C at Panda

It steals the user's access data (username and password) to Skype. It does not spread automatically by its own
means....

Troj/Agent-ISE

- Troj/Agent-ISE at Sophos

...

Troj/Bdoor-ART

- Troj/Bdoor-ART at Sophos

Troj/Bdoor-ART is a Trojan for the Windows platform. When first run,
Troj/Bdoor-ART copies itself to: <System>\twex.exe and sets the following registry
entry to run itself at startup: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
...

Troj/Dloadr-CFM

- Troj/Dloadr-CFM at Sophos

...

Troj/Dloadr-CFN

- Troj/Dloadr-CFN at Sophos

...

Troj/Dloadr-CFP

- Troj/Dloadr-CFP at Sophos

...

Troj/ZbotPP-Fam

- Troj/ZbotPP-Fam at Sophos

...

Mal/Behav-221

- Mal/Behav-221 at Sophos

...

Troj/Agent-ISD

- Troj/Agent-ISD at Sophos

...

Troj/Agent-ISF

- Troj/Agent-ISF at Sophos

...

Trojan-Downloader:OSX/Jahlav.A

- Trojan-Downloader:OSX/Jahlav.A at F-Secure

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the
files....

Trojan.Zefarch

- Trojan.Zefarch at Norton Symantec

Trojan.Zefarch is a Trojan horse that installs itself as a browser helper object (BHO) and redirects search
engine traffic....

Packed.Generic.209

- Packed.Generic.209 at Norton Symantec

Packed.Generic.209 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.207

- Packed.Generic.207 at Norton Symantec

Packed.Generic.207 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

OSX.Iservice.B

- OSX.Iservice.B at Norton Symantec

OSX.Iservice.B is a Trojan horse that runs on Mac OS X and opens a back door on the compromised computer.
...

Spyware.MLog360

- Spyware.MLog360 at Norton Symantec

BehaviorSpyware.MLog360 is a spyware program that monitors instant messaging sessions.
...

JS/Shellcode.gen

- JS/Shellcode.gen at McAfee

JS/Shellcode-gen  is a detection for JavaScript-enabled objects that reflects malicious behavior.
Shellcode is a small piece of code used as the payload in the exploitation of a software vulnerabilities. This
detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code.
Malware auth...

BackDoor-CKB.gen.m

- BackDoor-CKB.gen.m at McAfee

BackDoor-CKB.gen.m is a back door server program that allows a remote attacker to perform various actions on a
victims computer. The virus writer can create the file with any name. When it is executed, it creates a copy
of itself in the Windows System directory using the file name it was received on the victims machine. Then it
add t...

Vanebot.A

- Vanebot.A at Panda

It is designed to connect to an IRC server and wait for remote instructions. It spreads through networks
with shared resources configured with weak passwords, SQL servers and instant messaging programs.
...

Troj/BHO-JL

- Troj/BHO-JL at Sophos

...

Troj/FakeVir-JU

- Troj/FakeVir-JU at Sophos

...

Troj/Inject-DY

- Troj/Inject-DY at Sophos

Troj/Inject-DY is a Trojan for the Windows platform. When first run
Troj/Inject-DY copies itself to: <System>\<randomFileName> and edits the
following registry entry to initiate itself at system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\...

Troj/PDFex-AK

- Troj/PDFex-AK at Sophos

...

Troj/Zbot-BY

- Troj/Zbot-BY at Sophos

...

Mal/Alureon-A

- Mal/Alureon-A at Sophos

...

Mal/FakeAV-U

- Mal/FakeAV-U at Sophos

...

OSX/iWorkS-Fam

- OSX/iWorkS-Fam at Sophos

OSX/iWorkS-Fam is a Trojan that is installed in modified versions of legitimate software.
OSX/iWorkS-Fam installs itself into /usr/bin as a legitimate sounding application and will set
itself to startup via /System/Library/StartupItems/<Legit sounding name>
...

Troj/Agent-ISL

- Troj/Agent-ISL at Sophos

...

Troj/PWSA-Fam

- Troj/PWSA-Fam at Sophos

Troj/PWSA-Fam is a family of password stealing Trojans for the Windows platform.
Members of this family typically steal passwords for online games.
...

0 writebacks [01/27/2009 22:43] [] permanent link



Virus Malware and Threat News for 20090125

OSX/iWorkS-A

- OSX/iWorkS-A at Sophos

OSX/iWorkS-A is a Trojan that is installed in a modified version of iWork 9.0.
OSX/iWorkS-A installs itself into /usr/bin as /usr/bin/iWorkServices
and will set itself to startup via /System/Library/StartupItems/iWorkServices
...

Troj/Dload-EV

- Troj/Dload-EV at Sophos

Troj/Dload-EV copies itself to the <System> folder as a randomly-named EXE and creates a
zero-byte file with the same name but with the extension "a_a". Troj/Dload-EV creates
the following registry entries: HKCU\Software\Microsoft\Internet Explorer\Main
Disabl...

Troj/Dloadr-CFK

- Troj/Dloadr-CFK at Sophos

...

Troj/FakeAV-JG

- Troj/FakeAV-JG at Sophos

...

Troj/SillyVB-A

- Troj/SillyVB-A at Sophos

...

Mal/Emogen-AC

- Mal/Emogen-AC at Sophos

Mal/Emogen-AC is a malicious program for the Windows platform. Detection
for members of Mal/Emogen-AC is behavior based. It is extremely important that customers report detections of
Mal/Emogen-AC to Sophos and send a sample for analysis.
...

Troj/Agent-INP

- Troj/Agent-INP at Sophos

...

Troj/Agent-IQJ

- Troj/Agent-IQJ at Sophos

...

Troj/Agent-ISA

- Troj/Agent-ISA at Sophos

...

Troj/Dial-C

- Troj/Dial-C at Sophos

...

W32/Lujer

- W32/Lujer at McAfee

All Users:Use current engine and DAT files for detection and removal.Modifications made to the system Registry
and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the
recommended engine and DAT combination (or higher).Additional Windows ME/XP removal
considerations...

VBS/Step

- VBS/Step at McAfee

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%SYSTEMDIR% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows
NT/2000When the infected web-page loads, it will execute a VBS script to copy itself into the %SYSTEMDIR%
folder.&n...

Downloader-BMF

- Downloader-BMF at McAfee

This is a generic detection for shortcut files which contain scripts to drop and run ftp batch files to
download files from the remote ftp sites.
...

FakeAlert-av360

- FakeAlert-av360 at McAfee

Upon installation, the host will present a window that appears to be a scan. It may appear similar to the one
below: Several other windows may also appear during and after the scan such as: The following registry keys
are created:HKEY_CLASSES_ROOT\CLSID\{0B014B81-4E12-46F9-806F-55867AF8FD3C}
HKEY_CLASSES_ROOT\CLSID\{0B014B81-4E12-46...

W32/Mokaksu

- W32/Mokaksu at McAfee

Upon execution, the virus enumerate directories in the victim machines. Each directory found, the virusdrops
polymorphic copies of itself with some junk files..exe : (detected as W32/Mokaksu virus).suxxs : 0
byte<RANDOM filenames>: text file (detected as W32/Mokaksu!txt virus).It also drops the following
files:%Windir%\Fonts\...

TROJ_VB.KAK

- TROJ_VB.KAK at Trend Micro

...

OSX_KROWI.A

- OSX_KROWI.A at Trend Micro

This malware arrives as a file bundled with pirated versions of Apple's iWork '09 suite which may be
downloaded from file sharing Web sites.It attempts to install itself as iWorkServices. It then modifies the
attribute of the installation folder by executing the command chmod 755 to set read and execute access for
everyone and also w...

SpySkype.C

- SpySkype.C at Panda

It steals the user's access data (username and password) to Skype. It does not spread automatically by its own
means....

Troj/Agent-ISE

- Troj/Agent-ISE at Sophos

...

Troj/Bdoor-ART

- Troj/Bdoor-ART at Sophos

Troj/Bdoor-ART is a Trojan for the Windows platform. When first run,
Troj/Bdoor-ART copies itself to: <System>\twex.exe and sets the following registry
entry to run itself at startup: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
...

Troj/Dloadr-CFM

- Troj/Dloadr-CFM at Sophos

...

Troj/Dloadr-CFN

- Troj/Dloadr-CFN at Sophos

...

Troj/Dloadr-CFP

- Troj/Dloadr-CFP at Sophos

...

Troj/ZbotPP-Fam

- Troj/ZbotPP-Fam at Sophos

...

Mal/Behav-221

- Mal/Behav-221 at Sophos

...

Troj/Agent-ISD

- Troj/Agent-ISD at Sophos

...

Troj/Agent-ISF

- Troj/Agent-ISF at Sophos

...

0 writebacks [01/26/2009 22:43] [] permanent link



Virus Malware and Threat News for 20090124

Troj/Agent-IRW

- Troj/Agent-IRW at Sophos

...

Troj/BHO-JK

- Troj/BHO-JK at Sophos

...

W32/Rbot-GVN

- W32/Rbot-GVN at Sophos

W32/Rbot-GVN is a worm for the Windows platform. W32/Rbot-GVN runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run W32/Rbot-GVN copies itself
to <System&...

Troj/Dloadr-CFJ

- Troj/Dloadr-CFJ at Sophos

Troj/Dloadr-CFJ is a Trojan for the Windows platform. Troj/Dloadr-CFJ
includes functionality to access the internet and communicate with a remote server via HTTP.
The following registry entry is created to run Troj/Dloadr-CFJ on startup:
HKCU\Software\Mi...

Troj/SpyAgent-K

- Troj/SpyAgent-K at Sophos

Troj/SpyAgent-K is a Trojan for the Windows platform. Troj/SpyAgent-K
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/SpyAgent-K is installed the following files are created:
<System>\ntos.exe ...

W32/Autorun-VP

- W32/Autorun-VP at Sophos

W32/Autorun-VP copies itself to removable drives together with an autorun.inf file in order to run
itself automatically. W32/Autorun-VP makes two copies of itself in the Windows folder,
one with its original filename, and another with "__" prepended to the filename.
W32/Autoru...

W32/Autorun-VQ

- W32/Autorun-VQ at Sophos

...

Troj/Agent-IRZ

- Troj/Agent-IRZ at Sophos

...

Troj/Dloadr-CFI

- Troj/Dloadr-CFI at Sophos

...

Troj/FakeAV-JE

- Troj/FakeAV-JE at Sophos

...

OSX/iWorkS-A

- OSX/iWorkS-A at Sophos

OSX/iWorkS-A is a Trojan that is installed in a modified version of iWork 9.0.
OSX/iWorkS-A installs itself into /usr/bin as /usr/bin/iWorkServices
and will set itself to startup via /System/Library/StartupItems/iWorkServices
...

Troj/Dload-EV

- Troj/Dload-EV at Sophos

Troj/Dload-EV copies itself to the <System> folder as a randomly-named EXE and creates a
zero-byte file with the same name but with the extension "a_a". Troj/Dload-EV creates
the following registry entries: HKCU\Software\Microsoft\Internet Explorer\Main
Disabl...

Troj/Dloadr-CFK

- Troj/Dloadr-CFK at Sophos

...

Troj/FakeAV-JG

- Troj/FakeAV-JG at Sophos

...

Troj/SillyVB-A

- Troj/SillyVB-A at Sophos

...

Mal/Emogen-AC

- Mal/Emogen-AC at Sophos

Mal/Emogen-AC is a malicious program for the Windows platform. Detection
for members of Mal/Emogen-AC is behavior based. It is extremely important that customers report detections of
Mal/Emogen-AC to Sophos and send a sample for analysis.
...

Troj/Agent-INP

- Troj/Agent-INP at Sophos

...

Troj/Agent-IQJ

- Troj/Agent-IQJ at Sophos

...

Troj/Agent-ISA

- Troj/Agent-ISA at Sophos

...

Troj/Dial-C

- Troj/Dial-C at Sophos

...

0 writebacks [01/25/2009 22:44] [] permanent link



Virus Malware and Threat News for 20090123

Trojan.Initbar

- Trojan.Initbar at Norton Symantec

Trojan.Initbar is a Trojan horse that displays a misleading warning that may give exaggerated reports about
potential risks on the compromised computer and prompts the user to download a misleading application.
...

SpywareProtect2009

- SpywareProtect2009 at Norton Symantec

BehaviorSpywareProtect2009 is a misleading application that may give exaggerated reports of threats on the
computer....

SMSFraud

- SMSFraud at McAfee

Upon execution, the SMSFraud asks the user to send a SMS text message to a specified number. The user will be
charged to receive a code which will then enable them to download some free software which is available at the
official site for free.The installation screen is shown below:
...

Vundo!grb

- Vundo!grb at McAfee

These files by themselves are not executable, and therefore cannot exhibit malicious behavior without other
components of the malware. The presence of these files may indicate that a variation of the Vundo malware has
been executed on the host in which the detection occured.
...

Mal/EncPk-FM

- Mal/EncPk-FM at Sophos

Mal/EncPk-FM is a malicious packed executable.
...

OSX/DnsCha-E

- OSX/DnsCha-E at Sophos

...

Troj/BadJoke-C

- Troj/BadJoke-C at Sophos

...

Troj/DwnLdr-HNP

- Troj/DwnLdr-HNP at Sophos

...

Troj/FakeVir-JR

- Troj/FakeVir-JR at Sophos

...

Troj/FakeVir-JS

- Troj/FakeVir-JS at Sophos

...

Troj/Feedel-A

- Troj/Feedel-A at Sophos

...

Troj/Rootkit-ES

- Troj/Rootkit-ES at Sophos

...

Troj/Slipping-A

- Troj/Slipping-A at Sophos

Troj/Slipping-A is a Trojan for the Windows platforrm. Troj/Slipping-A is a
joke applications that moves a users open windows to the bottom of the screen.
...

Troj/Agent-IRW

- Troj/Agent-IRW at Sophos

...

Troj/BHO-JK

- Troj/BHO-JK at Sophos

...

W32/Rbot-GVN

- W32/Rbot-GVN at Sophos

W32/Rbot-GVN is a worm for the Windows platform. W32/Rbot-GVN runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run W32/Rbot-GVN copies itself
to <System&...

Troj/Dloadr-CFJ

- Troj/Dloadr-CFJ at Sophos

Troj/Dloadr-CFJ is a Trojan for the Windows platform. Troj/Dloadr-CFJ
includes functionality to access the internet and communicate with a remote server via HTTP.
The following registry entry is created to run Troj/Dloadr-CFJ on startup:
HKCU\Software\Mi...

Troj/SpyAgent-K

- Troj/SpyAgent-K at Sophos

Troj/SpyAgent-K is a Trojan for the Windows platform. Troj/SpyAgent-K
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/SpyAgent-K is installed the following files are created:
<System>\ntos.exe ...

W32/Autorun-VP

- W32/Autorun-VP at Sophos

W32/Autorun-VP copies itself to removable drives together with an autorun.inf file in order to run
itself automatically. W32/Autorun-VP makes two copies of itself in the Windows folder,
one with its original filename, and another with "__" prepended to the filename.
W32/Autoru...

W32/Autorun-VQ

- W32/Autorun-VQ at Sophos

...

Troj/Agent-IRZ

- Troj/Agent-IRZ at Sophos

...

Troj/Dloadr-CFI

- Troj/Dloadr-CFI at Sophos

...

Troj/FakeAV-JE

- Troj/FakeAV-JE at Sophos

...

0 writebacks [01/24/2009 22:41] [] permanent link



Virus Malware and Threat News for 20090122

Backdoor:OSX/iWorkServ.A

- Backdoor:OSX/iWorkServ.A at F-Secure

Backdoor:OSX/iWorkServ.A is a trojan backdoor that installs itself on Mac OSX computers.
...

Worm:W32/Downadupjob.gen

- Worm:W32/Downadupjob.gen at F-Secure

Worm:W32/Downadupjob.gen is detection for .JOB files used by the Downadup worm.
...

Trojan:W32/Sacom.A

- Trojan:W32/Sacom.A at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

OSX.Iwork

- OSX.Iwork at Norton Symantec

OSX.Iwork is a Trojan horse that runs on Macintosh OSX and opens a back door on the compromised computer.
...

Packed.Generic.206

- Packed.Generic.206 at Norton Symantec

Packed.Generic.206 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

WORM_SWARLEY.A

- WORM_SWARLEY.A at Trend Micro

...

TROJ_EMOGEN.BC

- TROJ_EMOGEN.BC at Trend Micro

This Trojan is bundled with a WinRAR installer that is downloaded from a malicious Web site. Once the
installer is executed, a copy of this malware is dropped onto the affected system.It makes changes to the
Windows registry, one of which allows it to run at every system startup.It modifies the system's HOSTS file to
prevent users fr...

Troj/Agent-IRR

- Troj/Agent-IRR at Sophos

...

Troj/Agent-IRS

- Troj/Agent-IRS at Sophos

...

Troj/Banker-EPA

- Troj/Banker-EPA at Sophos

...

Troj/Dialer-FX

- Troj/Dialer-FX at Sophos

...

Troj/Spy-BN

- Troj/Spy-BN at Sophos

...

Troj/Spy-BO

- Troj/Spy-BO at Sophos

...

W32/Autorun-VK

- W32/Autorun-VK at Sophos

W32/Autorun-VK creates the file autorun.inf which is detected as W32/Autorun-OX.
...

Troj/Agent-IRO

- Troj/Agent-IRO at Sophos

...

Troj/Agent-IRQ

- Troj/Agent-IRQ at Sophos

...

W32/Autorun-VJ

- W32/Autorun-VJ at Sophos

W32/Autorun-VJ is a worm for the Windows platform. W32/Autorun-VJ spreads
by copying itself to removable media and adding an autorun.inf file to run itself when the infected media is
mounted....

Trojan.Initbar

- Trojan.Initbar at Norton Symantec

Trojan.Initbar is a Trojan horse that displays a misleading warning that may give exaggerated reports about
potential risks on the compromised computer and prompts the user to download a misleading application.
...

SpywareProtect2009

- SpywareProtect2009 at Norton Symantec

BehaviorSpywareProtect2009 is a misleading application that may give exaggerated reports of threats on the
computer....

SMSFraud

- SMSFraud at McAfee

Upon execution, the SMSFraud asks the user to send a SMS text message to a specified number. The user will be
charged to receive a code which will then enable them to download some free software which is available at the
official site for free.The installation screen is shown below:
...

Vundo!grb

- Vundo!grb at McAfee

These files by themselves are not executable, and therefore cannot exhibit malicious behavior without other
components of the malware. The presence of these files may indicate that a variation of the Vundo malware has
been executed on the host in which the detection occured.
...

Mal/EncPk-FM

- Mal/EncPk-FM at Sophos

Mal/EncPk-FM is a malicious packed executable.
...

OSX/DnsCha-E

- OSX/DnsCha-E at Sophos

...

Troj/BadJoke-C

- Troj/BadJoke-C at Sophos

...

Troj/DwnLdr-HNP

- Troj/DwnLdr-HNP at Sophos

...

Troj/FakeVir-JR

- Troj/FakeVir-JR at Sophos

...

Troj/FakeVir-JS

- Troj/FakeVir-JS at Sophos

...

Troj/Feedel-A

- Troj/Feedel-A at Sophos

...

Troj/Rootkit-ES

- Troj/Rootkit-ES at Sophos

...

Troj/Slipping-A

- Troj/Slipping-A at Sophos

Troj/Slipping-A is a Trojan for the Windows platforrm. Troj/Slipping-A is a
joke applications that moves a users open windows to the bottom of the screen.
...

0 writebacks [01/23/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090121

Trojan.Donbot

- Trojan.Donbot at Norton Symantec

Trojan.Donbot is a Trojan horse that sends spam emails and may also download files on to the compromised
computer....

Troj/AgenTZ-Gen

- Troj/AgenTZ-Gen at Sophos

Troj/AgenTZ-Gen is a downloader Trojan for the Windows platform.
...

Troj/BHO-JI

- Troj/BHO-JI at Sophos

...

Troj/Dwnldr-HNE

- Troj/Dwnldr-HNE at Sophos

...

Troj/DwnLdr-HNK

- Troj/DwnLdr-HNK at Sophos

...

Troj/Mdrop-BYE

- Troj/Mdrop-BYE at Sophos

Troj/Mdrop-BYE is a Trojan for the Windows platform. Troj/Mdrop-BYE
includes functionality to download, install and run new software. When Troj/Mdrop-BYE
is installed the following files are created: <Temp>\ixp000.tmp\burimi.
exe(Detected as Troj/IR...

Troj/Mdrop-BYF

- Troj/Mdrop-BYF at Sophos

...

Troj/Mdrop-BYG

- Troj/Mdrop-BYG at Sophos

...

Troj/Mdrop-BYH

- Troj/Mdrop-BYH at Sophos

...

Mal/EncPk-GO

- Mal/EncPk-GO at Sophos

Mal/EncPk-GO is a malicious packed executable file.
...

Troj/Agent-IRI

- Troj/Agent-IRI at Sophos

...

Backdoor:OSX/iWorkServ.A

- Backdoor:OSX/iWorkServ.A at F-Secure

Backdoor:OSX/iWorkServ.A is a trojan backdoor that installs itself on Mac OSX computers.
...

Worm:W32/Downadupjob.gen

- Worm:W32/Downadupjob.gen at F-Secure

Worm:W32/Downadupjob.gen is detection for .JOB files used by the Downadup worm.
...

Trojan:W32/Sacom.A

- Trojan:W32/Sacom.A at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

OSX.Iwork

- OSX.Iwork at Norton Symantec

OSX.Iwork is a Trojan horse that runs on Macintosh OSX and opens a back door on the compromised computer.
...

Packed.Generic.206

- Packed.Generic.206 at Norton Symantec

Packed.Generic.206 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

WORM_SWARLEY.A

- WORM_SWARLEY.A at Trend Micro

...

TROJ_EMOGEN.BC

- TROJ_EMOGEN.BC at Trend Micro

This Trojan is bundled with a WinRAR installer that is downloaded from a malicious Web site. Once the
installer is executed, a copy of this malware is dropped onto the affected system.It makes changes to the
Windows registry, one of which allows it to run at every system startup.It modifies the system's HOSTS file to
prevent users fr...

Troj/Agent-IRR

- Troj/Agent-IRR at Sophos

...

Troj/Agent-IRS

- Troj/Agent-IRS at Sophos

...

Troj/Banker-EPA

- Troj/Banker-EPA at Sophos

...

Troj/Dialer-FX

- Troj/Dialer-FX at Sophos

...

Troj/Spy-BN

- Troj/Spy-BN at Sophos

...

Troj/Spy-BO

- Troj/Spy-BO at Sophos

...

W32/Autorun-VK

- W32/Autorun-VK at Sophos

W32/Autorun-VK creates the file autorun.inf which is detected as W32/Autorun-OX.
...

Troj/Agent-IRO

- Troj/Agent-IRO at Sophos

...

Troj/Agent-IRQ

- Troj/Agent-IRQ at Sophos

...

W32/Autorun-VJ

- W32/Autorun-VJ at Sophos

W32/Autorun-VJ is a worm for the Windows platform. W32/Autorun-VJ spreads
by copying itself to removable media and adding an autorun.inf file to run itself when the infected media is
mounted....

0 writebacks [01/22/2009 22:43] [] permanent link



Virus Malware and Threat News for 20090120

Worm:W32/Downaduprun.A

- Worm:W32/Downaduprun.A at F-Secure

Worm:W32/Downaduprun.A detects the malicious autorun.inf file used by the Downadup network worm.
...

W32/Waledac.gen.b

- W32/Waledac.gen.b at McAfee

This malware has been observed as part of spam email messages enticing recipients to visit websites appearing
to be related to Barack Obama. The sites observed include those in the *.bamaonline.com, *.bamaguide.com, and
*.bamadirect.com domains.Upon execution, the following characteristics have been observed.The following
registry ke...

WORM_WALEDAC.AI

- WORM_WALEDAC.AI at Trend Micro

...

IRCBot.CIG

- IRCBot.CIG at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download a copy of itself to the affected computer. Additionally, it reduces the computer security by
modifying the configuration of the Windows Security Center and disables the Task Manager.
...

Troj/Agent-IRD

- Troj/Agent-IRD at Sophos

...

Troj/Agent-IRE

- Troj/Agent-IRE at Sophos

...

Troj/FakeAle-LE

- Troj/FakeAle-LE at Sophos

...

Troj/FakeVir-JQ

- Troj/FakeVir-JQ at Sophos

...

Troj/Inject-DT

- Troj/Inject-DT at Sophos

...

Troj/PWS-AYG

- Troj/PWS-AYG at Sophos

...

Troj/TDSS-B

- Troj/TDSS-B at Sophos

...

Troj/Agent-IPG

- Troj/Agent-IPG at Sophos

...

Troj/Agent-IRB

- Troj/Agent-IRB at Sophos

Troj/Agent-IRB copies itself to <Application Data>\intranetexplorer.exe.
The Trojan creates the following registry entries in order to run itself on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft Intranet Patcher
<Applicati...

Troj/Agent-IRC

- Troj/Agent-IRC at Sophos

...

Trojan.Donbot

- Trojan.Donbot at Norton Symantec

Trojan.Donbot is a Trojan horse that sends spam emails and may also download files on to the compromised
computer....

Troj/AgenTZ-Gen

- Troj/AgenTZ-Gen at Sophos

Troj/AgenTZ-Gen is a downloader Trojan for the Windows platform.
...

Troj/BHO-JI

- Troj/BHO-JI at Sophos

...

Troj/Dwnldr-HNE

- Troj/Dwnldr-HNE at Sophos

...

Troj/DwnLdr-HNK

- Troj/DwnLdr-HNK at Sophos

...

Troj/Mdrop-BYE

- Troj/Mdrop-BYE at Sophos

Troj/Mdrop-BYE is a Trojan for the Windows platform. Troj/Mdrop-BYE
includes functionality to download, install and run new software. When Troj/Mdrop-BYE
is installed the following files are created: <Temp>\ixp000.tmp\burimi.
exe(Detected as Troj/IR...

Troj/Mdrop-BYF

- Troj/Mdrop-BYF at Sophos

...

Troj/Mdrop-BYG

- Troj/Mdrop-BYG at Sophos

...

Troj/Mdrop-BYH

- Troj/Mdrop-BYH at Sophos

...

Mal/EncPk-GO

- Mal/EncPk-GO at Sophos

Mal/EncPk-GO is a malicious packed executable file.
...

Troj/Agent-IRI

- Troj/Agent-IRI at Sophos

...

0 writebacks [01/21/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090119

JS_DLOADR.RE

- JS_DLOADR.RE at Trend Micro

...

JS_DLOADR.RD

- JS_DLOADR.RD at Trend Micro

This JavaScript (JS) malware may be downloaded from remote sites by HTML_XPLOIT.U. It may be downloaded from
certain remote sites. It may also be hosted on a Web site and run when a user accesses the said Web site. It
exploits the Sina DLoader Class ActiveX Control 'DonwloadAndInstall' Method Arbitrary File Download
vulnerability to ...

JS_DLOADR.RB

- JS_DLOADR.RB at Trend Micro

...

HTML_XPLOIT.U

- HTML_XPLOIT.U at Trend Micro

This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain
IFRAME tag. This malicious HTML file may be downloaded from certain remote Web sites.It may be hosted on a Web
site and run when a user accesses the said Web site.Once an unsuspecting user views an infected Web page, it
attempts t...

WORM_WALEDAC.AS

- WORM_WALEDAC.AS at Trend Micro

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be
downloaded from certain remote sites. It may be downloaded a fake news Web site.It creates registry entries to
enable its automatic execution at every system startup. It creates registry key(s)/entry(ies).It opens a
random port...

Autorun.ARK

- Autorun.ARK at Panda

It is designed to download several malware samples to the affected computer. It spreads through removable
drives and via IRC channels.
...

Iksmas.A

- Iksmas.A at Panda

Its main objective is to spread via email in a message that contains a piece of news about Barack
Obama's supposed rejection to be the president of the United States.
...

Troj/Agent-IQY

- Troj/Agent-IQY at Sophos

...

Troj/Bckdr-QRH

- Troj/Bckdr-QRH at Sophos

...

Troj/FakeVir-JP

- Troj/FakeVir-JP at Sophos

...

Troj/Rootkit-EO

- Troj/Rootkit-EO at Sophos

Troj/Rootkit-EO is a rootkit for the Windows platform. Troj/Rootkit-EO
creates and hides a service named "mstcp32" with registry entries under:
  HKLM\SYSTEM\CurrentControlSet\Services\mstcp32 Troj/Rootkit-EO also marks
itself as a legacy driver to be lo...

Troj/VBDrpB-Gen

- Troj/VBDrpB-Gen at Sophos

...

Mal/ConfInf-A

- Mal/ConfInf-A at Sophos

Mal/ConfInf-A detects Autorun.inf files created by Mal/Conficker-A.
...

Mal/FakeErrJs-A

- Mal/FakeErrJs-A at Sophos

Mal/FakeErrJs-A is a malicious script that pretends to be an internal server error, while in fact
redirecting to another malicious page. The script is often found in the chain of pages
eventually linking to Waled malware.
...

Mal/Swizzor-D

- Mal/Swizzor-D at Sophos

Mal/Swizzor-D is a family of Trojans which have functionality to download and execute files from
the internet.
...

Troj/Agent-IPZ

- Troj/Agent-IPZ at Sophos

...

Worm:W32/Downaduprun.A

- Worm:W32/Downaduprun.A at F-Secure

Worm:W32/Downaduprun.A detects the malicious autorun.inf file used by the Downadup network worm.
...

W32/Waledac.gen.b

- W32/Waledac.gen.b at McAfee

This malware has been observed as part of spam email messages enticing recipients to visit websites appearing
to be related to Barack Obama. The sites observed include those in the *.bamaonline.com, *.bamaguide.com, and
*.bamadirect.com domains.Upon execution, the following characteristics have been observed.The following
registry ke...

WORM_WALEDAC.AI

- WORM_WALEDAC.AI at Trend Micro

...

IRCBot.CIG

- IRCBot.CIG at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download a copy of itself to the affected computer. Additionally, it reduces the computer security by
modifying the configuration of the Windows Security Center and disables the Task Manager.
...

Troj/Agent-IRD

- Troj/Agent-IRD at Sophos

...

Troj/Agent-IRE

- Troj/Agent-IRE at Sophos

...

Troj/FakeAle-LE

- Troj/FakeAle-LE at Sophos

...

Troj/FakeVir-JQ

- Troj/FakeVir-JQ at Sophos

...

Troj/Inject-DT

- Troj/Inject-DT at Sophos

...

Troj/PWS-AYG

- Troj/PWS-AYG at Sophos

...

Troj/TDSS-B

- Troj/TDSS-B at Sophos

...

Troj/Agent-IPG

- Troj/Agent-IPG at Sophos

...

Troj/Agent-IRB

- Troj/Agent-IRB at Sophos

Troj/Agent-IRB copies itself to <Application Data>\intranetexplorer.exe.
The Trojan creates the following registry entries in order to run itself on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft Intranet Patcher
<Applicati...

Troj/Agent-IRC

- Troj/Agent-IRC at Sophos

...

0 writebacks [01/20/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090118

TROJ_FAKEAV.GDS

- TROJ_FAKEAV.GDS at Trend Micro

...

TROJ_PAKES.AKI

- TROJ_PAKES.AKI at Trend Micro

...

TROJ_ZBOT.AAS

- TROJ_ZBOT.AAS at Trend Micro

...

TROJ_DLOADER.VKH

- TROJ_DLOADER.VKH at Trend Micro

...

WORM_WALEDAC.KAX

- WORM_WALEDAC.KAX at Trend Micro

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be
downloaded unknowingly by a user when visiting certain malicious Web sites.It may be hosted on a Web site and
run when a user accesses the said Web site.It creates registry entries to enable its automatic execution at
every sys...

BKDR_WALEDAC.AS

- BKDR_WALEDAC.AS at Trend Micro

...

Troj/FakeVir-JO

- Troj/FakeVir-JO at Sophos

...

Troj/Agent-IQR

- Troj/Agent-IQR at Sophos

...

Troj/Keygen-CG

- Troj/Keygen-CG at Sophos

Troj/Keygen-CG is a key generator for Adobe Photoshop.
...

Troj/Pushdo-AC

- Troj/Pushdo-AC at Sophos

...

W32/SdBot-DNU

- W32/SdBot-DNU at Sophos

W32/SdBot-DNU is a Trojan for the Windows platform. W32/SdBot-DNU runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run W32/SdBot-DNU copies itself
to <Te...

Troj/Dloadr-CFA

- Troj/Dloadr-CFA at Sophos

...

Troj/Poison-AL

- Troj/Poison-AL at Sophos

...

Troj/Agent-IQQ

- Troj/Agent-IQQ at Sophos

...

JS_DLOADR.RE

- JS_DLOADR.RE at Trend Micro

...

JS_DLOADR.RD

- JS_DLOADR.RD at Trend Micro

This JavaScript (JS) malware may be downloaded from remote sites by HTML_XPLOIT.U. It may be downloaded from
certain remote sites. It may also be hosted on a Web site and run when a user accesses the said Web site. It
exploits the Sina DLoader Class ActiveX Control 'DonwloadAndInstall' Method Arbitrary File Download
vulnerability to ...

JS_DLOADR.RB

- JS_DLOADR.RB at Trend Micro

...

HTML_XPLOIT.U

- HTML_XPLOIT.U at Trend Micro

This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain
IFRAME tag. This malicious HTML file may be downloaded from certain remote Web sites.It may be hosted on a Web
site and run when a user accesses the said Web site.Once an unsuspecting user views an infected Web page, it
attempts t...

WORM_WALEDAC.AS

- WORM_WALEDAC.AS at Trend Micro

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be
downloaded from certain remote sites. It may be downloaded a fake news Web site.It creates registry entries to
enable its automatic execution at every system startup. It creates registry key(s)/entry(ies).It opens a
random port...

Autorun.ARK

- Autorun.ARK at Panda

It is designed to download several malware samples to the affected computer. It spreads through removable
drives and via IRC channels.
...

Iksmas.A

- Iksmas.A at Panda

Its main objective is to spread via email in a message that contains a piece of news about Barack
Obama's supposed rejection to be the president of the United States.
...

Troj/Agent-IQY

- Troj/Agent-IQY at Sophos

...

Troj/Bckdr-QRH

- Troj/Bckdr-QRH at Sophos

...

Troj/FakeVir-JP

- Troj/FakeVir-JP at Sophos

...

Troj/Rootkit-EO

- Troj/Rootkit-EO at Sophos

Troj/Rootkit-EO is a rootkit for the Windows platform. Troj/Rootkit-EO
creates and hides a service named "mstcp32" with registry entries under:
  HKLM\SYSTEM\CurrentControlSet\Services\mstcp32 Troj/Rootkit-EO also marks
itself as a legacy driver to be lo...

Troj/VBDrpB-Gen

- Troj/VBDrpB-Gen at Sophos

...

Mal/ConfInf-A

- Mal/ConfInf-A at Sophos

Mal/ConfInf-A detects Autorun.inf files created by Mal/Conficker-A.
...

Mal/FakeErrJs-A

- Mal/FakeErrJs-A at Sophos

Mal/FakeErrJs-A is a malicious script that pretends to be an internal server error, while in fact
redirecting to another malicious page. The script is often found in the chain of pages
eventually linking to Waled malware.
...

Mal/Swizzor-D

- Mal/Swizzor-D at Sophos

Mal/Swizzor-D is a family of Trojans which have functionality to download and execute files from
the internet.
...

Troj/Agent-IPZ

- Troj/Agent-IPZ at Sophos

...

0 writebacks [01/19/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090117

Troj/Bckdr-QRF

- Troj/Bckdr-QRF at Sophos

...

Troj/Zlob-ARP

- Troj/Zlob-ARP at Sophos

...

Troj/Agent-IOR

- Troj/Agent-IOR at Sophos

...

Troj/Agent-IQN

- Troj/Agent-IQN at Sophos

...

Troj/Agent-IQO

- Troj/Agent-IQO at Sophos

...

Troj/Agent-IQP

- Troj/Agent-IQP at Sophos

...

Troj/JSDownL-M

- Troj/JSDownL-M at Sophos

...

Troj/Refpron-D

- Troj/Refpron-D at Sophos

...

W32/Tiotua-AF

- W32/Tiotua-AF at Sophos

...

Mal/WaledJs-A

- Mal/WaledJs-A at Sophos

Mal/WaledJs-A is a malicious script that attempts to redirect to a malicious executable file,
usually a member of the Waled family of malware. The script is often found in a page
pretending to be a news event, often a fictitious one.
...

TROJ_FAKEAV.GDS

- TROJ_FAKEAV.GDS at Trend Micro

...

TROJ_PAKES.AKI

- TROJ_PAKES.AKI at Trend Micro

...

TROJ_ZBOT.AAS

- TROJ_ZBOT.AAS at Trend Micro

...

TROJ_DLOADER.VKH

- TROJ_DLOADER.VKH at Trend Micro

...

WORM_WALEDAC.KAX

- WORM_WALEDAC.KAX at Trend Micro

This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be
downloaded unknowingly by a user when visiting certain malicious Web sites.It may be hosted on a Web site and
run when a user accesses the said Web site.It creates registry entries to enable its automatic execution at
every sys...

BKDR_WALEDAC.AS

- BKDR_WALEDAC.AS at Trend Micro

...

Troj/FakeVir-JO

- Troj/FakeVir-JO at Sophos

...

Troj/Agent-IQR

- Troj/Agent-IQR at Sophos

...

Troj/Keygen-CG

- Troj/Keygen-CG at Sophos

Troj/Keygen-CG is a key generator for Adobe Photoshop.
...

Troj/Pushdo-AC

- Troj/Pushdo-AC at Sophos

...

W32/SdBot-DNU

- W32/SdBot-DNU at Sophos

W32/SdBot-DNU is a Trojan for the Windows platform. W32/SdBot-DNU runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run W32/SdBot-DNU copies itself
to <Te...

Troj/Dloadr-CFA

- Troj/Dloadr-CFA at Sophos

...

Troj/Poison-AL

- Troj/Poison-AL at Sophos

...

Troj/Agent-IQQ

- Troj/Agent-IQQ at Sophos

...

0 writebacks [01/18/2009 22:44] [] permanent link



Virus Malware and Threat News for 20090116

Trojan:JS/Agent.JP

- Trojan:JS/Agent.JP at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

TROJ_KILLAV.KAX

- TROJ_KILLAV.KAX at Trend Micro

This Trojan may be downloaded from remote sites by other malware. It may be downloaded unknowingly by a user
when visiting malicious Web sites.Upon execution, it drops copies of itself. It creates registry entries to
enable its automatic execution at every system startup.It modifies registry entries to hide files with both
System and...

TROJ_BANKER.GDK

- TROJ_BANKER.GDK at Trend Micro

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by
users when visiting malicious sites.It drops several files on the affected system, including a copy of itself.
It also modifies the Windows registry so that it will run at every system startup.It monitors the Internet
Explorer ac...

Mal/Behav-172

- Mal/Behav-172 at Sophos

...

Mal/FakeAV-S

- Mal/FakeAV-S at Sophos

...

Mal/Mdrop-F

- Mal/Mdrop-F at Sophos

...

Mal/TinyDL-Y

- Mal/TinyDL-Y at Sophos

Mal/TinyDL-Y is a malicious program for the Windows platform. Mal/TinyDL-Y
will often attempt to download and run code from the internet.
...

Troj/Agent-IQK

- Troj/Agent-IQK at Sophos

...

Troj/Agent-IQL

- Troj/Agent-IQL at Sophos

...

Troj/Agent-IQM

- Troj/Agent-IQM at Sophos

...

Troj/Dloadr-CEY

- Troj/Dloadr-CEY at Sophos

Troj/Dloadr-CEY is a Trojan for the Windows platform. Troj/Dloadr-CEY
downloads additional malware detected as Troj/Rootkit-DK.
...

Troj/Dloadr-CEZ

- Troj/Dloadr-CEZ at Sophos

...

Troj/Drop-AT

- Troj/Drop-AT at Sophos

...

Troj/Bckdr-QRF

- Troj/Bckdr-QRF at Sophos

...

Troj/Zlob-ARP

- Troj/Zlob-ARP at Sophos

...

Troj/Agent-IOR

- Troj/Agent-IOR at Sophos

...

Troj/Agent-IQN

- Troj/Agent-IQN at Sophos

...

Troj/Agent-IQO

- Troj/Agent-IQO at Sophos

...

Troj/Agent-IQP

- Troj/Agent-IQP at Sophos

...

Troj/JSDownL-M

- Troj/JSDownL-M at Sophos

...

Troj/Refpron-D

- Troj/Refpron-D at Sophos

...

W32/Tiotua-AF

- W32/Tiotua-AF at Sophos

...

Mal/WaledJs-A

- Mal/WaledJs-A at Sophos

Mal/WaledJs-A is a malicious script that attempts to redirect to a malicious executable file,
usually a member of the Waled family of malware. The script is often found in a page
pretending to be a news event, often a fictitious one.
...

0 writebacks [01/17/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090115

Trojan:W32/Vundo.HD

- Trojan:W32/Vundo.HD at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

Packed.Generic.205

- Packed.Generic.205 at Norton Symantec

Packed.Generic.205 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Supernova.D

- Supernova.D at Panda

Its main objective is to spread through peer-to-peer (P2P) file sharing programs and via MSN Messenger.
 It reaches the computer in a file which has the icon of Hello Kitty.
...

Troj/Bckdr-QRE

- Troj/Bckdr-QRE at Sophos

...

Troj/BHO-JF

- Troj/BHO-JF at Sophos

...

Troj/Dloadr-CEX

- Troj/Dloadr-CEX at Sophos

...

Troj/Inject-DS

- Troj/Inject-DS at Sophos

...

W32/Poebot-NC

- W32/Poebot-NC at Sophos

W32/Poebot-NC spreads  - to computers vulnerable to common exploits, including:
LSASS (MS04-011), SRVSVC (MS06-040), RPC-DCOM (MS04-012) and PNP (MS05-039)  - to network
shares W32/Poebot-NC copies itself to <System>\winamp.exe and creates the
registry entry: ...

Mal/Agent-N

- Mal/Agent-N at Sophos

...

Mal/PWS-T

- Mal/PWS-T at Sophos

Mal/PWS-T is a family of password-stealing trojans for the Windows platform.
...

Mal/SadeNav-A

- Mal/SadeNav-A at Sophos

...

Troj/Polaco-A

- Troj/Polaco-A at Sophos

...

Troj/Punad-C

- Troj/Punad-C at Sophos

Troj/Punad-C is a Trojan for the Windows platform. When first run
Troj/Punad-C copies itself to <System>\prunnet.exe. Registry entries are created
under: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet
HKLM\SOFTWARE\Microsoft\...

Trojan:JS/Agent.JP

- Trojan:JS/Agent.JP at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

TROJ_KILLAV.KAX

- TROJ_KILLAV.KAX at Trend Micro

This Trojan may be downloaded from remote sites by other malware. It may be downloaded unknowingly by a user
when visiting malicious Web sites.Upon execution, it drops copies of itself. It creates registry entries to
enable its automatic execution at every system startup.It modifies registry entries to hide files with both
System and...

TROJ_BANKER.GDK

- TROJ_BANKER.GDK at Trend Micro

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by
users when visiting malicious sites.It drops several files on the affected system, including a copy of itself.
It also modifies the Windows registry so that it will run at every system startup.It monitors the Internet
Explorer ac...

Mal/Behav-172

- Mal/Behav-172 at Sophos

...

Mal/FakeAV-S

- Mal/FakeAV-S at Sophos

...

Mal/Mdrop-F

- Mal/Mdrop-F at Sophos

...

Mal/TinyDL-Y

- Mal/TinyDL-Y at Sophos

Mal/TinyDL-Y is a malicious program for the Windows platform. Mal/TinyDL-Y
will often attempt to download and run code from the internet.
...

Troj/Agent-IQK

- Troj/Agent-IQK at Sophos

...

Troj/Agent-IQL

- Troj/Agent-IQL at Sophos

...

Troj/Agent-IQM

- Troj/Agent-IQM at Sophos

...

Troj/Dloadr-CEY

- Troj/Dloadr-CEY at Sophos

Troj/Dloadr-CEY is a Trojan for the Windows platform. Troj/Dloadr-CEY
downloads additional malware detected as Troj/Rootkit-DK.
...

Troj/Dloadr-CEZ

- Troj/Dloadr-CEZ at Sophos

...

Troj/Drop-AT

- Troj/Drop-AT at Sophos

...

0 writebacks [01/16/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090114

Worm:W32/Agent.IPZ

- Worm:W32/Agent.IPZ at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

VBS/Autorun.worm.zo

- VBS/Autorun.worm.zo at McAfee

When executed, this worm drops the following files:%UserProfile%\Local Settings\Temp\[Random].tmp
(VBS/autorun.worm.zo virus) %UserProfile%\Local Settings\Temp\auto.exe (Generic!atr trojan)
%UserProfile%\Local Settings\Temp\Yuyun.Q (innocent file)It then copies itself to the following locations:
%UserProfile%\My Documents\databas...

VBS/Autorun.worm.zo!lnk

- VBS/Autorun.worm.zo!lnk at McAfee

These .LNK or link files are dropped into root directories and subdirectories of all drives and network shared
folders in order to re-infect or re-trigger the trojan into activation. They may have the following names:
Microsoft.lnkNew Harry Potter and....lnkNew Folder.lnkSuratQ.lnkRahasia.lnkGame.lnkZvnita.lnkDownload.lnkDataQ.
lnk[Sub...

FakeAlert-WinwebSecurity

- FakeAlert-WinwebSecurity at McAfee

FakeAlert-WinwebSecurity is a trojan that spoofs as security update software but attempts to download and
install additional malicious components.It attempts to connect to one or more of the following domain(s) to
download its component:securedownload[removed].comthesecure[removed].comsafesoftware[removed].
comsystemsecurity[removed]....

TROJ_DROPPER.FK

- TROJ_DROPPER.FK at Trend Micro

This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware.Upon
execution, this Trojan displays the following image:The keymaker is run while the malicious component is
dropped in the background. It drops a component that is detected by Trend Micro as TROJ_AGENT.AQR. As a result,
routines of ...

MS09-001

- MS09-001 at Panda

It is a group of critical vulnerabilities in the Server Message Block (SMB) on Windows
2008/Vista/2003/XP/2000, which allows hackers to gain remote control of the affected computer with the same
privileges as the logged on user and denial of service attacks to be launched.
...

Troj/Dloadr-CEV

- Troj/Dloadr-CEV at Sophos

...

Troj/FakeAle-LC

- Troj/FakeAle-LC at Sophos

...

W32/AutoIt-AW

- W32/AutoIt-AW at Sophos

...

W32/AutoRun-UA

- W32/AutoRun-UA at Sophos

W32/AutoRun-UA is a worm for the Windows platform. When run W32/AutoRun-UA
attempts to spread via removable shared drives. W32/AutoRun-UA also sets registry
entries under: HKCU\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\<original wor...

W32/Autorun-UI

- W32/Autorun-UI at Sophos

...

W32/Autorun-UJ

- W32/Autorun-UJ at Sophos

W32/Autorun-UJ is a worm for the Windows platform. When first run
W32/Autorun-UJ creates a new hidden folder C:\SYSTEM and copies itself to the following location: C:
\SYSTEM\<HKEY_USERS\SID>\sys.exe. W32/Autorun-UJ may copy itself to removable
drives as the fi...

Mal/DLoad-C

- Mal/DLoad-C at Sophos

...

Mal/MPServ-A

- Mal/MPServ-A at Sophos

...

Trojan:W32/Vundo.HD

- Trojan:W32/Vundo.HD at F-Secure

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious,
functions. It is usually user-initiated and does not replicate.
...

Packed.Generic.205

- Packed.Generic.205 at Norton Symantec

Packed.Generic.205 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Supernova.D

- Supernova.D at Panda

Its main objective is to spread through peer-to-peer (P2P) file sharing programs and via MSN Messenger.
 It reaches the computer in a file which has the icon of Hello Kitty.
...

Troj/Bckdr-QRE

- Troj/Bckdr-QRE at Sophos

...

Troj/BHO-JF

- Troj/BHO-JF at Sophos

...

Troj/Dloadr-CEX

- Troj/Dloadr-CEX at Sophos

...

Troj/Inject-DS

- Troj/Inject-DS at Sophos

...

W32/Poebot-NC

- W32/Poebot-NC at Sophos

W32/Poebot-NC spreads  - to computers vulnerable to common exploits, including:
LSASS (MS04-011), SRVSVC (MS06-040), RPC-DCOM (MS04-012) and PNP (MS05-039)  - to network
shares W32/Poebot-NC copies itself to <System>\winamp.exe and creates the
registry entry: ...

Mal/Agent-N

- Mal/Agent-N at Sophos

...

Mal/PWS-T

- Mal/PWS-T at Sophos

Mal/PWS-T is a family of password-stealing trojans for the Windows platform.
...

Mal/SadeNav-A

- Mal/SadeNav-A at Sophos

...

Troj/Polaco-A

- Troj/Polaco-A at Sophos

...

Troj/Punad-C

- Troj/Punad-C at Sophos

Troj/Punad-C is a Trojan for the Windows platform. When first run
Troj/Punad-C copies itself to <System>\prunnet.exe. Registry entries are created
under: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet
HKLM\SOFTWARE\Microsoft\...

0 writebacks [01/15/2009 22:51] [] permanent link



Virus Malware and Threat News for 20090113

VBS_PSYME.BXC

- VBS_PSYME.BXC at Trend Micro

...

TROJ_DLOADER.TVT

- TROJ_DLOADER.TVT at Trend Micro

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by
users when visiting malicious sites.It drops several files on the affected system, including a copy of itself.
It also modifies the Windows registry so that it will run at every system startup.It monitors the Internet
Explorer ac...

TROJ_PIDIEF.IE

- TROJ_PIDIEF.IE at Trend Micro

...

TotalProtect2009

- TotalProtect2009 at Panda

Alerta al usuario sobre amenazas inexistentes en su ordenador. Para poder eliminarlas, le intenta
convencer para que adquiera cierto programa. Puede ser descargado desde la página web perteneciente
a la empresa que lo ha desarrollado.
...

Troj/FakeAV-IM

- Troj/FakeAV-IM at Sophos

...

Troj/Mdrop-BXU

- Troj/Mdrop-BXU at Sophos

...

Troj/PWS-AXV

- Troj/PWS-AXV at Sophos

...

W32/AutoRun-TY

- W32/AutoRun-TY at Sophos

W32/AutoRun-TY is a autorun worm for the Windows platform. W32/AutoRun-TY
includes functionality to access the internet and communicate with a remote server via HTTP.
When installed W32/AutoRun-TY copies itself to <System>\csrcs.exe
W32/AutoRun-TY ...

W32/Yahlov-E

- W32/Yahlov-E at Sophos

...

Troj/Agent-IPL

- Troj/Agent-IPL at Sophos

Troj/Agent-IPL is a Trojan for the Windows platform. Troj/Agent-IPL
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Agent-IPL is installed it creates the file <Temp>\a..bat.
...

Troj/Agent-IPM

- Troj/Agent-IPM at Sophos

Troj/Agent-IPM is a Trojan for the Windows platform. When Troj/Agent-IPM is
installed the following files are created: <Temp>\WER1.tmp.dir00\appcompat.txt
<Temp>\wer1.
tmp...

Troj/Agent-IPN

- Troj/Agent-IPN at Sophos

Troj/Agent-IPN is a Trojan for the Windows platform. Troj/Agent-IPN
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-IPN copies itself to <Windows>\9129837.exe and creates the following
files: ...

Troj/FakeVir-JF

- Troj/FakeVir-JF at Sophos

...

Troj/SWFDldr-K

- Troj/SWFDldr-K at Sophos

...

Worm:W32/Agent.IPZ

- Worm:W32/Agent.IPZ at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

VBS/Autorun.worm.zo

- VBS/Autorun.worm.zo at McAfee

When executed, this worm drops the following files:%UserProfile%\Local Settings\Temp\[Random].tmp
(VBS/autorun.worm.zo virus) %UserProfile%\Local Settings\Temp\auto.exe (Generic!atr trojan)
%UserProfile%\Local Settings\Temp\Yuyun.Q (innocent file)It then copies itself to the following locations:
%UserProfile%\My Documents\databas...

VBS/Autorun.worm.zo!lnk

- VBS/Autorun.worm.zo!lnk at McAfee

These .LNK or link files are dropped into root directories and subdirectories of all drives and network shared
folders in order to re-infect or re-trigger the trojan into activation. They may have the following names:
Microsoft.lnkNew Harry Potter and....lnkNew Folder.lnkSuratQ.lnkRahasia.lnkGame.lnkZvnita.lnkDownload.lnkDataQ.
lnk[Sub...

FakeAlert-WinwebSecurity

- FakeAlert-WinwebSecurity at McAfee

FakeAlert-WinwebSecurity is a trojan that spoofs as security update software but attempts to download and
install additional malicious components.It attempts to connect to one or more of the following domain(s) to
download its component:securedownload[removed].comthesecure[removed].comsafesoftware[removed].
comsystemsecurity[removed]....

TROJ_DROPPER.FK

- TROJ_DROPPER.FK at Trend Micro

This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware.Upon
execution, this Trojan displays the following image:The keymaker is run while the malicious component is
dropped in the background. It drops a component that is detected by Trend Micro as TROJ_AGENT.AQR. As a result,
routines of ...

MS09-001

- MS09-001 at Panda

It is a group of critical vulnerabilities in the Server Message Block (SMB) on Windows
2008/Vista/2003/XP/2000, which allows hackers to gain remote control of the affected computer with the same
privileges as the logged on user and denial of service attacks to be launched.
...

Troj/Dloadr-CEV

- Troj/Dloadr-CEV at Sophos

...

Troj/FakeAle-LC

- Troj/FakeAle-LC at Sophos

...

W32/AutoIt-AW

- W32/AutoIt-AW at Sophos

...

W32/AutoRun-UA

- W32/AutoRun-UA at Sophos

W32/AutoRun-UA is a worm for the Windows platform. When run W32/AutoRun-UA
attempts to spread via removable shared drives. W32/AutoRun-UA also sets registry
entries under: HKCU\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\<original wor...

W32/Autorun-UI

- W32/Autorun-UI at Sophos

...

W32/Autorun-UJ

- W32/Autorun-UJ at Sophos

W32/Autorun-UJ is a worm for the Windows platform. When first run
W32/Autorun-UJ creates a new hidden folder C:\SYSTEM and copies itself to the following location: C:
\SYSTEM\<HKEY_USERS\SID>\sys.exe. W32/Autorun-UJ may copy itself to removable
drives as the fi...

Mal/DLoad-C

- Mal/DLoad-C at Sophos

...

Mal/MPServ-A

- Mal/MPServ-A at Sophos

...

0 writebacks [01/14/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090112

TROJ_DROPPER.TT

- TROJ_DROPPER.TT at Trend Micro

...

WORM_MYTOB.QR

- WORM_MYTOB.QR at Trend Micro

This worm arrives as attachment to mass-mailed email messages. It may also arrive via removable drives.It
drops multiple files on the affected system, including copies of itself and possibly malicious component files.
It displays an image when executed.It creates a registry entry to enable its automatic execution at every
system start...

Troj/Agent-IOY

- Troj/Agent-IOY at Sophos

...

Troj/Agent-IOT

- Troj/Agent-IOT at Sophos

...

Troj/NtRootK-EI

- Troj/NtRootK-EI at Sophos

Troj/NtRootK-EI is a Trojan for the Windows platform. Once installed,
Troj/NtRootK-EI attempts to register itself as the service name "RKHit".
...

Troj/FakeAV-IJ

- Troj/FakeAV-IJ at Sophos

Troj/FakeAV-IJ is a Trojan for the Windows platform. Troj/FakeAV-IJ
includes functionality to download, install and run new software. The following files
are created: <Desktop>\Internet Antivirus Pro.lnk <Start
Menu>Programs\Inter...

W32/Autorun-TQ

- W32/Autorun-TQ at Sophos

W32/Autorun-TQ is a worm that copies itself to removable storage devices.
W32/Autorun-TQ copies itself together with an autorun.inf file that specifies the worm should be run
automatically. The worm also copies itself to the Application Data folder and creates
the following re...

W32/Waled-J

- W32/Waled-J at Sophos

...

Troj/Agent-IOW

- Troj/Agent-IOW at Sophos

Troj/Agent-IOW is a Trojan for the Windows platform.
...

Troj/Lineag-AN

- Troj/Lineag-AN at Sophos

When first run Troj/Lineag-AN copies itself to <Windows>\help\EB6C4499B05F.exe and creates
the following files: <Root>\1.hiv <Root>\2.hiv
<Current Folder>\2.bat <Windows>\1.bat <Windows>\help\EB6C4499B05F.dll
...

W32/Conficker.worm.gen.a

- W32/Conficker.worm.gen.a at McAfee

Network portscan on port 445 as per the MS08-067 exploit. Access to the above mentioned domain. Domain
accounts being locked due to maximum login attempts. presence of the above mentioned files and registry keys
in specific files and registryy keys with empty permissions. Scheduled tasks being created. autorun.inf files
being created...

TROJ_DDOS.ISR

- TROJ_DDOS.ISR at Trend Micro

This Trojan may be installed manually by a user. It may be downloaded unknowingly by a user when visiting
malicious Web sites.It creates folders and drops several files. It creates a registry entry to enable its
automatic execution at every system startup.Upon execution, it connects to an IRC server in a certain port.
Testing shows t...

Samal.A

- Samal.A at Panda

It is designed to carry out malicious actions only on 1st January 2009, such as prevent the computer from
being started properly, among others. It spreads making copies of itself in all the system drives.
...

Troj/Agent-IPI

- Troj/Agent-IPI at Sophos

...

Troj/Agent-IPJ

- Troj/Agent-IPJ at Sophos

...

Troj/Agent-IPK

- Troj/Agent-IPK at Sophos

...

Troj/DwnLdr-HND

- Troj/DwnLdr-HND at Sophos

Troj/DwnLdr-HND is a Trojan downloader for the Windows platform. When run
the Batchfile Trojan will attemp to download components from a remote FTP server and add them to the windws
task-scheduler....

Troj/FakeAV-IK

- Troj/FakeAV-IK at Sophos

Troj/FakeAV-IK is a Windows platform trojan. When Troj/FakeAV-IK is first
run, it attempts to download an executable from a remote host and save the file under <Program
Files>\Antivirus 2009\av2009.exe Troj/FakeAV-IK creates the following registry entry:
...

Troj/FakeAV-IL

- Troj/FakeAV-IL at Sophos

...

Mal/Behav-170

- Mal/Behav-170 at Sophos

...

Troj/Dloadr-CER

- Troj/Dloadr-CER at Sophos

Troj/Dloadr-CER is a Trojan for the Windows platform. Troj/Dloadr-CER
downloads and installs Troj/FakeAle-KZ to <PROGRAM FILES>\Antivirus 2009\av2009.
exe...

Troj/DwnLdr-HMQ

- Troj/DwnLdr-HMQ at Sophos

...

Troj/FakeAle-KY

- Troj/FakeAle-KY at Sophos

...

VBS_PSYME.BXC

- VBS_PSYME.BXC at Trend Micro

...

TROJ_DLOADER.TVT

- TROJ_DLOADER.TVT at Trend Micro

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by
users when visiting malicious sites.It drops several files on the affected system, including a copy of itself.
It also modifies the Windows registry so that it will run at every system startup.It monitors the Internet
Explorer ac...

TROJ_PIDIEF.IE

- TROJ_PIDIEF.IE at Trend Micro

...

TotalProtect2009

- TotalProtect2009 at Panda

Alerta al usuario sobre amenazas inexistentes en su ordenador. Para poder eliminarlas, le intenta
convencer para que adquiera cierto programa. Puede ser descargado desde la página web perteneciente
a la empresa que lo ha desarrollado.
...

Troj/FakeAV-IM

- Troj/FakeAV-IM at Sophos

...

Troj/Mdrop-BXU

- Troj/Mdrop-BXU at Sophos

...

Troj/PWS-AXV

- Troj/PWS-AXV at Sophos

...

W32/AutoRun-TY

- W32/AutoRun-TY at Sophos

W32/AutoRun-TY is a autorun worm for the Windows platform. W32/AutoRun-TY
includes functionality to access the internet and communicate with a remote server via HTTP.
When installed W32/AutoRun-TY copies itself to <System>\csrcs.exe
W32/AutoRun-TY ...

W32/Yahlov-E

- W32/Yahlov-E at Sophos

...

Troj/Agent-IPL

- Troj/Agent-IPL at Sophos

Troj/Agent-IPL is a Trojan for the Windows platform. Troj/Agent-IPL
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Agent-IPL is installed it creates the file <Temp>\a..bat.
...

Troj/Agent-IPM

- Troj/Agent-IPM at Sophos

Troj/Agent-IPM is a Trojan for the Windows platform. When Troj/Agent-IPM is
installed the following files are created: <Temp>\WER1.tmp.dir00\appcompat.txt
<Temp>\wer1.
tmp...

Troj/Agent-IPN

- Troj/Agent-IPN at Sophos

Troj/Agent-IPN is a Trojan for the Windows platform. Troj/Agent-IPN
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-IPN copies itself to <Windows>\9129837.exe and creates the following
files: ...

Troj/FakeVir-JF

- Troj/FakeVir-JF at Sophos

...

Troj/SWFDldr-K

- Troj/SWFDldr-K at Sophos

...

0 writebacks [01/13/2009 22:46] [] permanent link



Virus Malware and Threat News for 20090111

Troj/Agent-IOV

- Troj/Agent-IOV at Sophos

Troj/Agent-IOV is a Trojan for the Windows platform. When run
Troj/Agent-IOV copies itself to <System>\digeste.dll and adds the DLL file to the following registry
entry: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders <e...

Troj/Bckdr-QRC

- Troj/Bckdr-QRC at Sophos

...

Troj/Bckdr-QRD

- Troj/Bckdr-QRD at Sophos

...

Troj/Inject-DQ

- Troj/Inject-DQ at Sophos

Troj/Inject-DQ is a Trojan for the Windows platform. When run
Troj/Inject-DQ copies itself to: <System>\wuaumqr.exe
<System>\kazaabackupfiles\download_me.exe and sets the following registry entries:
HKCU\Software\Micros...

Troj/MDrop-BXT

- Troj/MDrop-BXT at Sophos

...

Troj/Crack-Q

- Troj/Crack-Q at Sophos

Troj/Crack-Q is used to patch sattelite receiver boxes to allow for viewing of premium TV channels.
...

Troj/Keygen-BW

- Troj/Keygen-BW at Sophos

Troj/Keygen-BW is a key generator for Winamp Pro v5.x
...

Mal/WaledPak-A

- Mal/WaledPak-A at Sophos

Mal/WaledPak-A is a worm for the Windows platform. Mal/WaledPak-A includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client.
...

Troj/Agent-IOU

- Troj/Agent-IOU at Sophos

...

Troj/DwnLdr-HMY

- Troj/DwnLdr-HMY at Sophos

Troj/DwnLdr-HMY is a Trojan for the Windows platform. Troj/DwnLdr-HMY
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/DwnLdr-HMY copies itself to the Windows system folder The
following reg...

TROJ_DROPPER.TT

- TROJ_DROPPER.TT at Trend Micro

...

WORM_MYTOB.QR

- WORM_MYTOB.QR at Trend Micro

This worm arrives as attachment to mass-mailed email messages. It may also arrive via removable drives.It
drops multiple files on the affected system, including copies of itself and possibly malicious component files.
It displays an image when executed.It creates a registry entry to enable its automatic execution at every
system start...

Troj/Agent-IOY

- Troj/Agent-IOY at Sophos

...

Troj/Agent-IOT

- Troj/Agent-IOT at Sophos

...

Troj/NtRootK-EI

- Troj/NtRootK-EI at Sophos

Troj/NtRootK-EI is a Trojan for the Windows platform. Once installed,
Troj/NtRootK-EI attempts to register itself as the service name "RKHit".
...

Troj/FakeAV-IJ

- Troj/FakeAV-IJ at Sophos

Troj/FakeAV-IJ is a Trojan for the Windows platform. Troj/FakeAV-IJ
includes functionality to download, install and run new software. The following files
are created: <Desktop>\Internet Antivirus Pro.lnk <Start
Menu>Programs\Inter...

W32/Autorun-TQ

- W32/Autorun-TQ at Sophos

W32/Autorun-TQ is a worm that copies itself to removable storage devices.
W32/Autorun-TQ copies itself together with an autorun.inf file that specifies the worm should be run
automatically. The worm also copies itself to the Application Data folder and creates
the following re...

W32/Waled-J

- W32/Waled-J at Sophos

...

Troj/Agent-IOW

- Troj/Agent-IOW at Sophos

Troj/Agent-IOW is a Trojan for the Windows platform.
...

Troj/Lineag-AN

- Troj/Lineag-AN at Sophos

When first run Troj/Lineag-AN copies itself to <Windows>\help\EB6C4499B05F.exe and creates
the following files: <Root>\1.hiv <Root>\2.hiv
<Current Folder>\2.bat <Windows>\1.bat <Windows>\help\EB6C4499B05F.dll
...

W32/Conficker.worm.gen.a

- W32/Conficker.worm.gen.a at McAfee

Network portscan on port 445 as per the MS08-067 exploit. Access to the above mentioned domain. Domain
accounts being locked due to maximum login attempts. presence of the above mentioned files and registry keys
in specific files and registryy keys with empty permissions. Scheduled tasks being created. autorun.inf files
being created...

TROJ_DDOS.ISR

- TROJ_DDOS.ISR at Trend Micro

This Trojan may be installed manually by a user. It may be downloaded unknowingly by a user when visiting
malicious Web sites.It creates folders and drops several files. It creates a registry entry to enable its
automatic execution at every system startup.Upon execution, it connects to an IRC server in a certain port.
Testing shows t...

Samal.A

- Samal.A at Panda

It is designed to carry out malicious actions only on 1st January 2009, such as prevent the computer from
being started properly, among others. It spreads making copies of itself in all the system drives.
...

Troj/Agent-IPI

- Troj/Agent-IPI at Sophos

...

Troj/Agent-IPJ

- Troj/Agent-IPJ at Sophos

...

Troj/Agent-IPK

- Troj/Agent-IPK at Sophos

...

Troj/DwnLdr-HND

- Troj/DwnLdr-HND at Sophos

Troj/DwnLdr-HND is a Trojan downloader for the Windows platform. When run
the Batchfile Trojan will attemp to download components from a remote FTP server and add them to the windws
task-scheduler....

Troj/FakeAV-IK

- Troj/FakeAV-IK at Sophos

Troj/FakeAV-IK is a Windows platform trojan. When Troj/FakeAV-IK is first
run, it attempts to download an executable from a remote host and save the file under <Program
Files>\Antivirus 2009\av2009.exe Troj/FakeAV-IK creates the following registry entry:
...

Troj/FakeAV-IL

- Troj/FakeAV-IL at Sophos

...

Mal/Behav-170

- Mal/Behav-170 at Sophos

...

Troj/Dloadr-CER

- Troj/Dloadr-CER at Sophos

Troj/Dloadr-CER is a Trojan for the Windows platform. Troj/Dloadr-CER
downloads and installs Troj/FakeAle-KZ to <PROGRAM FILES>\Antivirus 2009\av2009.
exe...

Troj/DwnLdr-HMQ

- Troj/DwnLdr-HMQ at Sophos

...

Troj/FakeAle-KY

- Troj/FakeAle-KY at Sophos

...

0 writebacks [01/12/2009 22:42] [] permanent link



Virus Malware and Threat News for 20090110

Worm:W32/Downadup.gen

- Worm:W32/Downadup.gen at F-Secure

Downadup is a worm. A standalone malicious program which uses computer or network resources to make complete
copies of itself. May include code or other malware to damage both the system and the network.
...

WiniGuard

- WiniGuard at Norton Symantec

BehaviorWiniGuard is a misleading application that may give exaggerated reports of threats on the computer.
...

Exploit-MSWord.j

- Exploit-MSWord.j at McAfee

Upon opening the word document the embedded ActiveX control with the following classid is instantiated and
executed.    * {AE24FDAE-03C6-11D1-8B76-0080C744F389}This control stores configuration data for
the policy setting Microsoft Scriptlet Component.The control then makes a request to the following webpage*
hxxp://61...

TROJ_INJECT.ZZ

- TROJ_INJECT.ZZ at Trend Micro

...

PasswordStealer.BJ

- PasswordStealer.BJ at Panda

It steals confidential information from the user, such as passwords, and uses a rootkit in order to make its
detection more difficult. It reaches the computer passing itself off as a Christmas greeting.
...

Troj/MDrop-BXS

- Troj/MDrop-BXS at Sophos

When run Troj/MDrop-BXS drops <Temp>\3005593.exe detected as Mal/Generic-A
...

Troj/Agent-IOQ

- Troj/Agent-IOQ at Sophos

...

Mal/Behav-148

- Mal/Behav-148 at Sophos

...

Mal/FearDoor-A

- Mal/FearDoor-A at Sophos

...

Mal/OnlineG-C

- Mal/OnlineG-C at Sophos

...

Mal/Renos-F

- Mal/Renos-F at Sophos

...

Troj/Agent-IOP

- Troj/Agent-IOP at Sophos

Troj/Agent-IOP is a Trojan for the Windows platform. Troj/Agent-IOP is
registered as a new system driver service named "Wuausurv", with a display name of "Wuausurv" and a startup
type of automatic, so that it is started automatically during system startup. Registry entries are created
under: ...

Troj/Bifrose-VI

- Troj/Bifrose-VI at Sophos

Troj/Bifrose-VI is a Trojan for the Windows platform. Troj/Bifrose-VI
copies itself to msddll.exe in the Windows system folder and registers itself as a service process with a
start type of "Automatic". If run with sufficient rights Troj/Bifrose-VI will install
itself as an ap...

Troj/Dloadr-CEM

- Troj/Dloadr-CEM at Sophos

...

Troj/FakeAle-KX

- Troj/FakeAle-KX at Sophos

...

Troj/Agent-IOV

- Troj/Agent-IOV at Sophos

Troj/Agent-IOV is a Trojan for the Windows platform. When run
Troj/Agent-IOV copies itself to <System>\digeste.dll and adds the DLL file to the following registry
entry: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders <e...

Troj/Bckdr-QRC

- Troj/Bckdr-QRC at Sophos

...

Troj/Bckdr-QRD

- Troj/Bckdr-QRD at Sophos

...

Troj/Inject-DQ

- Troj/Inject-DQ at Sophos

Troj/Inject-DQ is a Trojan for the Windows platform. When run
Troj/Inject-DQ copies itself to: <System>\wuaumqr.exe
<System>\kazaabackupfiles\download_me.exe and sets the following registry entries:
HKCU\Software\Micros...

Troj/MDrop-BXT

- Troj/MDrop-BXT at Sophos

...

Troj/Crack-Q

- Troj/Crack-Q at Sophos

Troj/Crack-Q is used to patch sattelite receiver boxes to allow for viewing of premium TV channels.
...

Troj/Keygen-BW

- Troj/Keygen-BW at Sophos

Troj/Keygen-BW is a key generator for Winamp Pro v5.x
...

Mal/WaledPak-A

- Mal/WaledPak-A at Sophos

Mal/WaledPak-A is a worm for the Windows platform. Mal/WaledPak-A includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client.
...

Troj/Agent-IOU

- Troj/Agent-IOU at Sophos

...

Troj/DwnLdr-HMY

- Troj/DwnLdr-HMY at Sophos

Troj/DwnLdr-HMY is a Trojan for the Windows platform. Troj/DwnLdr-HMY
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/DwnLdr-HMY copies itself to the Windows system folder The
following reg...

0 writebacks [01/11/2009 05:49] [] permanent link



Virus Malware and Threat News for 20090109

W32.Grenail.D!inf

- W32.Grenail.D!inf at Norton Symantec

W32.Grenail.D!inf is a detection for files infected to run other threats when executed.
...

W32.Grenail.C!inf

- W32.Grenail.C!inf at Norton Symantec

W32.Grenail.C!inf is a detection for files infected to run other threats when executed.
...

W32/Conficker.worm.gen.b

- W32/Conficker.worm.gen.b at McAfee

When executed, the worm copies itself using a random name to the %Sysdir% folder.(Where %Sysdir% is the
Windows system folder; e.g. C:\Windows\System32)It modifies the following registry key to create a
randomly-named service on the affected syetem:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\ServiceD...

TROJ_DLOADR.QK

- TROJ_DLOADR.QK at Trend Micro

This Trojan may arrive on a system as attachment to spammed email messages.Upon execution, it downloads and
executes a malicious file from a certain URL. The downloaded file is detected by Trend Micro as TROJ_INJECT.ZZ.
As a result, routines of the related Trojan may also be exhibited on the affected system.
...

WORM_IRCBOT.CAV

- WORM_IRCBOT.CAV at Trend Micro

This worm may be dropped by other malware. It creates folders and drops several copies of itself. It then
creates registry entries to enable its automatic execution at every system startup.It modifies registry
entires to disable automatic Windows Update, various Security Center functions, and firewall settings; to hide
files with bot...

TROJ_KRYPTIK.YN

- TROJ_KRYPTIK.YN at Trend Micro

This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware.It drops
a copy of itself. It creates registry entries to enable its automatic execution at every system startup. It
deletes itself after execution.
...

TROJ_INJECT.JMO

- TROJ_INJECT.JMO at Trend Micro

This Trojan may be downloaded from remote sites by other malware.It drops files on the affected system,
including a copy of itself. It stays resident in the affected system's memory and injects code.It makes
multiple changes to the Windows registry. One of these changes allows it to run at every system startup.It
logs keystrokes ente...

WORM_AUTORUN.KY

- WORM_AUTORUN.KY at Trend Micro

This worm may be dropped or downloaded by other malware.It drops copies of itself on the affected system.It
registers itself as a system service to ensure its automatic execution at every system startup. It does this
by creating several registry entries.It drops a copy of itself in all physical and removable drives. It also
drops an ...

TROJ_DLOAD.ML

- TROJ_DLOAD.ML at Trend Micro

...

Conficker.C

- Conficker.C at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download a copy of itself to the affected computer. Additionally, it attempts to download another type of
malware, which might be a fake antimalware program.
...

ExpressAntivirus2009

- ExpressAntivirus2009 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Mal/Sality-B

- Mal/Sality-B at Sophos

Mal/Sality-B is a file infected by the Sality family of viruses.
...

Troj/Agent-IOM

- Troj/Agent-IOM at Sophos

Troj/Agent-IOM is a Trojan for the Windows platform. Troj/Agent-IOM drops
the following files: <System>\<random letters>.dll (also detected as
Troj/Agent-IOM) <System>\<random letters>.exe (clean uninstall file)
Troj/Ag...

Troj/FakeVir-JE

- Troj/FakeVir-JE at Sophos

...

Troj/MultPs-Gen

- Troj/MultPs-Gen at Sophos

...

Troj/PcCli-C

- Troj/PcCli-C at Sophos

...

W32/Sdbot-DNR

- W32/Sdbot-DNR at Sophos

...

Mal/Banker-F

- Mal/Banker-F at Sophos

...

Mal/FakeAV-R

- Mal/FakeAV-R at Sophos

...

Mal/IRCBot-H

- Mal/IRCBot-H at Sophos

...

Mal/TinyDL-X

- Mal/TinyDL-X at Sophos

Mal/TinyDL-X is a malicious program for the Windows platform.
...

Worm:W32/Downadup.gen

- Worm:W32/Downadup.gen at F-Secure

Downadup is a worm. A standalone malicious program which uses computer or network resources to make complete
copies of itself. May include code or other malware to damage both the system and the network.
...

WiniGuard

- WiniGuard at Norton Symantec

BehaviorWiniGuard is a misleading application that may give exaggerated reports of threats on the computer.
...

Exploit-MSWord.j

- Exploit-MSWord.j at McAfee

Upon opening the word document the embedded ActiveX control with the following classid is instantiated and
executed.    * {AE24FDAE-03C6-11D1-8B76-0080C744F389}This control stores configuration data for
the policy setting Microsoft Scriptlet Component.The control then makes a request to the following webpage*
hxxp://61...

TROJ_INJECT.ZZ

- TROJ_INJECT.ZZ at Trend Micro

...

PasswordStealer.BJ

- PasswordStealer.BJ at Panda

It steals confidential information from the user, such as passwords, and uses a rootkit in order to make its
detection more difficult. It reaches the computer passing itself off as a Christmas greeting.
...

Troj/MDrop-BXS

- Troj/MDrop-BXS at Sophos

When run Troj/MDrop-BXS drops <Temp>\3005593.exe detected as Mal/Generic-A
...

Troj/Agent-IOQ

- Troj/Agent-IOQ at Sophos

...

Mal/Behav-148

- Mal/Behav-148 at Sophos

...

Mal/FearDoor-A

- Mal/FearDoor-A at Sophos

...

Mal/OnlineG-C

- Mal/OnlineG-C at Sophos

...

Mal/Renos-F

- Mal/Renos-F at Sophos

...

Troj/Agent-IOP

- Troj/Agent-IOP at Sophos

Troj/Agent-IOP is a Trojan for the Windows platform. Troj/Agent-IOP is
registered as a new system driver service named "Wuausurv", with a display name of "Wuausurv" and a startup
type of automatic, so that it is started automatically during system startup. Registry entries are created
under: ...

Troj/Bifrose-VI

- Troj/Bifrose-VI at Sophos

Troj/Bifrose-VI is a Trojan for the Windows platform. Troj/Bifrose-VI
copies itself to msddll.exe in the Windows system folder and registers itself as a service process with a
start type of "Automatic". If run with sufficient rights Troj/Bifrose-VI will install
itself as an ap...

Troj/Dloadr-CEM

- Troj/Dloadr-CEM at Sophos

...

Troj/FakeAle-KX

- Troj/FakeAle-KX at Sophos

...

0 writebacks [01/10/2009 05:42] [] permanent link



Virus Malware and Threat News for 20090108

Trojan:W32/Black.A

- Trojan:W32/Black.A at F-Secure

A program with potential security concerns, which does not easily fit into any other category.
...

W32.Downadup!autorun

- W32.Downadup!autorun at Norton Symantec

W32.Downadup!autorun is a detection for the autorun.inf files dropped by variants of W32.Downadup.
...

Troj/Agent-IOH

- Troj/Agent-IOH at Sophos

...

W32/Autoit-AU

- W32/Autoit-AU at Sophos

...

JS/Bofra-L

- JS/Bofra-L at Sophos

...

Troj/Bckdr-QRA

- Troj/Bckdr-QRA at Sophos

...

Troj/BHO-JC

- Troj/BHO-JC at Sophos

...

Troj/Dloadr-CEK

- Troj/Dloadr-CEK at Sophos

...

Troj/Psyme-JE

- Troj/Psyme-JE at Sophos

...

Troj/Agent-IMK

- Troj/Agent-IMK at Sophos

...

Troj/Agent-IOG

- Troj/Agent-IOG at Sophos

...

W32.Grenail.D!inf

- W32.Grenail.D!inf at Norton Symantec

W32.Grenail.D!inf is a detection for files infected to run other threats when executed.
...

W32.Grenail.C!inf

- W32.Grenail.C!inf at Norton Symantec

W32.Grenail.C!inf is a detection for files infected to run other threats when executed.
...

W32/Conficker.worm.gen.b

- W32/Conficker.worm.gen.b at McAfee

When executed, the worm copies itself using a random name to the %Sysdir% folder.(Where %Sysdir% is the
Windows system folder; e.g. C:\Windows\System32)It modifies the following registry key to create a
randomly-named service on the affected syetem:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\ServiceD...

TROJ_DLOADR.QK

- TROJ_DLOADR.QK at Trend Micro

This Trojan may arrive on a system as attachment to spammed email messages.Upon execution, it downloads and
executes a malicious file from a certain URL. The downloaded file is detected by Trend Micro as TROJ_INJECT.ZZ.
As a result, routines of the related Trojan may also be exhibited on the affected system.
...

WORM_IRCBOT.CAV

- WORM_IRCBOT.CAV at Trend Micro

This worm may be dropped by other malware. It creates folders and drops several copies of itself. It then
creates registry entries to enable its automatic execution at every system startup.It modifies registry
entires to disable automatic Windows Update, various Security Center functions, and firewall settings; to hide
files with bot...

TROJ_KRYPTIK.YN

- TROJ_KRYPTIK.YN at Trend Micro

This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware.It drops
a copy of itself. It creates registry entries to enable its automatic execution at every system startup. It
deletes itself after execution.
...

TROJ_INJECT.JMO

- TROJ_INJECT.JMO at Trend Micro

This Trojan may be downloaded from remote sites by other malware.It drops files on the affected system,
including a copy of itself. It stays resident in the affected system's memory and injects code.It makes
multiple changes to the Windows registry. One of these changes allows it to run at every system startup.It
logs keystrokes ente...

WORM_AUTORUN.KY

- WORM_AUTORUN.KY at Trend Micro

This worm may be dropped or downloaded by other malware.It drops copies of itself on the affected system.It
registers itself as a system service to ensure its automatic execution at every system startup. It does this
by creating several registry entries.It drops a copy of itself in all physical and removable drives. It also
drops an ...

TROJ_DLOAD.ML

- TROJ_DLOAD.ML at Trend Micro

...

Conficker.C

- Conficker.C at Panda

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and
download a copy of itself to the affected computer. Additionally, it attempts to download another type of
malware, which might be a fake antimalware program.
...

ExpressAntivirus2009

- ExpressAntivirus2009 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Mal/Sality-B

- Mal/Sality-B at Sophos

Mal/Sality-B is a file infected by the Sality family of viruses.
...

Troj/Agent-IOM

- Troj/Agent-IOM at Sophos

Troj/Agent-IOM is a Trojan for the Windows platform. Troj/Agent-IOM drops
the following files: <System>\<random letters>.dll (also detected as
Troj/Agent-IOM) <System>\<random letters>.exe (clean uninstall file)
Troj/Ag...

Troj/FakeVir-JE

- Troj/FakeVir-JE at Sophos

...

Troj/MultPs-Gen

- Troj/MultPs-Gen at Sophos

...

Troj/PcCli-C

- Troj/PcCli-C at Sophos

...

W32/Sdbot-DNR

- W32/Sdbot-DNR at Sophos

...

Mal/Banker-F

- Mal/Banker-F at Sophos

...

Mal/FakeAV-R

- Mal/FakeAV-R at Sophos

...

Mal/IRCBot-H

- Mal/IRCBot-H at Sophos

...

Mal/TinyDL-X

- Mal/TinyDL-X at Sophos

Mal/TinyDL-X is a malicious program for the Windows platform.
...

0 writebacks [01/09/2009 05:42] [] permanent link



Virus Malware and Threat News for 20090107

Other:W32/Black.A

- Other:W32/Black.A at F-Secure

A program with potential security concerns, which does not easily fit into any other category.
...

VBS/IE-Title!C71CDCDC

- VBS/IE-Title!C71CDCDC at McAfee

When executed, this malware creates the following file:%System%\killVBS.vbs(Note: %System% is a variable
location and refers to the windows system directory The dropped files may have their attributes changed to
hidden/system files)It then creates the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Cu...

JS/Agent-IIH

- JS/Agent-IIH at Sophos

...

Troj/Perlif-A

- Troj/Perlif-A at Sophos

Troj/Perlif-A is a Trojan for the Windows platform. Once installed,
Troj/Perlif-A attempts to steal information including system events log.
...

Troj/Bckdr-QQY

- Troj/Bckdr-QQY at Sophos

...

Troj/Coolvi-Gen

- Troj/Coolvi-Gen at Sophos

...

Troj/WoWPWA-Gen

- Troj/WoWPWA-Gen at Sophos

...

W32/Voterai-D

- W32/Voterai-D at Sophos

...

Troj/Dloadr-CEI

- Troj/Dloadr-CEI at Sophos

...

Troj/FakeAle-KQ

- Troj/FakeAle-KQ at Sophos

...

Troj/IRCBot-ADG

- Troj/IRCBot-ADG at Sophos

...

Troj/JSRedir-F

- Troj/JSRedir-F at Sophos

Troj/JSRedir-F is a Trojan the redirects web users to a Fake Anti-Virus site.
...

Trojan:W32/Black.A

- Trojan:W32/Black.A at F-Secure

A program with potential security concerns, which does not easily fit into any other category.
...

W32.Downadup!autorun

- W32.Downadup!autorun at Norton Symantec

W32.Downadup!autorun is a detection for the autorun.inf files dropped by variants of W32.Downadup.
...

Troj/Agent-IOH

- Troj/Agent-IOH at Sophos

...

W32/Autoit-AU

- W32/Autoit-AU at Sophos

...

JS/Bofra-L

- JS/Bofra-L at Sophos

...

Troj/Bckdr-QRA

- Troj/Bckdr-QRA at Sophos

...

Troj/BHO-JC

- Troj/BHO-JC at Sophos

...

Troj/Dloadr-CEK

- Troj/Dloadr-CEK at Sophos

...

Troj/Psyme-JE

- Troj/Psyme-JE at Sophos

...

Troj/Agent-IMK

- Troj/Agent-IMK at Sophos

...

Troj/Agent-IOG

- Troj/Agent-IOG at Sophos

...

0 writebacks [01/08/2009 05:41] [] permanent link



Virus Malware and Threat News for 20090106

TotalProtect2009

- TotalProtect2009 at Norton Symantec

BehaviorTotalProtect2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Bloodhound.PDF.5

- Bloodhound.PDF.5 at Norton Symantec

Bloodhound.PDF.5 is a heuristic detection of potentially malicious PDF files, which may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...

Bloodhound.PDF.4

- Bloodhound.PDF.4 at Norton Symantec

Bloodhound.PDF.4 is a heuristic detection of potentially malicious PDF files, which may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...

WORM_WALEDAC.C

- WORM_WALEDAC.C at Trend Micro

...

WORM_WALEDAC.AB

- WORM_WALEDAC.AB at Trend Micro

...

Troj/Agent-INW

- Troj/Agent-INW at Sophos

...

Troj/Bckdr-QQW

- Troj/Bckdr-QQW at Sophos

...

Troj/Bdoor-ARC

- Troj/Bdoor-ARC at Sophos

...

Troj/Bdoor-ARE

- Troj/Bdoor-ARE at Sophos

...

Troj/Dloadr-CEH

- Troj/Dloadr-CEH at Sophos

...

Troj/DownLnk-B

- Troj/DownLnk-B at Sophos

Troj/DownLnk-B is a Windows Shortcut (.lnk) file which executes a command prompt with paramaters
to download and execute a file from the internet.
...

Troj/Spy-BM

- Troj/Spy-BM at Sophos

...

Troj/Wimad-L

- Troj/Wimad-L at Sophos

Troj/Wimad-L is a downloader Trojan for the Windows platform.
...

Troj/Agent-INR

- Troj/Agent-INR at Sophos

...

Troj/Agent-INT

- Troj/Agent-INT at Sophos

...

Other:W32/Black.A

- Other:W32/Black.A at F-Secure

A program with potential security concerns, which does not easily fit into any other category.
...

VBS/IE-Title!C71CDCDC

- VBS/IE-Title!C71CDCDC at McAfee

When executed, this malware creates the following file:%System%\killVBS.vbs(Note: %System% is a variable
location and refers to the windows system directory The dropped files may have their attributes changed to
hidden/system files)It then creates the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Cu...

JS/Agent-IIH

- JS/Agent-IIH at Sophos

...

Troj/Perlif-A

- Troj/Perlif-A at Sophos

Troj/Perlif-A is a Trojan for the Windows platform. Once installed,
Troj/Perlif-A attempts to steal information including system events log.
...

Troj/Bckdr-QQY

- Troj/Bckdr-QQY at Sophos

...

Troj/Coolvi-Gen

- Troj/Coolvi-Gen at Sophos

...

Troj/WoWPWA-Gen

- Troj/WoWPWA-Gen at Sophos

...

W32/Voterai-D

- W32/Voterai-D at Sophos

...

Troj/Dloadr-CEI

- Troj/Dloadr-CEI at Sophos

...

Troj/FakeAle-KQ

- Troj/FakeAle-KQ at Sophos

...

Troj/IRCBot-ADG

- Troj/IRCBot-ADG at Sophos

...

Troj/JSRedir-F

- Troj/JSRedir-F at Sophos

Troj/JSRedir-F is a Trojan the redirects web users to a Fake Anti-Virus site.
...

0 writebacks [01/07/2009 05:42] [] permanent link



Virus Malware and Threat News for 20090105

Troj/DwnLdr-HMN

- Troj/DwnLdr-HMN at Sophos

...

Troj/DwnLdr-HMO

- Troj/DwnLdr-HMO at Sophos

...

W32/AutoRun-TB

- W32/AutoRun-TB at Sophos

W32/AutoRun-TB is a worm for the Windows platform. When run W32/AutoRun-TB
copies itself to <Program Files>\Microsoft Common\svchost.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
...

Troj/Agent-IND

- Troj/Agent-IND at Sophos

...

Troj/Agent-INH

- Troj/Agent-INH at Sophos

...

Troj/Agent-INI

- Troj/Agent-INI at Sophos

...

Troj/FakeAle-KN

- Troj/FakeAle-KN at Sophos

...

W32/Autorun-SZ

- W32/Autorun-SZ at Sophos

...

W32/Autorun-TA

- W32/Autorun-TA at Sophos

...

Troj/Agent-ING

- Troj/Agent-ING at Sophos

...

TotalProtect2009

- TotalProtect2009 at Norton Symantec

BehaviorTotalProtect2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Bloodhound.PDF.5

- Bloodhound.PDF.5 at Norton Symantec

Bloodhound.PDF.5 is a heuristic detection of potentially malicious PDF files, which may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...

Bloodhound.PDF.4

- Bloodhound.PDF.4 at Norton Symantec

Bloodhound.PDF.4 is a heuristic detection of potentially malicious PDF files, which may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...

WORM_WALEDAC.C

- WORM_WALEDAC.C at Trend Micro

...

WORM_WALEDAC.AB

- WORM_WALEDAC.AB at Trend Micro

...

Troj/Agent-INW

- Troj/Agent-INW at Sophos

...

Troj/Bckdr-QQW

- Troj/Bckdr-QQW at Sophos

...

Troj/Bdoor-ARC

- Troj/Bdoor-ARC at Sophos

...

Troj/Bdoor-ARE

- Troj/Bdoor-ARE at Sophos

...

Troj/Dloadr-CEH

- Troj/Dloadr-CEH at Sophos

...

Troj/DownLnk-B

- Troj/DownLnk-B at Sophos

Troj/DownLnk-B is a Windows Shortcut (.lnk) file which executes a command prompt with paramaters
to download and execute a file from the internet.
...

Troj/Spy-BM

- Troj/Spy-BM at Sophos

...

Troj/Wimad-L

- Troj/Wimad-L at Sophos

Troj/Wimad-L is a downloader Trojan for the Windows platform.
...

Troj/Agent-INR

- Troj/Agent-INR at Sophos

...

Troj/Agent-INT

- Troj/Agent-INT at Sophos

...

0 writebacks [01/06/2009 05:47] [] permanent link



Virus Malware and Threat News for 20090104

Troj/Conhook-AQ

- Troj/Conhook-AQ at Sophos

...

Troj/DwnLdr-HMD

- Troj/DwnLdr-HMD at Sophos

...

Troj/Hiloti-A

- Troj/Hiloti-A at Sophos

...

Mal/CryptBox-A

- Mal/CryptBox-A at Sophos

Mal/CryptBox-A is a malicious executable for the Windows platform. When run
Mal/CryptBox-A will decrypt and inject other components stored in the resource section.
...

Troj/Adclik-Gen

- Troj/Adclik-Gen at Sophos

...

Troj/Agent-INB

- Troj/Agent-INB at Sophos

...

Troj/DwnLdr-HMN

- Troj/DwnLdr-HMN at Sophos

...

Troj/DwnLdr-HMO

- Troj/DwnLdr-HMO at Sophos

...

W32/AutoRun-TB

- W32/AutoRun-TB at Sophos

W32/AutoRun-TB is a worm for the Windows platform. When run W32/AutoRun-TB
copies itself to <Program Files>\Microsoft Common\svchost.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
...

Troj/Agent-IND

- Troj/Agent-IND at Sophos

...

Troj/Agent-INH

- Troj/Agent-INH at Sophos

...

Troj/Agent-INI

- Troj/Agent-INI at Sophos

...

Troj/FakeAle-KN

- Troj/FakeAle-KN at Sophos

...

W32/Autorun-SZ

- W32/Autorun-SZ at Sophos

...

W32/Autorun-TA

- W32/Autorun-TA at Sophos

...

Troj/Agent-ING

- Troj/Agent-ING at Sophos

...

0 writebacks [01/05/2009 05:42] [] permanent link



Virus Malware and Threat News for 20090103

Worm:W32/Downadup.AL

- Worm:W32/Downadup.AL at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

Bloodhound.Exploit.223

- Bloodhound.Exploit.223 at Norton Symantec

Bloodhound.Exploit.223 is a heuristic detection for files which exploit Microsoft Word RTF Malformed Control
Word Variant 2 Remote Code Execution Vulnerability (BID 32642).
...

Bloodhound.Exploit.222

- Bloodhound.Exploit.222 at Norton Symantec

Bloodhound.Exploit.222 is a heuristic detection for files which exploit Microsoft Word RTF Multiple Drawing
Object Tags Remote Code Execution Vulnerability (BID 32585).
...

Bloodhound.Exploit.221

- Bloodhound.Exploit.221 at Norton Symantec

Bloodhound.Exploit.221 is a heuristic detection for files which exploit Microsoft Word RTF Polyline/Polygon
Integer Overflow Vulnerability (BID 32579).
...

Gafermus

- Gafermus at Panda

...

FWDisabler.A

- FWDisabler.A at Panda

It is designed to obtain the user's passwords related to the Webmoney service. It disables the System Restore
utility and the automatic Windows updates. It does not spread automatically by its own means.
...

SystemSecurity

- SystemSecurity at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Troj/BHO-IZ

- Troj/BHO-IZ at Sophos

...

Troj/Daonol-Fam

- Troj/Daonol-Fam at Sophos

Troj/Daonol-Fam is a family of Trojans for the Windows platform. Members of
Troj/Daonol-Fam typically copy themselves to the Root folder and create some of the following files
<Root>\<random filename>.bat (clean batch file) <System>\sysaudio.sys
...

Troj/FakeAle-KK

- Troj/FakeAle-KK at Sophos

...

Troj/FakeAle-KL

- Troj/FakeAle-KL at Sophos

...

Troj/FakeAV-HZ

- Troj/FakeAV-HZ at Sophos

...

W32/Autorun-SY

- W32/Autorun-SY at Sophos

W32/Autorun-SY creates the following registry values:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf (default value)
@SYS:DoesNotExist HKCU\Software\Microsoft\Windows\CurrentVersion\Run
opesys <path t...

Troj/Agent-INA

- Troj/Agent-INA at Sophos

...

Troj/Alure-B

- Troj/Alure-B at Sophos

...

Troj/DNSChan-ME

- Troj/DNSChan-ME at Sophos

...

W32/AutoRun-SW

- W32/AutoRun-SW at Sophos

W32/AutoRun-SW is a worm for the Windows platform. When first run
W32/AutoRun-SW copies itself to <System>\XP-078F2E4E.EXE and creates the following files:
<System>\RegEx.fne <System>\com.run <System>\dp1.fne
<System&...

Troj/Conhook-AQ

- Troj/Conhook-AQ at Sophos

...

Troj/DwnLdr-HMD

- Troj/DwnLdr-HMD at Sophos

...

Troj/Hiloti-A

- Troj/Hiloti-A at Sophos

...

Mal/CryptBox-A

- Mal/CryptBox-A at Sophos

Mal/CryptBox-A is a malicious executable for the Windows platform. When run
Mal/CryptBox-A will decrypt and inject other components stored in the resource section.
...

Troj/Adclik-Gen

- Troj/Adclik-Gen at Sophos

...

Troj/Agent-INB

- Troj/Agent-INB at Sophos

...

0 writebacks [01/04/2009 05:41] [] permanent link



Virus Malware and Threat News for 20090102

Mal/Conficker-A

- Mal/Conficker-A at Sophos

Mal/Conficker-A is a worm for the Windows platform. Mal/Conficker-A spreads
over the network by exploiting the MS08-067 Windows server service vulnerability.
Mal/Conficker-A will attempt to copy itself to the following location:
<System>\<random...

Troj/FakeVir-JA

- Troj/FakeVir-JA at Sophos

...

Troj/Pushdo-AB

- Troj/Pushdo-AB at Sophos

...

Troj/Qhost-AC

- Troj/Qhost-AC at Sophos

Troj/Qhost-AC is a Trojan for the Windows platform. When run Troj/Qhost-AC
attempts to modify the HOSTS file to prevent access to P2P websites.
...

W32/Waled-Gen

- W32/Waled-Gen at Sophos

W32/Waled-Gen is a worm for the Windows platform. W32/Waled-Gen includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client.
...

Troj/Ezio-I

- Troj/Ezio-I at Sophos

Troj/Ezio-I is a Trojan for the Windows platform. Troj/Ezio-I includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Ezio-I copies itself to: <Application Data>\Microsoft\logman.
exe ...

Troj/PWS-AXI

- Troj/PWS-AXI at Sophos

...

Troj/Taesb-A

- Troj/Taesb-A at Sophos

...

Troj/Tiotua-AC

- Troj/Tiotua-AC at Sophos

Troj/Tiotua-AC is a Trojan for the Windows platform. Troj/Tiotua-AC
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Tiotua-AC copies itself to the Windows folder and creates the following files:
...

Troj/Agent-IMW

- Troj/Agent-IMW at Sophos

...

Worm:W32/Downadup.AL

- Worm:W32/Downadup.AL at F-Secure

A standalone malicious program which uses computer or network resources to make complete copies of itself. May
include code or other malware to damage both the system and the network.
...

Bloodhound.Exploit.223

- Bloodhound.Exploit.223 at Norton Symantec

Bloodhound.Exploit.223 is a heuristic detection for files which exploit Microsoft Word RTF Malformed Control
Word Variant 2 Remote Code Execution Vulnerability (BID 32642).
...

Bloodhound.Exploit.222

- Bloodhound.Exploit.222 at Norton Symantec

Bloodhound.Exploit.222 is a heuristic detection for files which exploit Microsoft Word RTF Multiple Drawing
Object Tags Remote Code Execution Vulnerability (BID 32585).
...

Bloodhound.Exploit.221

- Bloodhound.Exploit.221 at Norton Symantec

Bloodhound.Exploit.221 is a heuristic detection for files which exploit Microsoft Word RTF Polyline/Polygon
Integer Overflow Vulnerability (BID 32579).
...

Gafermus

- Gafermus at Panda

...

FWDisabler.A

- FWDisabler.A at Panda

It is designed to obtain the user's passwords related to the Webmoney service. It disables the System Restore
utility and the automatic Windows updates. It does not spread automatically by its own means.
...

SystemSecurity

- SystemSecurity at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Troj/BHO-IZ

- Troj/BHO-IZ at Sophos

...

Troj/Daonol-Fam

- Troj/Daonol-Fam at Sophos

Troj/Daonol-Fam is a family of Trojans for the Windows platform. Members of
Troj/Daonol-Fam typically copy themselves to the Root folder and create some of the following files
<Root>\<random filename>.bat (clean batch file) <System>\sysaudio.sys
...

Troj/FakeAle-KK

- Troj/FakeAle-KK at Sophos

...

Troj/FakeAle-KL

- Troj/FakeAle-KL at Sophos

...

Troj/FakeAV-HZ

- Troj/FakeAV-HZ at Sophos

...

W32/Autorun-SY

- W32/Autorun-SY at Sophos

W32/Autorun-SY creates the following registry values:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf (default value)
@SYS:DoesNotExist HKCU\Software\Microsoft\Windows\CurrentVersion\Run
opesys <path t...

Troj/Agent-INA

- Troj/Agent-INA at Sophos

...

Troj/Alure-B

- Troj/Alure-B at Sophos

...

Troj/DNSChan-ME

- Troj/DNSChan-ME at Sophos

...

W32/AutoRun-SW

- W32/AutoRun-SW at Sophos

W32/AutoRun-SW is a worm for the Windows platform. When first run
W32/AutoRun-SW copies itself to <System>\XP-078F2E4E.EXE and creates the following files:
<System>\RegEx.fne <System>\com.run <System>\dp1.fne
<System&...

0 writebacks [01/03/2009 05:42] [] permanent link



Virus Malware and Threat News for 20090101

Spyware.NetScreenWatch

- Spyware.NetScreenWatch at Norton Symantec

BehaviorSpyware.NetScreenWatch is a spyware program that monitors user activity on the compromised computer.
...

ExpressAntiVirus2009

- ExpressAntiVirus2009 at Norton Symantec

BehaviorExpressAntiVirus2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Troj/DwnLdr-HMG

- Troj/DwnLdr-HMG at Sophos

...

W32/Waled-F

- W32/Waled-F at Sophos

...

Troj/Dloadr-CEA

- Troj/Dloadr-CEA at Sophos

...

Troj/Dloadr-CDZ

- Troj/Dloadr-CDZ at Sophos

...

Troj/Spy-BC

- Troj/Spy-BC at Sophos

...

W32/Autorun-SV

- W32/Autorun-SV at Sophos

W32/Autorun-SV is a worm for the Windows platform. It is likely to arrive within a file
masquerading as a fake installer for legitimate software. When executed, W32/Autorun-SV
copies itself as boot.com to a folder named resycled on the root of the system drive and removable drives:
...

W32/MarioF-I

- W32/MarioF-I at Sophos

...

W32/Waled-E

- W32/Waled-E at Sophos

W32/Waled-E is a worm for the Windows platform. W32/Waled-E includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client. The worm creates the following registry values to run itself on
Windows start...

Troj/Agent-IMM

- Troj/Agent-IMM at Sophos

...

Troj/Agent-IMU

- Troj/Agent-IMU at Sophos

Troj/Agent-IMU is a Trojan for the Windows platform. When run the Trojan
will copy itself to the system folder as the file csrcs.exe and set the following registry to ensure that it
is executed on system restart. HKLM\Software\Microsoft\Windows\Current
Version\Policies\Explore...

Mal/Conficker-A

- Mal/Conficker-A at Sophos

Mal/Conficker-A is a worm for the Windows platform. Mal/Conficker-A spreads
over the network by exploiting the MS08-067 Windows server service vulnerability.
Mal/Conficker-A will attempt to copy itself to the following location:
<System>\<random...

Troj/FakeVir-JA

- Troj/FakeVir-JA at Sophos

...

Troj/Pushdo-AB

- Troj/Pushdo-AB at Sophos

...

Troj/Qhost-AC

- Troj/Qhost-AC at Sophos

Troj/Qhost-AC is a Trojan for the Windows platform. When run Troj/Qhost-AC
attempts to modify the HOSTS file to prevent access to P2P websites.
...

W32/Waled-Gen

- W32/Waled-Gen at Sophos

W32/Waled-Gen is a worm for the Windows platform. W32/Waled-Gen includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client.
...

Troj/Ezio-I

- Troj/Ezio-I at Sophos

Troj/Ezio-I is a Trojan for the Windows platform. Troj/Ezio-I includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Ezio-I copies itself to: <Application Data>\Microsoft\logman.
exe ...

Troj/PWS-AXI

- Troj/PWS-AXI at Sophos

...

Troj/Taesb-A

- Troj/Taesb-A at Sophos

...

Troj/Tiotua-AC

- Troj/Tiotua-AC at Sophos

Troj/Tiotua-AC is a Trojan for the Windows platform. Troj/Tiotua-AC
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Tiotua-AC copies itself to the Windows folder and creates the following files:
...

Troj/Agent-IMW

- Troj/Agent-IMW at Sophos

...

0 writebacks [01/02/2009 05:42] [] permanent link



Virus Malware and Threat News for 20081231

Exploit:SymbOS/SMSCurse.A

- Exploit:SymbOS/SMSCurse.A at F-Secure

Exploit:/SymbOS/SMSCurse.A is a Denial-of-Service (DoS) exploit that affects messaging components of phones
that use Symbian Series 60 versions 2.6, 2.8, 3.0, 3.1, and Sony Ericsson UiQ devices. When the exploit
crashes SMS messaging on a phone, the phone remains otherwise completely functional. The only effect is that
it cannot rec...

W32.Downadup.B

- W32.Downadup.B at Norton Symantec

W32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote
Code Execution Vulnerability (BID 31874). It also attempts to spread to network shares protected by weak
passwords and blocks access to security-related Web sites.
...

Trojan.Downexec.C

- Trojan.Downexec.C at Norton Symantec

Trojan.Downexec.C is a Trojan horse that may download files and steal information from the compromised
computer....

WORM_DOWNAD.AD

- WORM_DOWNAD.AD at Trend Micro

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
arrive bundled with malware packages as a malware component.It drops copies of itself. This technique prevents
dropping of several copies of itself on already affected systems. It also locks its dropped copy to prevent
users fro...

Troj/Agent-IMR

- Troj/Agent-IMR at Sophos

...

Troj/Agent-IMS

- Troj/Agent-IMS at Sophos

...

Troj/Agent-IMT

- Troj/Agent-IMT at Sophos

...

Troj/FakeVir-IZ

- Troj/FakeVir-IZ at Sophos

...

Troj/Renos-CF

- Troj/Renos-CF at Sophos

Troj/Renos-CF is a Trojan for the Windows platform. When run Troj/Renos-CF
creates the file <System>\msxml71.dll (detected as Troj/Renos-CF) and creates the following registry
entries: HKCR\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\InprocServer32
...

W32/Confick-C

- W32/Confick-C at Sophos

...

Troj/Agent-IMO

- Troj/Agent-IMO at Sophos

...

Troj/Agent-IMQ

- Troj/Agent-IMQ at Sophos

...

Troj/BHO-IY

- Troj/BHO-IY at Sophos

...

Troj/Dloadr-CDU

- Troj/Dloadr-CDU at Sophos

...

Spyware.NetScreenWatch

- Spyware.NetScreenWatch at Norton Symantec

BehaviorSpyware.NetScreenWatch is a spyware program that monitors user activity on the compromised computer.
...

ExpressAntiVirus2009

- ExpressAntiVirus2009 at Norton Symantec

BehaviorExpressAntiVirus2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Troj/DwnLdr-HMG

- Troj/DwnLdr-HMG at Sophos

...

W32/Waled-F

- W32/Waled-F at Sophos

...

Troj/Dloadr-CEA

- Troj/Dloadr-CEA at Sophos

...

Troj/Dloadr-CDZ

- Troj/Dloadr-CDZ at Sophos

...

Troj/Spy-BC

- Troj/Spy-BC at Sophos

...

W32/Autorun-SV

- W32/Autorun-SV at Sophos

W32/Autorun-SV is a worm for the Windows platform. It is likely to arrive within a file
masquerading as a fake installer for legitimate software. When executed, W32/Autorun-SV
copies itself as boot.com to a folder named resycled on the root of the system drive and removable drives:
...

W32/MarioF-I

- W32/MarioF-I at Sophos

...

W32/Waled-E

- W32/Waled-E at Sophos

W32/Waled-E is a worm for the Windows platform. W32/Waled-E includes
functionality to access the internet and communicate with a remote server via HTTP and send itself out using
built-in SMTP client. The worm creates the following registry values to run itself on
Windows start...

Troj/Agent-IMM

- Troj/Agent-IMM at Sophos

...

Troj/Agent-IMU

- Troj/Agent-IMU at Sophos

Troj/Agent-IMU is a Trojan for the Windows platform. When run the Trojan
will copy itself to the system folder as the file csrcs.exe and set the following registry to ensure that it
is executed on system restart. HKLM\Software\Microsoft\Windows\Current
Version\Policies\Explore...

0 writebacks [01/01/2009 05:42] [] permanent link



March 2010
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Rss version