MWBLOG.ORG

Virus Malware and Threat News for 20090227

Suspicious.Vundo

- Suspicious.Vundo at Norton Symantec

Suspicious.Vundo is a detection technology designed to detect entirely new malware threats without traditional
signatures for the Vundo family of Trojans. This technology is aimed at detecting malicious software that has
been intentionally mutated or morphed by attackers.
...

Suspicious.Harakit

- Suspicious.Harakit at Norton Symantec

Suspicious.Harakit is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Mal/Blazgel-A

- Mal/Blazgel-A at Sophos

...

Mal/Dorf-A

- Mal/Dorf-A at Sophos

Mal/Dorf-A is a family malware that attempts to download and execute files from a remote location.
...

Troj/BlazDll-A

- Troj/BlazDll-A at Sophos

...

Troj/ObfJS-H

- Troj/ObfJS-H at Sophos

...

Troj/Agent-JBK

- Troj/Agent-JBK at Sophos

...

Troj/Agent-JBL

- Troj/Agent-JBL at Sophos

Troj/Agent-JBL is a Trojan for the Windows platform. Troj/Agent-JBL starts
the Windows installation service "msiserver". Troj/Agent-JBL downloads additional data
from a remote website.
...

Troj/AutoInf-T

- Troj/AutoInf-T at Sophos

...

Troj/Clicker-FG

- Troj/Clicker-FG at Sophos

Troj/Clicker-FG Trojan for the Windows platform. Troj/Clicker-FG attempts
to generate revenue by collecting email addresses and by automatically subscribing to on-line offers.
Troj/Clicker-FG may be installed as part of the installation for other software, such as
shareware o...

Troj/Clickr-I

- Troj/Clickr-I at Sophos

...

Troj/FakeAV-LD

- Troj/FakeAV-LD at Sophos

Troj/FakeAV-LD is a Trojan for the Windows platform. When first run,
Troj/FakeAV-LD copies itself to: <System>\sysguard.exe and creates the following
registry entry to launch itself at system startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\system to...

Troj/Clomp-B

- Troj/Clomp-B at Sophos

Troj/Clomp-B is a Trojan for the Windows platform. Troj/Clomp-B includes
functionality to access the internet and communicate with a remote server via HTTP, injecting code into
Internet Explorer. When Troj/Clomp-B is installed it may copy itself to uninstall.exe
in all Startup...

Troj/Dloadr-CHN

- Troj/Dloadr-CHN at Sophos

...

W32/Delf-FBQ

- W32/Delf-FBQ at Sophos

...

Troj/Agent-IYN

- Troj/Agent-IYN at Sophos

...

Troj/Agent-JBP

- Troj/Agent-JBP at Sophos

...

Troj/Buzus-AE

- Troj/Buzus-AE at Sophos

...

Troj/Agent-JBN

- Troj/Agent-JBN at Sophos

...

Troj/Agent-JBO

- Troj/Agent-JBO at Sophos

Troj/Agent-JBO is a Trojan for the Windows platform. Troj/Agent-JBO
includes functionality to access the internet and communicate with a remote server via HTTP, injecting code
into Internet Explorer. When Troj/Agent-JBO is installed it may copy itself to
uninstall.exe in all S...

Troj/Bckdr-QSD

- Troj/Bckdr-QSD at Sophos

...

Troj/FakeAV-LR

- Troj/FakeAV-LR at Sophos

...

0 writebacks [02/28/2009 22:43] [] permanent link

Virus Malware and Threat News for 20090226

P2P-Worm:W32/Bacteraloh

- P2P-Worm:W32/Bacteraloh at F-Secure

A type of worm that spreads over Peer-to-Peer (P2P) networks.
...

Trojan:W32/Monderd.gen

- Trojan:W32/Monderd.gen at F-Secure

Trojan.Win32.Monderd.gen is a generic detection for the Vundo trojan family.
...

ThreatNuker

- ThreatNuker at Norton Symantec

BehaviorThreatNuker is a misleading application that may give exaggerated reports of threats on the computer.
...

JS_DLOADR.ACF

- JS_DLOADR.ACF at Trend Micro

This script may be downloaded from remote sites by JS_DLOADR.ABO. It may be downloaded from certain remote
sites.Once executed, it takes advantage of the vulnerability in Windows Media Encoder 9 ActiveX Control in an
attempt to connect to a certain URL to download a file.As of this writing, however, the download URL is
inaccessible.M...

JS_DLOADR.ACE

- JS_DLOADR.ACE at Trend Micro

This script may be downloaded from remote sites by JS_DLOADR.ABO. It may be downloaded from certain remote
sites.It takes advantage of the vulnerability in Microsoft Data Access Components (MDAC) in an attempt to
connect to a URL to download a file. As a result, malicious routines of the downloaded file are exhibited on
the affected...

JS_DLOADR.ABO

- JS_DLOADR.ABO at Trend Micro

This script arives on a system as a file downloaded by JS_AGENT.AMWU from a certain remote site.Once executed,
it attempts to connect to several URLs to download more script malware. It also checks for ActiveX controls
and downloads other malicious scripts based on the installed ActiveX controls. Trend Micro detects these
script malw...

JS_AGENT.AMWU

- JS_AGENT.AMWU at Trend Micro

This is the Trend Micro detection for script files that use an iFrame tag to redirect users to certain
malicious URLs.Once an unsuspecting user views an infected Web page, it attempts to connect to certain URLs to
download files. Trend Micro detectes one of these downloaded files as JS_DLOADR.ABO. As a result, malicious
routines of t...

Mal/EncPk-HD

- Mal/EncPk-HD at Sophos

...

Troj/Agent-JBE

- Troj/Agent-JBE at Sophos

...

Troj/Bdoor-ATE

- Troj/Bdoor-ATE at Sophos

...

Troj/Cavzopa-A

- Troj/Cavzopa-A at Sophos

...

Troj/PWS-AYW

- Troj/PWS-AYW at Sophos

...

Troj/PWS-AYX

- Troj/PWS-AYX at Sophos

...

Troj/PWS-AYY

- Troj/PWS-AYY at Sophos

...

W32/Autoit-BW

- W32/Autoit-BW at Sophos

...

W32/Autorun-ZK

- W32/Autorun-ZK at Sophos

W32/Autorun-ZK is a worm for the Windows platform. When the application is
installed the following files are created: <System>\drivers\sysdrv32.sys -
detected as W32/Rbot-GXM <System>\wmisys.exe - copy of W32/Autorun-ZK
W32/Autorun...

Troj/Agent-JAZ

- Troj/Agent-JAZ at Sophos

...

Suspicious.Vundo

Suspicious.Harakit

Mal/Blazgel-A

- Mal/Blazgel-A at Sophos

...

Mal/Dorf-A

- Mal/Dorf-A at Sophos

Mal/Dorf-A is a family malware that attempts to download and execute files from a remote location.
...

Troj/BlazDll-A

- Troj/BlazDll-A at Sophos

...

Troj/ObfJS-H

- Troj/ObfJS-H at Sophos

...

Troj/Agent-JBK

- Troj/Agent-JBK at Sophos

...

Troj/Agent-JBL

Troj/AutoInf-T

- Troj/AutoInf-T at Sophos

...

Troj/Clicker-FG

Troj/Clickr-I

- Troj/Clickr-I at Sophos

...

Troj/FakeAV-LD

0 writebacks [02/27/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090225

Worm:SymbOS/Yxe

- Worm:SymbOS/Yxe at F-Secure

Worm:SymbOS/Yxe is malicious software for Symbian S60 3rd Edition Phones.
...

P2P-Worm:W32/Bacteraloh.H

- P2P-Worm:W32/Bacteraloh.H at F-Secure

A type of worm that spreads over Peer-to-Peer (P2P) networks.
...

Packed.Generic.210

- Packed.Generic.210 at Norton Symantec

Packed.Generic.210 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

W32.Ackantta.B@mm

- W32.Ackantta.B@mm at Norton Symantec

W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer and
spreads by copying itself to removable drives and shared folders.
...

Backdoor.Syzoor

- Backdoor.Syzoor at Norton Symantec

Backdoor.Syzoor is a Trojan horse that opens a back door on the compromised computer.
...

BAT_DELWIN.AA

- BAT_DELWIN.AA at Trend Micro

This batch file may be downloaded unknowingly by a user when visiting malicious Web site(s).When executed, it
displays the following message box:It then removes the Hidden, System, and Read-only attributes from several
key system files. This removes the system's protection of the said files, making them easier to delete. It
then dele...

Werly.A

- Werly.A at Panda

It infects the files with an EXE extension it finds in the affected computer. It reaches the
computer by distributing the previously infected files.
...

Troj/Agent-JAS

- Troj/Agent-JAS at Sophos

...

Troj/Agent-JAT

- Troj/Agent-JAT at Sophos

...

Troj/Agent-JAU

- Troj/Agent-JAU at Sophos

...

Troj/Dloadr-CHL

- Troj/Dloadr-CHL at Sophos

...

W32/Autoit-BV

- W32/Autoit-BV at Sophos

...

Mal/Dropper-AL

- Mal/Dropper-AL at Sophos

Mal/Dropper-AL is a Trojan for the Windows platform. When executed, Mal/Dropper-AL will drop and
execute other malware on the system.
...

Mal/Dropper-AP

- Mal/Dropper-AP at Sophos

Mal/Dropper-AP is a malicious program for the Windows platform.
...

Mal/GameDll-A

- Mal/GameDll-A at Sophos

...

P2P-Worm:W32/Bacteraloh

- P2P-Worm:W32/Bacteraloh at F-Secure

A type of worm that spreads over Peer-to-Peer (P2P) networks.
...

Trojan:W32/Monderd.gen

- Trojan:W32/Monderd.gen at F-Secure

Trojan.Win32.Monderd.gen is a generic detection for the Vundo trojan family.
...

ThreatNuker

- ThreatNuker at Norton Symantec

BehaviorThreatNuker is a misleading application that may give exaggerated reports of threats on the computer.
...

JS_DLOADR.ACF

JS_DLOADR.ACE

JS_DLOADR.ABO

JS_AGENT.AMWU

Mal/EncPk-HD

- Mal/EncPk-HD at Sophos

...

Troj/Agent-JBE

- Troj/Agent-JBE at Sophos

...

Troj/Bdoor-ATE

- Troj/Bdoor-ATE at Sophos

...

Troj/Cavzopa-A

- Troj/Cavzopa-A at Sophos

...

Troj/PWS-AYW

- Troj/PWS-AYW at Sophos

...

Troj/PWS-AYX

- Troj/PWS-AYX at Sophos

...

Troj/PWS-AYY

- Troj/PWS-AYY at Sophos

...

W32/Autoit-BW

- W32/Autoit-BW at Sophos

...

W32/Autorun-ZK

Troj/Agent-JAZ

- Troj/Agent-JAZ at Sophos

...

0 writebacks [02/26/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090224

W32.Spamuzle.E!inf

- W32.Spamuzle.E!inf at Norton Symantec

W32.Spamuzle.E!inf is a detection for files infected with W32.Spamuzle.E.
...

W32.Spamuzle.E

- W32.Spamuzle.E at Norton Symantec

W32.Spamuzle.E is a worm that spreads by copying itself to mapped drives. The worm may download potentially
malicious files and steal information from the compromised computer.
...

TROJ_AGENT.FAKZ

- TROJ_AGENT.FAKZ at Trend Micro

...

TROJ_PROXY.AEI

- TROJ_PROXY.AEI at Trend Micro

This Trojan may be dropped by other malware.It may be downloaded unknowingly by a user when visiting malicious
Web sites.It drops files, one of which is detected as BKDR_SMALL.NAT. As a result, malicious routines of the
dropped backdoor are exhibited on the affected system.It also modifies a certain file related to Mozilla-based
appl...

TROJ_MDROPPER.XR

- TROJ_MDROPPER.XR at Trend Micro

This is the Trend Micro detection for a specially crafted MS Excel file that exploits a zero-day vulnerability
in the following Microsoft Office Versions:Microsoft Office 2000 Service Pack 3Microsoft Office 2003 Service
Pack 1 or Service Pack 2Microsoft Office XP Service Pack 3It may be dropped by other malware. It may also be
downlo...

HTML_DLOADER.ZRP

- HTML_DLOADER.ZRP at Trend Micro

This malicious HTML file may be downloaded from remote sites by other malware. It may be downloaded
unknowingly by a user when visiting malicious Web sites. It may be hosted on a Web site and run when a user
accesses the said Web site.Once executed, it accesses a certain Web site to download a file that Trend Micro
detects as TROJ_DL...

JS_IFRAME.AZ

- JS_IFRAME.AZ at Trend Micro

This JavaScript (JS) malware may be downloaded from remote sites by HTML_DLOADER.AU. It may be downloaded from
certain remote sites. It may be hosted on a Web site and run when a user accesses the said Web site.It
connects to Web sites to possibly download other malicious files.
...

Anti-Virus-1

- Anti-Virus-1 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Pinit.B

- Pinit.B at Panda

It modifies the configuration of the Windows Explorer and allows its creator to make connections with the
computer through the Terminal Server. It spreads through the system drives, both shared and removable.
...

Mal/Behav-256

- Mal/Behav-256 at Sophos

...

Mal/EncPk-GZ

- Mal/EncPk-GZ at Sophos

...

Troj/Autothum-A

- Troj/Autothum-A at Sophos

Troj/Autothum-A is a Windows Shortcut (.lnk) file which executes a malicious VB script.
The script is typically a member of the VBS/Autorun family, for example VBS/Autorun-UC.
The script is typically called thumb.db. This is an attempt to disguise the true nature of the
file, ...

Troj/MalDoc-P

- Troj/MalDoc-P at Sophos

Troj/MalDoc-P detects exploited OLE2 documents.
...

Troj/Poison-AQ

- Troj/Poison-AQ at Sophos

...

Troj/Rootkit-EZ

- Troj/Rootkit-EZ at Sophos

...

Troj/Dloadr-CHH

- Troj/Dloadr-CHH at Sophos

...

Troj/Agent-IZR

- Troj/Agent-IZR at Sophos

Troj/Agent-IZR When the application is installed it creates the file <System>\prunnet.exe.
An entry is created in control panel Add & Remove Programs for uninstallation but
this does not actually remove Troj/Agent-IZR: Advertisement Service
Tro...

Worm:SymbOS/Yxe

- Worm:SymbOS/Yxe at F-Secure

Worm:SymbOS/Yxe is malicious software for Symbian S60 3rd Edition Phones.
...

P2P-Worm:W32/Bacteraloh.H

- P2P-Worm:W32/Bacteraloh.H at F-Secure

A type of worm that spreads over Peer-to-Peer (P2P) networks.
...

Packed.Generic.210

- Packed.Generic.210 at Norton Symantec

Packed.Generic.210 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

W32.Ackantta.B@mm

Backdoor.Syzoor

- Backdoor.Syzoor at Norton Symantec

Backdoor.Syzoor is a Trojan horse that opens a back door on the compromised computer.
...

BAT_DELWIN.AA

Werly.A

- Werly.A at Panda

It infects the files with an EXE extension it finds in the affected computer. It reaches the
computer by distributing the previously infected files.
...

Troj/Agent-JAS

- Troj/Agent-JAS at Sophos

...

Troj/Agent-JAT

- Troj/Agent-JAT at Sophos

...

Troj/Agent-JAU

- Troj/Agent-JAU at Sophos

...

Troj/Dloadr-CHL

- Troj/Dloadr-CHL at Sophos

...

W32/Autoit-BV

- W32/Autoit-BV at Sophos

...

Mal/Dropper-AL

- Mal/Dropper-AL at Sophos

Mal/Dropper-AL is a Trojan for the Windows platform. When executed, Mal/Dropper-AL will drop and
execute other malware on the system.
...

Mal/Dropper-AP

- Mal/Dropper-AP at Sophos

Mal/Dropper-AP is a malicious program for the Windows platform.
...

Mal/GameDll-A

- Mal/GameDll-A at Sophos

...

0 writebacks [02/25/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090223

Trojan.Mdropper.AC

- Trojan.Mdropper.AC at Norton Symantec

Trojan.Mdropper.AC is a Trojan horse that may download files on to the compromised computer.
...

SYMBOS_YXES.A

- SYMBOS_YXES.A at Trend Micro

This is the Trend Micro detection for a commercial Symbian application that has no propagation technique and
may arrive through manual distribution by affected users. It affects mobile devices running the Symbian
operating system with the Series 60 Platform user interface. It drops non-malicious files. It is capable of
terminating ce...

Troj/Agent-IZD

- Troj/Agent-IZD at Sophos

Troj/Agent-IZD copies itself to:- <system>\sysmgr.exe
It also installs the following file which is also detected as Troj/Agent-IZD:-
<system>\msvcrt2.
dll...

Troj/Dload-FK

- Troj/Dload-FK at Sophos

...

Troj/Drop-BW

- Troj/Drop-BW at Sophos

...

Troj/FakeAV-LM

- Troj/FakeAV-LM at Sophos

...

Troj/PdfJS-X

- Troj/PdfJS-X at Sophos

Troj/PdfJS-X is a PDF that contains malicious JavaScript.
...

W32/Autorun-ZG

- W32/Autorun-ZG at Sophos

W32/Autorun-ZG copies itself as a hidden file to all attached media and drives:
<root>\vshost.exe It also installs the following hidden file to all media and
drives: <root>/autorun.inf W32/Autorun-ZG installs the
follow...

Mal/Behav-255

- Mal/Behav-255 at Sophos

...

Troj/Agent-IYA

- Troj/Agent-IYA at Sophos

...

W32.Spamuzle.E!inf

- W32.Spamuzle.E!inf at Norton Symantec

W32.Spamuzle.E!inf is a detection for files infected with W32.Spamuzle.E.
...

W32.Spamuzle.E

TROJ_AGENT.FAKZ

- TROJ_AGENT.FAKZ at Trend Micro

...

TROJ_PROXY.AEI

TROJ_MDROPPER.XR

HTML_DLOADER.ZRP

JS_IFRAME.AZ

Anti-Virus-1

Pinit.B

Mal/Behav-256

- Mal/Behav-256 at Sophos

...

Mal/EncPk-GZ

- Mal/EncPk-GZ at Sophos

...

Troj/Autothum-A

Troj/MalDoc-P

- Troj/MalDoc-P at Sophos

Troj/MalDoc-P detects exploited OLE2 documents.
...

Troj/Poison-AQ

- Troj/Poison-AQ at Sophos

...

Troj/Rootkit-EZ

- Troj/Rootkit-EZ at Sophos

...

Troj/Dloadr-CHH

- Troj/Dloadr-CHH at Sophos

...

Troj/Agent-IZR

0 writebacks [02/24/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090222

Troj/Agent-IYY

- Troj/Agent-IYY at Sophos

...

Troj/FakeAle-MA

- Troj/FakeAle-MA at Sophos

...

Troj/FakeAle-MB

- Troj/FakeAle-MB at Sophos

...

Troj/Zbot-CZ

- Troj/Zbot-CZ at Sophos

...

Troj/Agent-IXB

- Troj/Agent-IXB at Sophos

...

Troj/CrbCryp-A

- Troj/CrbCryp-A at Sophos

...

Troj/Dloadr-CHE

- Troj/Dloadr-CHE at Sophos

...

Troj/Dwnldr-HOQ

- Troj/Dwnldr-HOQ at Sophos

...

Troj/Inject-EI

- Troj/Inject-EI at Sophos

...

Trojan.Mdropper.AC

- Trojan.Mdropper.AC at Norton Symantec

Trojan.Mdropper.AC is a Trojan horse that may download files on to the compromised computer.
...

SYMBOS_YXES.A

Troj/Agent-IZD

- Troj/Agent-IZD at Sophos

Troj/Agent-IZD copies itself to:- <system>\sysmgr.exe
It also installs the following file which is also detected as Troj/Agent-IZD:-
<system>\msvcrt2.
dll...

Troj/Dload-FK

- Troj/Dload-FK at Sophos

...

Troj/Drop-BW

- Troj/Drop-BW at Sophos

...

Troj/FakeAV-LM

- Troj/FakeAV-LM at Sophos

...

Troj/PdfJS-X

- Troj/PdfJS-X at Sophos

Troj/PdfJS-X is a PDF that contains malicious JavaScript.
...

W32/Autorun-ZG

Mal/Behav-255

- Mal/Behav-255 at Sophos

...

Troj/Agent-IYA

- Troj/Agent-IYA at Sophos

...

0 writebacks [02/23/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090221

Bloodhound.PDF.8

- Bloodhound.PDF.8 at Norton Symantec

Bloodhound.PDF.8 is a heuristic detection for potentially malicious PDF files that may exploit known
vulnerabilities in Adobe Acrobat in order to perform further malicious actions.
...

Mal/EncPk-GR

- Mal/EncPk-GR at Sophos

...

Mal/Fakedis-A

- Mal/Fakedis-A at Sophos

...

Troj/FakeAV-LH

- Troj/FakeAV-LH at Sophos

...

Troj/Agent-IYU

- Troj/Agent-IYU at Sophos

...

Troj/Bdoor-ATA

- Troj/Bdoor-ATA at Sophos

...

Troj/DwnLdr-HON

- Troj/DwnLdr-HON at Sophos

...

Troj/PdfJS-W

- Troj/PdfJS-W at Sophos

Troj/PdfJS-W is a malicious PDF file containing JavaScript that attempts to exploit CVE-2007-5659
in order to install other malware. (It is not related to the Feb 2009 Adobe security vulnerability:
CVE-2009-0658.)
...

Troj/SWFdldr-N

- Troj/SWFdldr-N at Sophos

...

W32/Sohana-BI

- W32/Sohana-BI at Sophos

W32/Sohana-BI is a worm for the Windows platform. W32/Sohana-BI includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Sohana-BI copies itself to: <Windows>\gphone.exe
<System&g...

W32/Zbot-CX

- W32/Zbot-CX at Sophos

...

Troj/Agent-IYY

- Troj/Agent-IYY at Sophos

...

Troj/FakeAle-MA

- Troj/FakeAle-MA at Sophos

...

Troj/FakeAle-MB

- Troj/FakeAle-MB at Sophos

...

Troj/Zbot-CZ

- Troj/Zbot-CZ at Sophos

...

Troj/Agent-IXB

- Troj/Agent-IXB at Sophos

...

Troj/CrbCryp-A

- Troj/CrbCryp-A at Sophos

...

Troj/Dloadr-CHE

- Troj/Dloadr-CHE at Sophos

...

Troj/Dwnldr-HOQ

- Troj/Dwnldr-HOQ at Sophos

...

Troj/Inject-EI

- Troj/Inject-EI at Sophos

...

0 writebacks [02/22/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090220

Trojan:SymbOS/Yxe

- Trojan:SymbOS/Yxe at F-Secure

Trojan:SymbOS/Yxe is malicious software for Symbian S60 3rd Edition Phones.
...

SymbOS.Exy.A

- SymbOS.Exy.A at Norton Symantec

SymbOS.Exy.A is a Trojan horse that attempts to send SMS messages to randomly generated numbers.
...

SymbOS.Exy.B

- SymbOS.Exy.B at Norton Symantec

SymbOS.Exy.B is a Trojan horse that attempts to send SMS messages to a predetermined number.
...

TROJ_PIDIEF.IN

- TROJ_PIDIEF.IN at Trend Micro

This Trojan is a specially crafted .PDF file that exploits a zero-day vulnerability in Acrobat Reader Version
8.x and 9.0.The said vulnerability causes the application to crash and could potentially allow an attacker to
take control of the affected system. Differing variants of this file drop various malware onto the affected
system....

TROJ_EMBED.BA

- TROJ_EMBED.BA at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious Web site(s).It exploits the
following vulnerability in certain versions of Microsoft Office and Microsoft Works to allow the execution of
malicious code:Vulnerability in Microsoft Word Could Allow Remote Code ExecutionIt contains an embedded MFC
executable wh...

Troj/Agent-IYS

- Troj/Agent-IYS at Sophos

...

Troj/BHO-KC

- Troj/BHO-KC at Sophos

...

Troj/Dloadr-CHD

- Troj/Dloadr-CHD at Sophos

...

Troj/FakeAle-LY

- Troj/FakeAle-LY at Sophos

Troj/FakeAle-LY is a Trojan for the Windows platform. Troj/FakeAle-LY
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/FakeAle-LY copies itself to <WINDOWS>\sysguard.exe. The
following...

Troj/Waled-AZ

- Troj/Waled-AZ at Sophos

Troj/Waled-AZ is a Trojan for the Windows platform. Troj/Waled-AZ contains
functionality to contact remote web sites and send spam email. Troj/Waled-AZ also sets
the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\R...

Troj/Agent-IYQ

- Troj/Agent-IYQ at Sophos

...

Troj/Agent-IYR

- Troj/Agent-IYR at Sophos

...

Troj/Dload-FJ

- Troj/Dload-FJ at Sophos

...

Troj/Dloadr-CHC

- Troj/Dloadr-CHC at Sophos

...

Troj/FakeAV-LF

- Troj/FakeAV-LF at Sophos

...

Bloodhound.PDF.8

Mal/EncPk-GR

- Mal/EncPk-GR at Sophos

...

Mal/Fakedis-A

- Mal/Fakedis-A at Sophos

...

Troj/FakeAV-LH

- Troj/FakeAV-LH at Sophos

...

Troj/Agent-IYU

- Troj/Agent-IYU at Sophos

...

Troj/Bdoor-ATA

- Troj/Bdoor-ATA at Sophos

...

Troj/DwnLdr-HON

- Troj/DwnLdr-HON at Sophos

...

Troj/PdfJS-W

Troj/SWFdldr-N

- Troj/SWFdldr-N at Sophos

...

W32/Sohana-BI

W32/Zbot-CX

- W32/Zbot-CX at Sophos

...

0 writebacks [02/21/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090219

HTML_DLOADER.AS

- HTML_DLOADER.AS at Trend Micro

This malicious HTML file may be downloaded from remote site(s) by the following malware: XML_DLOADER.AIt may
be hosted on a Web site and run when a user accesses the said Web site.It accesses Web sites to download a
certain file which is detected by Trend Micro as BKDR_AGENT.XZMS.It takes advantage of the following software
vulnerabi...

WORM_DOWNAD.AP

- WORM_DOWNAD.AP at Trend Micro

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may
arrive bundled with malware packages as a malware component.It may also arrive via removable drives or through
a vulnerability.It drops copies of itself. This technique prevents dropping of several copies of itself on
already af...

TROJ_AGENT.AMRL

- TROJ_AGENT.AMRL at Trend Micro

This Trojan may be downloaded from a remote site. Upon execution, it connects to a remote URL. The said URL
contains fake news, informing its intended readers that a British prime minister has died. This Trojan drops a
file detected as BAT_AGENT.ZYM. It modifies the Internet Explorer home page to point to a site hosting
adult-related...

P2PWorm.AA

- P2PWorm.AA at Panda

It displays advertisements through pop-up windows when the user is browsing through the Internet. It
downloads different samples of malware to the affected computer, which are then
distributed through different P2P programs.
...

Troj/FakeAV-LE

- Troj/FakeAV-LE at Sophos

Troj/FakeAV-LE is a Trojan for the Windows platform. Troj/FakeAV-LE
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/FakeAV-LE copies itself to <System>\frmwrk32.exe and creates the clean data
file <Syste...

Troj/FakeVir-KR

- Troj/FakeVir-KR at Sophos

...

Troj/Mdrop-BZK

- Troj/Mdrop-BZK at Sophos

Troj/Mdrop-BZK is a password protected self-extracting archive, that exports its file to the
<SYSTEM> folder.
...

Troj/ServU-FQ

- Troj/ServU-FQ at Sophos

Troj/ServU-FQ is a modified version of a commercial FTP application.
Troj/ServU-FQ runs continuously in the background providing an FTP server on a TCP port specified in its
configuration file (the default is port 43958). Troj/ServU-FQ is installed the
following files are crea...

W32/Waled-AY

- W32/Waled-AY at Sophos

...

Mal/Uplink-A

- Mal/Uplink-A at Sophos

...

Troj/Agent-IYG

- Troj/Agent-IYG at Sophos

...

Troj/Agent-IYH

- Troj/Agent-IYH at Sophos

...

Troj/Agent-IYI

- Troj/Agent-IYI at Sophos

...

Trojan:SymbOS/Yxe

- Trojan:SymbOS/Yxe at F-Secure

Trojan:SymbOS/Yxe is malicious software for Symbian S60 3rd Edition Phones.
...

SymbOS.Exy.A

- SymbOS.Exy.A at Norton Symantec

SymbOS.Exy.A is a Trojan horse that attempts to send SMS messages to randomly generated numbers.
...

SymbOS.Exy.B

- SymbOS.Exy.B at Norton Symantec

SymbOS.Exy.B is a Trojan horse that attempts to send SMS messages to a predetermined number.
...

TROJ_PIDIEF.IN

TROJ_EMBED.BA

Troj/Agent-IYS

- Troj/Agent-IYS at Sophos

...

Troj/BHO-KC

- Troj/BHO-KC at Sophos

...

Troj/Dloadr-CHD

- Troj/Dloadr-CHD at Sophos

...

Troj/FakeAle-LY

Troj/Waled-AZ

Troj/Agent-IYQ

- Troj/Agent-IYQ at Sophos

...

Troj/Agent-IYR

- Troj/Agent-IYR at Sophos

...

Troj/Dload-FJ

- Troj/Dload-FJ at Sophos

...

Troj/Dloadr-CHC

- Troj/Dloadr-CHC at Sophos

...

Troj/FakeAV-LF

- Troj/FakeAV-LF at Sophos

...

0 writebacks [02/20/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090218

Trojan.Immbesq!Inf

- Trojan.Immbesq!Inf at Norton Symantec

Trojan.Immbesq!Inf is a detection for the infection of a legitimate Windows DLL file so that it imports an
additional malicious DLL file.
...

MalwareDoctor

- MalwareDoctor at Norton Symantec

BehaviorMalwareDoctor is a misleading application that may give exaggerated reports of threats on the computer.
...

W32.Pavsee.C

- W32.Pavsee.C at Norton Symantec

W32.Pavsee.C is a virus that infects .exe and .com files on mapped drives from C to F.
...

Troj/Banker-EPI

- Troj/Banker-EPI at Sophos

...

Troj/BHO-JZ

- Troj/BHO-JZ at Sophos

...

Troj/Dloadr-CGY

- Troj/Dloadr-CGY at Sophos

...

Troj/DwnLdr-HOM

- Troj/DwnLdr-HOM at Sophos

...

Troj/FakeAle-LV

- Troj/FakeAle-LV at Sophos

Troj/FakeAle-LV is a Trojan for the Windows platform. Troj/FakeAle-LV is a
rogue security program that displays false warnings regarding viruses detected on the infected computer.
...

Troj/FakeAle-LW

- Troj/FakeAle-LW at Sophos

Troj/FakeAle-LW is a Trojan for the Windows platform. Troj/FakeAle-LW is a
rogue security program that displays false warnings regarding malware on the infected computer.
Troj/FakeAle-LW installs a browser helper object detected as Troj/BHO-JZ.
...

Troj/FakeVir-KO

- Troj/FakeVir-KO at Sophos

...

Troj/FakeVir-KP

- Troj/FakeVir-KP at Sophos

...

W32/Kimchi-A

- W32/Kimchi-A at Sophos

W32/Kimchi-A is an file infecting virus for the Windows platform. Once run
W32/Kimchi-A remains resident and continues to infect executable files on the computer.
W32/Kimchi-A attempts to connect to an IRC server in order to receive commands from a remote user.
...

W32/Kimchi-B

- W32/Kimchi-B at Sophos

W32/Kimchi-B is a polymorphic fast-infecting executable file virus for the Windows platform.
W32/Kimchi-B attempts to open an IRC backdoor in order to receive commands from a remote user.
...

HTML_DLOADER.AS

WORM_DOWNAD.AP

TROJ_AGENT.AMRL

P2PWorm.AA

Troj/FakeAV-LE

Troj/FakeVir-KR

- Troj/FakeVir-KR at Sophos

...

Troj/Mdrop-BZK

- Troj/Mdrop-BZK at Sophos

Troj/Mdrop-BZK is a password protected self-extracting archive, that exports its file to the
<SYSTEM> folder.
...

Troj/ServU-FQ

W32/Waled-AY

- W32/Waled-AY at Sophos

...

Mal/Uplink-A

- Mal/Uplink-A at Sophos

...

Troj/Agent-IYG

- Troj/Agent-IYG at Sophos

...

Troj/Agent-IYH

- Troj/Agent-IYH at Sophos

...

Troj/Agent-IYI

- Troj/Agent-IYI at Sophos

...

0 writebacks [02/19/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090217

BKDR_AGENT.XZMS

- BKDR_AGENT.XZMS at Trend Micro

This backdoor may be downloaded by HTML_DLOADER.AS.It drops a component file, which is also detected as
BKDR_AGENT.XZMS. It makes changes to the Windows registry, some of which allow its automatic execution at
every system startup.It creates a hidden window of Internet Explorer which connects to the following Web site
to listen for r...

XML_DLOADER.A

- XML_DLOADER.A at Trend Micro

This malicious XML file may be downloaded unknowingly by a user when visiting malicious Web site(s).It takes
advantage of the following software vulnerability, which allows a remote malicious user or malware to download
files on the affected machine: Vulnerability in Internet Explorer Could Allow Remote Code ExecutionHowever,
instead...

Sality.AO

- Sality.AO at Panda

It infects executable files (with an EXE and SCR extension) and files with an ASP, HTM and PHP extension, in
order to download more malware to the affected computer. It reaches the computer by distributing the
previously infected files.
...

Mal/Autorun-E

- Mal/Autorun-E at Sophos

...

Mal/FakeAV-W

- Mal/FakeAV-W at Sophos

...

Troj/Dloadr-CGW

- Troj/Dloadr-CGW at Sophos

...

Troj/FakeAV-LA

- Troj/FakeAV-LA at Sophos

...

Mal/EncPk-HC

- Mal/EncPk-HC at Sophos

...

Mal/SpyAgent-C

- Mal/SpyAgent-C at Sophos

Mal/SpyAgent-C is a malicious program for the Windows platform.
...

Troj/Agent-IXS

- Troj/Agent-IXS at Sophos

Troj/Agent-IXS is a Trojan for the Windows platform. Troj/Agent-IXS
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-IXS copies itself to <System>\svhchost.exe. The
following reg...

Troj/Bckdr-QRU

- Troj/Bckdr-QRU at Sophos

...

Troj/DwnLdr-HOJ

- Troj/DwnLdr-HOJ at Sophos

...

Troj/Inject-EF

- Troj/Inject-EF at Sophos

...

Trojan.Immbesq!Inf

- Trojan.Immbesq!Inf at Norton Symantec

Trojan.Immbesq!Inf is a detection for the infection of a legitimate Windows DLL file so that it imports an
additional malicious DLL file.
...

MalwareDoctor

- MalwareDoctor at Norton Symantec

BehaviorMalwareDoctor is a misleading application that may give exaggerated reports of threats on the computer.
...

W32.Pavsee.C

- W32.Pavsee.C at Norton Symantec

W32.Pavsee.C is a virus that infects .exe and .com files on mapped drives from C to F.
...

Troj/Banker-EPI

- Troj/Banker-EPI at Sophos

...

Troj/BHO-JZ

- Troj/BHO-JZ at Sophos

...

Troj/Dloadr-CGY

- Troj/Dloadr-CGY at Sophos

...

Troj/DwnLdr-HOM

- Troj/DwnLdr-HOM at Sophos

...

Troj/FakeAle-LV

Troj/FakeAle-LW

Troj/FakeVir-KO

- Troj/FakeVir-KO at Sophos

...

Troj/FakeVir-KP

- Troj/FakeVir-KP at Sophos

...

W32/Kimchi-A

W32/Kimchi-B

0 writebacks [02/18/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090216

AntispywareProtector

- AntispywareProtector at Norton Symantec

BehaviorAntispywareProtector is a misleading application that may give exaggerated reports of threats on the
computer....

Waledac.J

- Waledac.J at Panda

Its main objective is to spread via email in a message that uses the Saint Valentine's Day as a bait and that
contains a link to a malicious website from which a copy of itself is downloaded.
...

Mal/EncPk-HA

- Mal/EncPk-HA at Sophos

...

Mal/VB-Z

- Mal/VB-Z at Sophos

Mal/VB-Z is a family of Trojans for the Windows platform.
...

Troj/Agent-IXK

- Troj/Agent-IXK at Sophos

...

Troj/Agent-IXL

- Troj/Agent-IXL at Sophos

...

Troj/Dloadr-CGR

- Troj/Dloadr-CGR at Sophos

...

Troj/Dloadr-CGS

- Troj/Dloadr-CGS at Sophos

...

Troj/Dloadr-CGT

- Troj/Dloadr-CGT at Sophos

...

Troj/Dloadr-CGU

- Troj/Dloadr-CGU at Sophos

...

Troj/FakeAle-LU

- Troj/FakeAle-LU at Sophos

...

Troj/FreeVid-A

- Troj/FreeVid-A at Sophos

Troj/FreeVid-A is a Trojan which masquerades as a free pornographic video - typically of Paris
Hilton. When first run, Troj/FreeVid-A creates another executable file which is made to
run when Windows starts.
...

BKDR_AGENT.XZMS

XML_DLOADER.A

Sality.AO

Mal/Autorun-E

- Mal/Autorun-E at Sophos

...

Mal/FakeAV-W

- Mal/FakeAV-W at Sophos

...

Troj/Dloadr-CGW

- Troj/Dloadr-CGW at Sophos

...

Troj/FakeAV-LA

- Troj/FakeAV-LA at Sophos

...

Mal/EncPk-HC

- Mal/EncPk-HC at Sophos

...

Mal/SpyAgent-C

- Mal/SpyAgent-C at Sophos

Mal/SpyAgent-C is a malicious program for the Windows platform.
...

Troj/Agent-IXS

Troj/Bckdr-QRU

- Troj/Bckdr-QRU at Sophos

...

Troj/DwnLdr-HOJ

- Troj/DwnLdr-HOJ at Sophos

...

Troj/Inject-EF

- Troj/Inject-EF at Sophos

...

0 writebacks [02/17/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090215

WORM_WALEDAC.BK

- WORM_WALEDAC.BK at Trend Micro

...

Troj/FakeAle-LR

- Troj/FakeAle-LR at Sophos

...

W32/Waled-AS

- W32/Waled-AS at Sophos

...

W32/Waled-AT

- W32/Waled-AT at Sophos

...

Troj/MDrop-BZE

- Troj/MDrop-BZE at Sophos

When Troj/MDrop-BZE is installed it creates the file <System>\deebeecea.dll - detected as
W32/AutoRun-QD.
...

Troj/OnLineG-O

- Troj/OnLineG-O at Sophos

...

W32/Autoit-BQ

- W32/Autoit-BQ at Sophos

...

Troj/FakeAle-LQ

- Troj/FakeAle-LQ at Sophos

...

Troj/FakeAV-KX

- Troj/FakeAV-KX at Sophos

...

Troj/FakeAV-KY

- Troj/FakeAV-KY at Sophos

Troj/FakeAV-KY is a Trojan for the Windows platform. Troj/FakeAV-KY
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/FakeAV-KY is installed it creates the file <Current Folder>\%ORIGFILENAME.
...

Troj/FakeVir-KK

- Troj/FakeVir-KK at Sophos

...

AntispywareProtector

- AntispywareProtector at Norton Symantec

BehaviorAntispywareProtector is a misleading application that may give exaggerated reports of threats on the
computer....

Waledac.J

Mal/EncPk-HA

- Mal/EncPk-HA at Sophos

...

Mal/VB-Z

- Mal/VB-Z at Sophos

Mal/VB-Z is a family of Trojans for the Windows platform.
...

Troj/Agent-IXK

- Troj/Agent-IXK at Sophos

...

Troj/Agent-IXL

- Troj/Agent-IXL at Sophos

...

Troj/Dloadr-CGR

- Troj/Dloadr-CGR at Sophos

...

Troj/Dloadr-CGS

- Troj/Dloadr-CGS at Sophos

...

Troj/Dloadr-CGT

- Troj/Dloadr-CGT at Sophos

...

Troj/Dloadr-CGU

- Troj/Dloadr-CGU at Sophos

...

Troj/FakeAle-LU

- Troj/FakeAle-LU at Sophos

...

Troj/FreeVid-A

0 writebacks [02/16/2009 22:43] [] permanent link

Virus Malware and Threat News for 20090214

Troj/Agent-IXC

- Troj/Agent-IXC at Sophos

...

Troj/FakeAV-KW

- Troj/FakeAV-KW at Sophos

...

W32/Waled-AR

- W32/Waled-AR at Sophos

...

Troj/Agent-IWZ

- Troj/Agent-IWZ at Sophos

Troj/Agent-IWZ is a Trojan for the Windows platform. When Troj/Agent-IWZ is
installed it creates the file <Temp>\bt6840.bat - detected as Troj/Agent-IWZ.
...

Troj/Agent-IXA

- Troj/Agent-IXA at Sophos

...

Troj/JSDown-F

- Troj/JSDown-F at Sophos

...

Troj/Small-EMU

- Troj/Small-EMU at Sophos

...

Troj/Zbot-CL

- Troj/Zbot-CL at Sophos

...

Troj/Zbot-CM

- Troj/Zbot-CM at Sophos

...

Troj/Zbot-CN

- Troj/Zbot-CN at Sophos

...

WORM_WALEDAC.BK

- WORM_WALEDAC.BK at Trend Micro

...

Troj/FakeAle-LR

- Troj/FakeAle-LR at Sophos

...

W32/Waled-AS

- W32/Waled-AS at Sophos

...

W32/Waled-AT

- W32/Waled-AT at Sophos

...

Troj/MDrop-BZE

- Troj/MDrop-BZE at Sophos

When Troj/MDrop-BZE is installed it creates the file <System>\deebeecea.dll - detected as
W32/AutoRun-QD.
...

Troj/OnLineG-O

- Troj/OnLineG-O at Sophos

...

W32/Autoit-BQ

- W32/Autoit-BQ at Sophos

...

Troj/FakeAle-LQ

- Troj/FakeAle-LQ at Sophos

...

Troj/FakeAV-KX

- Troj/FakeAV-KX at Sophos

...

Troj/FakeAV-KY

Troj/FakeVir-KK

- Troj/FakeVir-KK at Sophos

...

0 writebacks [02/15/2009 22:44] [] permanent link

Virus Malware and Threat News for 20090213

Incognito

- Incognito at Norton Symantec

BehaviorIncognito is a security assessment tool that can allow a remote user to escalate domain privileges.
...

NoVideo.A

- NoVideo.A at Panda

It prevents the preview of the pictures and videos from being viewed through Internet Explorer and
downloads the adware detected as Suurch to the affected computer. It does not spread automatically by its own
means....

Troj/RegDfndr-A

- Troj/RegDfndr-A at Sophos

Troj/RegDfndr-A is a Trojan for the Windows platform. Troj/RegDfndr-A is a
rogue security application that fraudulently reports false threats in order to prompt the user into purchasing
the software....

Troj/RegDfndr-B

- Troj/RegDfndr-B at Sophos

...

Mal/Bifrose-P

- Mal/Bifrose-P at Sophos

Mal/Bifrose-P is a family of backdoor Trojans.
...

Mal/Dropper-AC

- Mal/Dropper-AC at Sophos

Mal/Dropper-AC is a malicious program for the Windows platform. Detection
for members of Mal/Dropper-AC is behavior based. It is extremely important that customers report detections of
Mal/Dropper-AC to Sophos and send a sample for analysis.
...

Troj/Agent-IWX

- Troj/Agent-IWX at Sophos

...

Troj/Agent-IWY

- Troj/Agent-IWY at Sophos

...

Troj/Bifrose-WU

- Troj/Bifrose-WU at Sophos

...

Troj/Dloadr-CGQ

- Troj/Dloadr-CGQ at Sophos

...

Troj/FakeAle-LP

- Troj/FakeAle-LP at Sophos

Troj/FakeAle-LP is a Trojan for the Windows platform. Troj/FakeAle-LP
includes functionality to access the internet and communicate with a remote server via HTTP.
The following registry entry is created to run Troj/FakeAle-LP on startup:
HKCU\Software\Mi...

Troj/FakeAV-KV

- Troj/FakeAV-KV at Sophos

...

Troj/Agent-IXC

- Troj/Agent-IXC at Sophos

...

Troj/FakeAV-KW

- Troj/FakeAV-KW at Sophos

...

W32/Waled-AR

- W32/Waled-AR at Sophos

...

Troj/Agent-IWZ

- Troj/Agent-IWZ at Sophos

Troj/Agent-IWZ is a Trojan for the Windows platform. When Troj/Agent-IWZ is
installed it creates the file <Temp>\bt6840.bat - detected as Troj/Agent-IWZ.
...

Troj/Agent-IXA

- Troj/Agent-IXA at Sophos

...

Troj/JSDown-F

- Troj/JSDown-F at Sophos

...

Troj/Small-EMU

- Troj/Small-EMU at Sophos

...

Troj/Zbot-CL

- Troj/Zbot-CL at Sophos

...

Troj/Zbot-CM

- Troj/Zbot-CM at Sophos

...

Troj/Zbot-CN

- Troj/Zbot-CN at Sophos

...

0 writebacks [02/14/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090212

Bloodhound.PDF.6

- Bloodhound.PDF.6 at Norton Symantec

Bloodhound.PDF.6 is a heuristic detection for potentially malicious PDF files that may exploit a vulnerability
in Adobe Acrobat in order to perform further malicious actions.
...

Trojan.Pidief.E

- Trojan.Pidief.E at Norton Symantec

Trojan.Pidief.E is a Trojan horse that attempts to exploit a vulnerability in Adobe Acrobat Reader in order to
drop more files on to the compromised computer.
...

MS09-005

- MS09-005 at Panda

It is a group of important vulnerabilities in Visio 2007/2003/2002, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged-on user.
...

MS09-004

- MS09-004 at Panda

It is an important vulnerability in several versions of SQL Server, which allows hackers to gain remote
control of the affected computer with the same privileges as the logged on user.
...

Troj/Agent-IWR

- Troj/Agent-IWR at Sophos

Troj/Agent-IWR is a Trojan for the Windows platform. Troj/Agent-IWR copies
itself to <SYSTEM>\userinit.exe, saving the original Windows file to <SYSTEM>\init32.exe.
Troj/Agent-IWR also drops additional malware detected as Mal/FakeVirPk-A.
...

Troj/Agent-IWS

- Troj/Agent-IWS at Sophos

...

Troj/Agent-IWT

- Troj/Agent-IWT at Sophos

...

Troj/FakeAV-KU

- Troj/FakeAV-KU at Sophos

...

Troj/FakeVir-KJ

- Troj/FakeVir-KJ at Sophos

...

Troj/HackTl-C

- Troj/HackTl-C at Sophos

...

Troj/KeyLog-LF

- Troj/KeyLog-LF at Sophos

...

Troj/Mdrop-BZB

- Troj/Mdrop-BZB at Sophos

...

Troj/PSW-GI

- Troj/PSW-GI at Sophos

Troj/PSW-GI is a Trojan for the Windows platform. When run Troj/PSW-GI
copies itself to <System>\wins\setup\msmgrs.exe and creates the files: <Start
Menu>\ntdll.lnk - this file can be deleted <System>\wins\syskl32.sys - this file can be
deleted ...

W32/Autorun-XP

- W32/Autorun-XP at Sophos

W32/Autorun-XP is a worm for the Windows platform. W32/Autorun-XP copies
itself to <WINDOWS>\system\wmisync.exe and creates a service named "WMISYNC" to run on startup.
W32/Autorun-XP spreads via removable storage devices and local network shares.
...

Incognito

- Incognito at Norton Symantec

BehaviorIncognito is a security assessment tool that can allow a remote user to escalate domain privileges.
...

NoVideo.A

Troj/RegDfndr-A

Troj/RegDfndr-B

- Troj/RegDfndr-B at Sophos

...

Mal/Bifrose-P

- Mal/Bifrose-P at Sophos

Mal/Bifrose-P is a family of backdoor Trojans.
...

Mal/Dropper-AC

Troj/Agent-IWX

- Troj/Agent-IWX at Sophos

...

Troj/Agent-IWY

- Troj/Agent-IWY at Sophos

...

Troj/Bifrose-WU

- Troj/Bifrose-WU at Sophos

...

Troj/Dloadr-CGQ

- Troj/Dloadr-CGQ at Sophos

...

Troj/FakeAle-LP

Troj/FakeAV-KV

- Troj/FakeAV-KV at Sophos

...

0 writebacks [02/13/2009 22:45] [] permanent link

Virus Malware and Threat News for 20090211

Trojan:SymbOS/Yakkis.A

- Trojan:SymbOS/Yakkis.A at F-Secure

Yakkis.A is a trojan for Symbian phones running Series 60 (S60) first and second edition. Once installed
Yakkis will prevent the phone from booting up.
...

MS09-003

- MS09-003 at Panda

It is a group of critical vulnerabilities in several versions of Exchange Server, which allows hackers to gain
remote control of the affected computer with the same privileges as the logged on user and denial of service
attacks to be launched.
...

MS09-002

- MS09-002 at Panda

It is a group of critical vulnerabilities in Internet Explorer 7 in Windows 2008/Vista/2003/XP, which allows
hackers to gain remote control of the affected computer with the same privileges as the logged on user.
...

Troj/Agent-IWL

- Troj/Agent-IWL at Sophos

Troj/Agent-IWL is a Trojan for the Windows platform. Troj/Agent-IWL is
known to be installed as the file <System>\digeste.dll.
...

Troj/Agent-IWM

- Troj/Agent-IWM at Sophos

...

Troj/Dloadr-CGN

- Troj/Dloadr-CGN at Sophos

Troj/Dloadr-CGN is a Trojan for the Windows platform. Troj/Dloadr-CGN
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Dloadr-CGN creates the following file: <System>\imejpmig.exe
...

Troj/Dloadr-CGO

- Troj/Dloadr-CGO at Sophos

...

Troj/FakeAV-KS

- Troj/FakeAV-KS at Sophos

Troj/FakeAV-KS is fake anti-spyware software for the Windows platform.
Troj/FakeAV-KS creates a dummy installation of a known adware/spyware and changes the computer wallpaper to
display the following message: Warning! Security report
...

Troj/Small-ELT

- Troj/Small-ELT at Sophos

...

Troj/VB-EBX

- Troj/VB-EBX at Sophos

...

W32/Autorun-XH

- W32/Autorun-XH at Sophos

W32/Autorun-XH is a Visual Basic Script worm for the Windows platform. When
first run, W32/Autorun-XH attempts to disable a list of anti-virus software, first by killing running
processes, and then by associating a debugger via the following type of registry entry:
HKLM\SOFTWA...

W32/Autorun-XJ

- W32/Autorun-XJ at Sophos

W32/Autorun-XJ is a worm for the Windows platform. When first run,
W32/Autorun-XJ copies itself to the following location: C:
\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013win32.exe The following registry
entry is created to start W32/Autorun-XJ when Windows...

Troj/Agent-IWK

- Troj/Agent-IWK at Sophos

Troj/Agent-IWK is a Trojan for the Window platform. When first run
Troj/Agent-IWK creates the file: <User>\<Temp>\bt<four random
numbers>.bat This file attempts to alter the URL to IP mappings in the HOSTS file
and to change the Interne...

Bloodhound.PDF.6

Trojan.Pidief.E

MS09-005

MS09-004

Troj/Agent-IWR

Troj/Agent-IWS

- Troj/Agent-IWS at Sophos

...

Troj/Agent-IWT

- Troj/Agent-IWT at Sophos

...

Troj/FakeAV-KU

- Troj/FakeAV-KU at Sophos

...

Troj/FakeVir-KJ

- Troj/FakeVir-KJ at Sophos

...

Troj/HackTl-C

- Troj/HackTl-C at Sophos

...

Troj/KeyLog-LF

- Troj/KeyLog-LF at Sophos

...

Troj/Mdrop-BZB

- Troj/Mdrop-BZB at Sophos

...

Troj/PSW-GI

W32/Autorun-XP

0 writebacks [02/12/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090210

TROJ_VIRUX.A

- TROJ_VIRUX.A at Trend Micro

...

PE_VIRUT.BO

- PE_VIRUT.BO at Trend Micro

This is Trend Micro's detection for files infected by a certain PE_VIRUT variant.This file infector may be
downloaded from remote URLs by HTML_XPLOIT.V. The file downloaded from the said URLs, when cleaned is verified
malicious and is detected as TROJ_VIRUX.A. This file infector creates a registry entry.This file infector
infects by ...

HTML_XPLOIT.V

- HTML_XPLOIT.V at Trend Micro

...

HTML_IFRAME.NV

- HTML_IFRAME.NV at Trend Micro

This malicious HTML code may be hosted on a Web site and run when a user accesses the said Web site.This is
the Trend Micro detection for Web pages infected by PE_VIRUX.A and were compromised through the insertion of a
certain iFrame tag. Once an unsuspecting user views an infected Web page, it attempts to connect to a remote
URL to ...

Autorun.INJ

- Autorun.INJ at Panda

It disables options such as Add/Remove Programs, Folder Options or Run of the Start menu, among
others, and displays several error messages. It spreads through the system drives, both shared and
removable....

Sinowal.VZR

- Sinowal.VZR at Panda

It is designed to obtain confidential information, such as the information entered in the forms of the
websites belonging to certain banking entities. It is being distributed in email messages that seem to be
sent by several flying companies.
...

Troj/Mdrop-BYX

- Troj/Mdrop-BYX at Sophos

...

Troj/Agent-IWC

- Troj/Agent-IWC at Sophos

...

Troj/Agent-IWD

- Troj/Agent-IWD at Sophos

Troj/Agent-IWD is a Trojan for the Windows platform. When first run
Troj/Agent-IWD copies itself to <System>\ksvc32.exe. The following registry
entries are created to run ksvc32.exe on startup: HKLM\SOFTWARE\Microsoft\Active
Setup\Installed Compone...

Troj/Agent-IWE

- Troj/Agent-IWE at Sophos

...

Troj/Agent-IWF

- Troj/Agent-IWF at Sophos

...

Troj/Agent-IWG

- Troj/Agent-IWG at Sophos

Troj/Agent-IWG is a Trojan for the Windows platform. Troj/Agent-IWG copies
itself to <WINDOWS>\system\msddll.exe. Troj/Agent-IWG creates a service named
"msddll" which runs on startup.
...

Troj/Bckdr-QRR

- Troj/Bckdr-QRR at Sophos

...

Troj/BioZom-Gen

- Troj/BioZom-Gen at Sophos

...

Troj/FakeAV-KO

- Troj/FakeAV-KO at Sophos

...

Troj/FakeAV-KP

- Troj/FakeAV-KP at Sophos

Troj/FakeAV-KP is a Trojan for the Windows platform. Troj/FakeAV-KP
includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/FakeAV-KP drops the file <System>\drivers\beep.sys, also detected as Troj/FakeAV-KP.
...

Trojan:SymbOS/Yakkis.A

- Trojan:SymbOS/Yakkis.A at F-Secure

Yakkis.A is a trojan for Symbian phones running Series 60 (S60) first and second edition. Once installed
Yakkis will prevent the phone from booting up.
...

MS09-003

MS09-002

Troj/Agent-IWL

- Troj/Agent-IWL at Sophos

Troj/Agent-IWL is a Trojan for the Windows platform. Troj/Agent-IWL is
known to be installed as the file <System>\digeste.dll.
...

Troj/Agent-IWM

- Troj/Agent-IWM at Sophos

...

Troj/Dloadr-CGN

Troj/Dloadr-CGO

- Troj/Dloadr-CGO at Sophos

...

Troj/FakeAV-KS

Troj/Small-ELT

- Troj/Small-ELT at Sophos

...

Troj/VB-EBX

- Troj/VB-EBX at Sophos

...

W32/Autorun-XH

W32/Autorun-XJ

Troj/Agent-IWK

0 writebacks [02/11/2009 22:41] [] permanent link

Virus Malware and Threat News for 20090209

Troj/Agent-IVV

- Troj/Agent-IVV at Sophos

...

Troj/Agent-IVW

- Troj/Agent-IVW at Sophos

...

Troj/Banker-EPF

- Troj/Banker-EPF at Sophos

Troj/Banker-EPF removes personal banking security software from the local computer.
...

Troj/Bdoor-ARX

- Troj/Bdoor-ARX at Sophos

Troj/Bdoor-ARX is a Trojan for the Windows platform. Troj/Bdoor-ARX copies
itself to <WINDOWS>\sysguard.exe and sets a registry entry to run on startup.
Troj/Bdoor-ARX calls home to known illegitimate websites.
...

Troj/Dloadr-CGL

- Troj/Dloadr-CGL at Sophos

...

Troj/Dloadr-CGM

- Troj/Dloadr-CGM at Sophos

...

W32/Waled-AD

- W32/Waled-AD at Sophos

...

W32/Waled-AE

- W32/Waled-AE at Sophos

...

Troj/Agent-IVR

- Troj/Agent-IVR at Sophos

...

TROJ_VIRUX.A

- TROJ_VIRUX.A at Trend Micro

...

PE_VIRUT.BO

HTML_XPLOIT.V

- HTML_XPLOIT.V at Trend Micro

...

HTML_IFRAME.NV

Autorun.INJ

Sinowal.VZR

Troj/Mdrop-BYX

- Troj/Mdrop-BYX at Sophos

...

Troj/Agent-IWC

- Troj/Agent-IWC at Sophos

...

Troj/Agent-IWD

Troj/Agent-IWE

- Troj/Agent-IWE at Sophos

...

Troj/Agent-IWF

- Troj/Agent-IWF at Sophos

...

Troj/Agent-IWG

Troj/Bckdr-QRR

- Troj/Bckdr-QRR at Sophos

...

Troj/BioZom-Gen

- Troj/BioZom-Gen at Sophos

...

Troj/FakeAV-KO

- Troj/FakeAV-KO at Sophos

...

Troj/FakeAV-KP

0 writebacks [02/10/2009 22:43] [] permanent link

Virus Malware and Threat News for 20090208

Trojan.Feedel

- Trojan.Feedel at Norton Symantec

Trojan.Feedel is a Trojan horse that may download potentially malicious files on to the compromised computer.
...

Troj/Agent-IVQ

- Troj/Agent-IVQ at Sophos

...

W32/Autorun-WH

- W32/Autorun-WH at Sophos

...

Troj/Dialer-FZ

- Troj/Dialer-FZ at Sophos

...

Troj/Agent-IVO

- Troj/Agent-IVO at Sophos

Troj/Agent-IVO is a Trojan for the Windows platform. When first run
Troj/Agent-IVO copies itself to <User>\Application Data\intranetexplorer.exe. The
following registry entries are created to run Troj/Agent-IVO on startup:
HKLM\SOFTWARE\Microsoft\W...

Troj/Agent-IVP

- Troj/Agent-IVP at Sophos

Troj/Agent-IVP is a Trojan for the Windows platform. When first run
Troj/Agent-IVP copies itself to <User>\Application Data\eehl\eehl.exe and creates the following files:
<User>\Application Data\eehl\aoob.dll <User>\Application
Data\eehl\eehl.dll ...

Troj/Mdrop-BYW

- Troj/Mdrop-BYW at Sophos

...

Troj/PWS-AYB

- Troj/PWS-AYB at Sophos

...

W32/Waled-AA

- W32/Waled-AA at Sophos

...

Troj/BHO-JU

- Troj/BHO-JU at Sophos

...

Troj/VBWorz-Gen

- Troj/VBWorz-Gen at Sophos

Troj/VBWorz-Gen is a family of Trojans for the Windows platform.
...

Troj/Agent-IVV

- Troj/Agent-IVV at Sophos

...

Troj/Agent-IVW

- Troj/Agent-IVW at Sophos

...

Troj/Banker-EPF

- Troj/Banker-EPF at Sophos

Troj/Banker-EPF removes personal banking security software from the local computer.
...

Troj/Bdoor-ARX

Troj/Dloadr-CGL

- Troj/Dloadr-CGL at Sophos

...

Troj/Dloadr-CGM

- Troj/Dloadr-CGM at Sophos

...

W32/Waled-AD

- W32/Waled-AD at Sophos

...

W32/Waled-AE

- W32/Waled-AE at Sophos

...

Troj/Agent-IVR

- Troj/Agent-IVR at Sophos

...

0 writebacks [02/09/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090207

Troj/Buzus-E

- Troj/Buzus-E at Sophos

Troj/Buzus-E is a Trojan for the Windows platform. When first run
Troj/Buzus-E copies itself to <System>\sysmgr.exe and creates the clean data file <System>\msvcrt2.
dll. The following registry entry is created to run sysmgr.exe on startup:
HK...

Troj/FakeAv-KN

- Troj/FakeAv-KN at Sophos

...

W32/Rbot-GXK

- W32/Rbot-GXK at Sophos

W32/Rbot-GXK is a worm with backdoor functionality for the Windows platform.
W32/Rbot-GXK runs continuously in the background, providing a backdoor server which allows a remote intruder
to gain access and control over the computer. When first run W32/Rbot-GXK copies itself
to ...

Troj/Agent-ISS

- Troj/Agent-ISS at Sophos

...

Troj/DwnLdr-HNX

- Troj/DwnLdr-HNX at Sophos

...

Troj/FakeAv-JX

- Troj/FakeAv-JX at Sophos

...

Troj/Tanto-M

- Troj/Tanto-M at Sophos

Troj/Tanto-M is a Trojan for the Windows platform. Troj/Tanto-M includes
functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Tanto-M is installed it creates the file <Temp>\~dfb659.tmp.
...

Troj/Zbot-CK

- Troj/Zbot-CK at Sophos

Troj/Zbot-CK is a Trojan for the Windows platform. Troj/Zbot-CK includes
functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Zbot-CK is installed the following files are created: <System>\ntos.exe
...

W32/Karab-A

- W32/Karab-A at Sophos

W32/Karab-A is a USB aware worm. W32/Karab-A may display a picture of
Barack Obama on your computer. When W32/Karab-A infects it will copy itself to many
areas on the system. Folders will have a file created in them with the name "<Folder Name> .exe"
and "readme....

W32/Waled-Z

- W32/Waled-Z at Sophos

W32/Waled-Z is a worm for the Windows platform. W32/Waled-Z includes
functionality to access the internet and communicate with a remote server via HTTP. The
following registry entry is created to run W32/Waled-Z on startup:
HKLM\SOFTWARE\Microsoft\Window...

Trojan.Feedel

- Trojan.Feedel at Norton Symantec

Trojan.Feedel is a Trojan horse that may download potentially malicious files on to the compromised computer.
...

Troj/Agent-IVQ

- Troj/Agent-IVQ at Sophos

...

W32/Autorun-WH

- W32/Autorun-WH at Sophos

...

Troj/Dialer-FZ

- Troj/Dialer-FZ at Sophos

...

Troj/Agent-IVO

Troj/Agent-IVP

Troj/Mdrop-BYW

- Troj/Mdrop-BYW at Sophos

...

Troj/PWS-AYB

- Troj/PWS-AYB at Sophos

...

W32/Waled-AA

- W32/Waled-AA at Sophos

...

Troj/BHO-JU

- Troj/BHO-JU at Sophos

...

Troj/VBWorz-Gen

- Troj/VBWorz-Gen at Sophos

Troj/VBWorz-Gen is a family of Trojans for the Windows platform.
...

0 writebacks [02/08/2009 22:46] [] permanent link

Virus Malware and Threat News for 20090206

Mal/Behav-243

- Mal/Behav-243 at Sophos

...

Troj/Agent-IVK

- Troj/Agent-IVK at Sophos

...

Troj/Agent-IVL

- Troj/Agent-IVL at Sophos

...

Troj/Delfin-Fam

- Troj/Delfin-Fam at Sophos

Troj/Delfin-Fam is a family of Trojans for the Windows platform that attempt to decrypt more
malicious code and inject it into memory.
...

Troj/Keylog-LC

- Troj/Keylog-LC at Sophos

...

Troj/Mdrop-BYV

- Troj/Mdrop-BYV at Sophos

Troj/Mdrop-BYV drops the following files: - <System>\1039a\atrdinac.exe
(detected as CommAd Installer) - <System>\mgi\htuidll.dll (detected as Mal/Generic-A)
- <System>\stk\stuxderr.exe (detected as Mal/Generic-A) - <Windows>\444.470
(detected as Ma...

Troj/Proxy-IX

- Troj/Proxy-IX at Sophos

...

W32/Autorun-WX

- W32/Autorun-WX at Sophos

...

W32/Scribble-A

- W32/Scribble-A at Sophos

W32/Scribble-A is a polymorphic virus for the Windows platform.
W32/Scribble-A allows a remote attacker to gain access and control over the infected computer through IRC
channels. W32/Scribble-A infects files with the EXE and SCR extensions when they are
opened or run. ...

Troj/FakeVir-KF

- Troj/FakeVir-KF at Sophos

...

Troj/Buzus-E

Troj/FakeAv-KN

- Troj/FakeAv-KN at Sophos

...

W32/Rbot-GXK

Troj/Agent-ISS

- Troj/Agent-ISS at Sophos

...

Troj/DwnLdr-HNX

- Troj/DwnLdr-HNX at Sophos

...

Troj/FakeAv-JX

- Troj/FakeAv-JX at Sophos

...

Troj/Tanto-M

Troj/Zbot-CK

W32/Karab-A

W32/Waled-Z

0 writebacks [02/07/2009 22:50] [] permanent link

Virus Malware and Threat News for 20090205

Suspicious.MH690.A

- Suspicious.MH690.A at Norton Symantec

Suspicious.MH690.A is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

PE_VIRUX.A

- PE_VIRUX.A at Trend Micro

...

Troj/Dloadr-CGK

- Troj/Dloadr-CGK at Sophos

...

Troj/Agent-IVB

- Troj/Agent-IVB at Sophos

When run Troj/Agent-IVB sets the following registry entry to start automatically
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\<random characters>
<Temp>\csrssc.exe Troj/Agent-IVB sets the following registry entries reducing
system security: ...

Troj/BHO-JS

- Troj/BHO-JS at Sophos

Troj/BHO-JS is a Trojan for the Windows platform. The Troj/BHO-JS DLL is
registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry
entries under: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\...

Troj/Dloadr-CGI

- Troj/Dloadr-CGI at Sophos

...

Troj/Dloadr-CGJ

- Troj/Dloadr-CGJ at Sophos

Troj/Dloadr-CGJ is a Trojan downloader that runs within Windows Media Player.
When opened with Windows Media Player, Troj/Dloadr-CGJ opens a link to a website which then redirects your
browser to another potentially malicious location.
...

Troj/MDrop-BYT

- Troj/MDrop-BYT at Sophos

Troj/MDrop-BYT is a Trojan for the Windows platform. When Troj/MDrop-BYT is
installed it creates the file <Temp>\TDSS39b8.tmp. The file TDSS39b8.tmp is
detected as Troj/AdvHack-A.
...

Troj/Zlob-ARU

- Troj/Zlob-ARU at Sophos

...

W32/Amobot-A

- W32/Amobot-A at Sophos

W32/Amobot-A creates the registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System Cleaner
W32/Amobot-A includes functionality to connect to the internet.
...

W32/Waled-Y

- W32/Waled-Y at Sophos

W32/Waled-Y is a worm for the Windows platform. W32/Waled-Y includes
functionality to access the internet and communicate with a remote server via HTTP. The
following registry entry is created to run W32/Waled-Y on startup:
HKLM\SOFTWARE\Microsoft\Window...

Troj/Dloadr-CGH

- Troj/Dloadr-CGH at Sophos

...

Mal/Behav-243

- Mal/Behav-243 at Sophos

...

Troj/Agent-IVK

- Troj/Agent-IVK at Sophos

...

Troj/Agent-IVL

- Troj/Agent-IVL at Sophos

...

Troj/Delfin-Fam

- Troj/Delfin-Fam at Sophos

Troj/Delfin-Fam is a family of Trojans for the Windows platform that attempt to decrypt more
malicious code and inject it into memory.
...

Troj/Keylog-LC

- Troj/Keylog-LC at Sophos

...

Troj/Mdrop-BYV

Troj/Proxy-IX

- Troj/Proxy-IX at Sophos

...

W32/Autorun-WX

- W32/Autorun-WX at Sophos

...

W32/Scribble-A

Troj/FakeVir-KF

- Troj/FakeVir-KF at Sophos

...

0 writebacks [02/06/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090204

W32.Virut!html

- W32.Virut!html at Norton Symantec

W32.Virut!html is a generic detection for HTML files infected by variants of the W32.Virut family of viruses.
It may contain the functionality to redirect users to a malicious Web site that may exploit the browser.
...

Trojan.Ramag

- Trojan.Ramag at Norton Symantec

Trojan.Ramag is a generic detection for encrypted files that contain variants of Infostealer.Gampass or W32.
Gammima.AG....

VirusDoctor

- VirusDoctor at Norton Symantec

BehaviorVirusDoctor is a misleading application that may give exaggerated reports of threats on the computer.
...

W32.Virut.CF

- W32.Virut.CF at Norton Symantec

W32.Virut.CF is a virus that infects .exe and .scr files on the compromised computer.
...

TROJ_BHO.TW

- TROJ_BHO.TW at Trend Micro

This Trojan may be installed manually by a user.It may be downloaded unknowingly by a user when visiting
malicious Web sites.It drops files/components, including one that is detected by Trend Micro as TROJ_DLOADER.
UTI.It creates registry key(s)/entry(ies) as part of its installation routine.It deletes itself after
execution....

MSNWorm.FU

- MSNWorm.FU at Panda

It is designed to download instant messenger worms to the affected computer and prevents the
computer from being restarted in safe mode. It spreads via the instant messaging program MSN Messenger
and through removable drives.
...

Troj/Agent-IUV

- Troj/Agent-IUV at Sophos

...

Troj/Agent-IUW

- Troj/Agent-IUW at Sophos

...

Troj/Agent-IUX

- Troj/Agent-IUX at Sophos

...

Troj/BHO-JR

- Troj/BHO-JR at Sophos

...

Troj/FakeAV-KL

- Troj/FakeAV-KL at Sophos

...

Troj/Inject-EE

- Troj/Inject-EE at Sophos

...

Troj/Mdrop-BYS

- Troj/Mdrop-BYS at Sophos

Troj/Mdrop-BYS is a Trojan for the Windows platform. Troj/Mdrop-BYS
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Mdrop-BYS is installed the following files are created:
<Temp>\ixp000.tmp\<...

VBS/Redlof-A

- VBS/Redlof-A at Sophos

VBS/Redlof-A infects HTM, HTML, ASP, PHP, JSP, HTT and VBS files. The virus can be
activated by viewing an infected HTML document and may also be distributed by outgoing email
messages sent by Microsoft Outlook or Outlook Express. The method the virus uses to be delivered
with outgoing ...

W32/Autorun-VX

- W32/Autorun-VX at Sophos

...

W32/Autorun-WR

- W32/Autorun-WR at Sophos

W32/Autorun-WR copies itself to <System>\drivers\SCtri.exe.
W32/Autorun-WR alters <System>\sfc_os.dll to disable Windows File Protection. The hacked file is
detected as "Disabled System file Check DLL". W32/Autorun-WR installs itself as a
service with the display ...

Suspicious.MH690.A

PE_VIRUX.A

- PE_VIRUX.A at Trend Micro

...

Troj/Dloadr-CGK

- Troj/Dloadr-CGK at Sophos

...

Troj/Agent-IVB

Troj/BHO-JS

Troj/Dloadr-CGI

- Troj/Dloadr-CGI at Sophos

...

Troj/Dloadr-CGJ

Troj/MDrop-BYT

Troj/Zlob-ARU

- Troj/Zlob-ARU at Sophos

...

W32/Amobot-A

W32/Waled-Y

Troj/Dloadr-CGH

- Troj/Dloadr-CGH at Sophos

...

0 writebacks [02/05/2009 22:43] [] permanent link

Virus Malware and Threat News for 20090203

DirDel.A

- DirDel.A at Panda

It replaces gradually the folders of the different directories with a copy of itself and deletes the folders
and files located in the affected folders. It spreads making copies of itself in the mapped, shared and
removable drives....

Troj/BHO-JO

- Troj/BHO-JO at Sophos

...

Troj/BHO-JQ

- Troj/BHO-JQ at Sophos

...

Troj/Dloadr-CGB

- Troj/Dloadr-CGB at Sophos

...

Troj/FakeAV-KJ

- Troj/FakeAV-KJ at Sophos

...

W32/LibHack-A

- W32/LibHack-A at Sophos

W32/LibHack-A is a virus for the Windows platform. Files detected as
W32/LibHack-A may be an infected version of an otherwise legitimate application that has been changed to load
a malicious library file named "t32dm.dat".
...

W32/Narcha-B

- W32/Narcha-B at Sophos

...

W32/Sdbot-DNZ

- W32/Sdbot-DNZ at Sophos

W32/Sdbot-DNZ is a worm with IRC backdoor functionality for the Windows platform.
W32/Sdbot-DNZ runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels. When first run
W32/Sdb...

Mal/Poison-B

- Mal/Poison-B at Sophos

...

Troj/Agent-IUG

- Troj/Agent-IUG at Sophos

...

Troj/Bancos-BFE

- Troj/Bancos-BFE at Sophos

When run Troj/Bancos-BFE attempts to contact a remote and download file svchosl.exe. The file
svchosl.ex is also detected as Troj/Bancos-BFE. The following files are created:
<System>\RumDll.SYS - detected as Troj/Bancos-BFE <Root>\Outlook.exe -
detected...

W32.Virut!html

Trojan.Ramag

- Trojan.Ramag at Norton Symantec

Trojan.Ramag is a generic detection for encrypted files that contain variants of Infostealer.Gampass or W32.
Gammima.AG....

VirusDoctor

- VirusDoctor at Norton Symantec

BehaviorVirusDoctor is a misleading application that may give exaggerated reports of threats on the computer.
...

W32.Virut.CF

- W32.Virut.CF at Norton Symantec

W32.Virut.CF is a virus that infects .exe and .scr files on the compromised computer.
...

TROJ_BHO.TW

MSNWorm.FU

Troj/Agent-IUV

- Troj/Agent-IUV at Sophos

...

Troj/Agent-IUW

- Troj/Agent-IUW at Sophos

...

Troj/Agent-IUX

- Troj/Agent-IUX at Sophos

...

Troj/BHO-JR

- Troj/BHO-JR at Sophos

...

Troj/FakeAV-KL

- Troj/FakeAV-KL at Sophos

...

Troj/Inject-EE

- Troj/Inject-EE at Sophos

...

Troj/Mdrop-BYS

VBS/Redlof-A

W32/Autorun-VX

- W32/Autorun-VX at Sophos

...

W32/Autorun-WR

0 writebacks [02/04/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090202

TROJ_INJECT.XAXT

- TROJ_INJECT.XAXT at Trend Micro

...

JS_OBFUS.TRSA

- JS_OBFUS.TRSA at Trend Micro

...

TROJ_DROPPER.BUZ

- TROJ_DROPPER.BUZ at Trend Micro

...

P2PShared.AB

- P2PShared.AB at Panda

Its main objective is to spread via peer-to-peer (P2P) file sharing programs and email. It reaches
the computer in a file which has the icon of an email message.
...

Mal/EncPk-GY

- Mal/EncPk-GY at Sophos

...

Troj/Dloadr-CFY

- Troj/Dloadr-CFY at Sophos

...

Troj/Dloadr-CFZ

- Troj/Dloadr-CFZ at Sophos

...

Troj/DwnLdr-HNY

- Troj/DwnLdr-HNY at Sophos

...

Troj/FakeAv-KH

- Troj/FakeAv-KH at Sophos

...

Troj/FakeVir-KA

- Troj/FakeVir-KA at Sophos

...

Troj/Proxy-IW

- Troj/Proxy-IW at Sophos

...

Troj/Agent-ITP

- Troj/Agent-ITP at Sophos

...

Troj/Agent-ITQ

- Troj/Agent-ITQ at Sophos

...

Troj/Agent-ITR

- Troj/Agent-ITR at Sophos

Troj/Agent-ITR is a Trojan for the Windows platform. Troj/Agent-ITR
creates itself as a DLL in the <SYSTEM32> folder with a random name.
Troj/Agent-ITR also sets a registry entry such that the DLL is loaded into explorer.exe on startup.
HKLM\SOFTWARE\Microso...

DirDel.A

Troj/BHO-JO

- Troj/BHO-JO at Sophos

...

Troj/BHO-JQ

- Troj/BHO-JQ at Sophos

...

Troj/Dloadr-CGB

- Troj/Dloadr-CGB at Sophos

...

Troj/FakeAV-KJ

- Troj/FakeAV-KJ at Sophos

...

W32/LibHack-A

W32/Narcha-B

- W32/Narcha-B at Sophos

...

W32/Sdbot-DNZ

Mal/Poison-B

- Mal/Poison-B at Sophos

...

Troj/Agent-IUG

- Troj/Agent-IUG at Sophos

...

Troj/Bancos-BFE

0 writebacks [02/03/2009 22:42] [] permanent link

Virus Malware and Threat News for 20090201

Troj/Dloadr-CFX

- Troj/Dloadr-CFX at Sophos

...

Troj/FakeVir-JZ

- Troj/FakeVir-JZ at Sophos

...

Troj/Agent-ITE

- Troj/Agent-ITE at Sophos

...

Troj/Agent-ITF

- Troj/Agent-ITF at Sophos

...

Troj/PDFex-AL

- Troj/PDFex-AL at Sophos

...

W32/Autorun-WN

- W32/Autorun-WN at Sophos

...

Troj/Autorun-WM

- Troj/Autorun-WM at Sophos

...

W32/Waled-X

- W32/Waled-X at Sophos

...

Troj/Agent-ITD

- Troj/Agent-ITD at Sophos

...

Troj/FakeAle-LL

- Troj/FakeAle-LL at Sophos

...