MWBLOG.ORG

Virus Malware and Threat News for 20090530

Troj/Agent-KAU

- Troj/Agent-KAU at Sophos

...

Troj/Agent-KAV

- Troj/Agent-KAV at Sophos

...

Troj/Bdoor-AVI

- Troj/Bdoor-AVI at Sophos

...

Troj/Mdrop-CCT

- Troj/Mdrop-CCT at Sophos

...

Troj/Nebule-B

- Troj/Nebule-B at Sophos

Troj/Nebule-B is a Trojan for the Windows platform. Troj/Nebule-B drops a
malicious dll into the System folder when executed, for example:
<System>\winxyl32.dll (also detected as Troj/Nebule-B) The following Registry
entries are set to subsequently...

Troj/PWS-BAX

- Troj/PWS-BAX at Sophos

...

Troj/Agent-KAR

- Troj/Agent-KAR at Sophos

...

Troj/Agent-KAS

- Troj/Agent-KAS at Sophos

...

Troj/Agent-KAT

- Troj/Agent-KAT at Sophos

...

Troj/Delf-FCF

- Troj/Delf-FCF at Sophos

...

Troj/Agent-KAW

- Troj/Agent-KAW at Sophos

...

Troj/Agent-KAX

- Troj/Agent-KAX at Sophos

...

Troj/Dloadr-CNH

- Troj/Dloadr-CNH at Sophos

...

Mal/FakeAV-AX

- Mal/FakeAV-AX at Sophos

...

Troj/Bancos-BFR

- Troj/Bancos-BFR at Sophos

Troj/Bancos-BFR is a Trojan for the Windows platform. Troj/Bancos-BFR
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Bancos copies itself to <Windows>\ballon.exe.
...

Troj/Dloadr-CNG

- Troj/Dloadr-CNG at Sophos

Troj/Dloadr-CNG is a Trojan for the Windows platform. When Troj/Dloadr-CNG
is installed the following files are created: <System>\drivers\iofilter.sys
<System>\version.dll <System>\inf\layout.inf where
version32.d...

Troj/Lineag-CK

- Troj/Lineag-CK at Sophos

Troj/Lineag-CK is a Trojan for the Windows platform. When Troj/Lineag-CK is
installed the following files are created: <Current Folder>\35097del.bat
<System>\ro.dll The file ro.dll is also detected as Troj/Lineag-CK.
...

Troj/Nebule-Gen

- Troj/Nebule-Gen at Sophos

Troj/Nebule-Gen is a family of Trojans for the Windows platform.Members of Troj/Nebule-Gen may gather details
relating to dialup services and send collected information to a remote site via HTTP. The Trojans may inject
code into other processes in an attempt to remain hidden.
...

Troj/SwfDldr-H

- Troj/SwfDldr-H at Sophos

...

W32/AutoRun-AIR

- W32/AutoRun-AIR at Sophos

W32/AutoRun-AIR is a worm for the Windows platform. W32/AutoRun-AIR
includes functionality to access the internet and communicate with a remote server via HTTP.
When W32/AutoRun-AIR is installed the following files are created: <User>\My
Documents\...

0 writebacks [05/31/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090529

Worm:W32/PSW-Worm

- Worm:W32/PSW-Worm at F-Secure

...

Packed.Generic.230

- Packed.Generic.230 at Norton Symantec

Packed.Generic.230 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Bloodhound.Exploit.242

- Bloodhound.Exploit.242 at Norton Symantec

Bloodhound.Exploit.242 is a heuristic detection for files attempting to exploit the Microsoft PowerPoint Data
Out of Bounds Remote Stack Buffer Overflow Vulnerabilities (BID 34841).
...

Bloodhound.Exploit.241

- Bloodhound.Exploit.241 at Norton Symantec

Bloodhound.Exploit.241 is a heuristic detection for files attempting to exploit the Microsoft PowerPoint
Invalid Record Type Integer Overflow Vulnerability (BID 34835).
...

Packed.Generic.229

- Packed.Generic.229 at Norton Symantec

Packed.Generic.229 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

SpywareCease

- SpywareCease at Norton Symantec

BehaviorSpywareCease is a misleading application that may give exaggerated reports of threats on the computer.
...

Trojan.Bredolab

- Trojan.Bredolab at Norton Symantec

Trojan.Bredolab is a Trojan horse that downloads and executes a file from the Internet.
...

Mal/Behav-336

- Mal/Behav-336 at Sophos

...

Mal/Bifrose-R

- Mal/Bifrose-R at Sophos

...

Mal/DelpDldr-I

- Mal/DelpDldr-I at Sophos

...

Mal/Dropper-MFC

- Mal/Dropper-MFC at Sophos

...

Mal/Pigeo-B

- Mal/Pigeo-B at Sophos

...

Troj/BHO-ME

- Troj/BHO-ME at Sophos

...

Troj/FakeAv-RX

- Troj/FakeAv-RX at Sophos

...

Troj/Spy-CR

- Troj/Spy-CR at Sophos

...

Troj/TDSS-AD

- Troj/TDSS-AD at Sophos

...

Troj/Zlob-ASM

- Troj/Zlob-ASM at Sophos

Troj/Zlob-ASM is a downloader Trojan for the Windows platform. The
following files are typically installed: <System>\3407.exe
<Windows>\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
<Windows>\Tasks\{5B57CF47-0BFA-43c6-A...

Troj/Agent-KAU

- Troj/Agent-KAU at Sophos

...

Troj/Agent-KAV

- Troj/Agent-KAV at Sophos

...

Troj/Bdoor-AVI

- Troj/Bdoor-AVI at Sophos

...

Troj/Mdrop-CCT

- Troj/Mdrop-CCT at Sophos

...

Troj/Nebule-B

Troj/PWS-BAX

- Troj/PWS-BAX at Sophos

...

Troj/Agent-KAR

- Troj/Agent-KAR at Sophos

...

Troj/Agent-KAS

- Troj/Agent-KAS at Sophos

...

Troj/Agent-KAT

- Troj/Agent-KAT at Sophos

...

Troj/Delf-FCF

- Troj/Delf-FCF at Sophos

...

0 writebacks [05/30/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090528

Worm:W32/Revois

- Worm:W32/Revois at F-Secure

...

MSNWorm.GI

- MSNWorm.GI at Panda

Its main aim is to spread itself via the instant messaging program MSN Messenger and affect as many computers
as possible....

Mal/FakeAle-F

- Mal/FakeAle-F at Sophos

...

Mal/Pushdo-D

- Mal/Pushdo-D at Sophos

...

Troj/Agent-KAH

- Troj/Agent-KAH at Sophos

...

Troj/Agent-KAI

- Troj/Agent-KAI at Sophos

...

Troj/Dload-GL

- Troj/Dload-GL at Sophos

...

W32/AutoIt-EO

- W32/AutoIt-EO at Sophos

...

Troj/Agent-KAG

- Troj/Agent-KAG at Sophos

...

Troj/Cmjspy-AQ

- Troj/Cmjspy-AQ at Sophos

...

Troj/FlyStud-C

- Troj/FlyStud-C at Sophos

...

Troj/Mdrop-CCS

- Troj/Mdrop-CCS at Sophos

...

Worm:W32/PSW-Worm

- Worm:W32/PSW-Worm at F-Secure

...

Packed.Generic.230

- Packed.Generic.230 at Norton Symantec

Packed.Generic.230 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Bloodhound.Exploit.242

Bloodhound.Exploit.241

Packed.Generic.229

- Packed.Generic.229 at Norton Symantec

Packed.Generic.229 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

SpywareCease

- SpywareCease at Norton Symantec

BehaviorSpywareCease is a misleading application that may give exaggerated reports of threats on the computer.
...

Trojan.Bredolab

- Trojan.Bredolab at Norton Symantec

Trojan.Bredolab is a Trojan horse that downloads and executes a file from the Internet.
...

Mal/Behav-336

- Mal/Behav-336 at Sophos

...

Mal/Bifrose-R

- Mal/Bifrose-R at Sophos

...

Mal/DelpDldr-I

- Mal/DelpDldr-I at Sophos

...

Mal/Dropper-MFC

- Mal/Dropper-MFC at Sophos

...

Mal/Pigeo-B

- Mal/Pigeo-B at Sophos

...

Troj/BHO-ME

- Troj/BHO-ME at Sophos

...

Troj/FakeAv-RX

- Troj/FakeAv-RX at Sophos

...

Troj/Spy-CR

- Troj/Spy-CR at Sophos

...

Troj/TDSS-AD

- Troj/TDSS-AD at Sophos

...

Troj/Zlob-ASM

0 writebacks [05/29/2009 21:48] [] permanent link

Virus Malware and Threat News for 20090527

Mal/Behav-334

- Mal/Behav-334 at Sophos

...

Mal/Bifrose-S

- Mal/Bifrose-S at Sophos

Mal/Bifrose-S is a malicious program for the Windows platform. Detection
for members of Mal/Bifrose-S is behavior based. It is extremely important that customers report detections of
Mal/Bifrose-S to Sophos and send a sample for analysis.
...

Mal/Delf-X

- Mal/Delf-X at Sophos

...

Mal/Delp-B

- Mal/Delp-B at Sophos

...

Mal/Pigeo-A

- Mal/Pigeo-A at Sophos

...

Mal/PWS-X

- Mal/PWS-X at Sophos

...

Troj/Agent-KAF

- Troj/Agent-KAF at Sophos

...

Troj/Bckdr-QUR

- Troj/Bckdr-QUR at Sophos

...

Troj/Bckdr-QUS

- Troj/Bckdr-QUS at Sophos

...

Worm:W32/Revois

- Worm:W32/Revois at F-Secure

...

MSNWorm.GI

- MSNWorm.GI at Panda

Its main aim is to spread itself via the instant messaging program MSN Messenger and affect as many computers
as possible....

Mal/FakeAle-F

- Mal/FakeAle-F at Sophos

...

Mal/Pushdo-D

- Mal/Pushdo-D at Sophos

...

Troj/Agent-KAH

- Troj/Agent-KAH at Sophos

...

Troj/Agent-KAI

- Troj/Agent-KAI at Sophos

...

Troj/Dload-GL

- Troj/Dload-GL at Sophos

...

W32/AutoIt-EO

- W32/AutoIt-EO at Sophos

...

Troj/Agent-KAG

- Troj/Agent-KAG at Sophos

...

Troj/Cmjspy-AQ

- Troj/Cmjspy-AQ at Sophos

...

Troj/FlyStud-C

- Troj/FlyStud-C at Sophos

...

Troj/Mdrop-CCS

- Troj/Mdrop-CCS at Sophos

...

0 writebacks [05/28/2009 21:43] [] permanent link

Virus Malware and Threat News for 20090526

Worm:W32/Mabezat.B

- Worm:W32/Mabezat.B at F-Secure

...

WORM_NEERIS.L

- WORM_NEERIS.L at Trend Micro

This worm arrives on an affected system in several ways: it may be downloaded from remote sites by other
malware, downloaded unknowingly by a user when visiting malicious Web sites, or it may arrives via removable
drives. It spreads by dropping a copy of itself in all removable drives. It also drops an AUTORUN.INF file to
automatical...

WORM_KOOBFACE.EY

- WORM_KOOBFACE.EY at Trend Micro

This worm has received attention from independent media sources and/or other security firms.This worm may be
dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.It
searches for cookies created by certain social networking Web sites. Once cookies related to social networking
Web sites...

KillAV.KP

- KillAV.KP at Panda

It prevents the user from accessing websites belonging to antivirus companies and to support forums. It does
not spread automatically using its own means.
...

Mal/Behav-333

- Mal/Behav-333 at Sophos

...

Mal/Dial-X

- Mal/Dial-X at Sophos

...

Mal/FakeAle-E

- Mal/FakeAle-E at Sophos

...

Mal/Gluke-A

- Mal/Gluke-A at Sophos

...

Mal/Sisron-A

- Mal/Sisron-A at Sophos

...

Troj/Agent-JZS

- Troj/Agent-JZS at Sophos

...

Troj/Agent-JZT

- Troj/Agent-JZT at Sophos

...

Troj/Agent-JZU

- Troj/Agent-JZU at Sophos

...

Troj/Agent-JZV

- Troj/Agent-JZV at Sophos

...

Troj/Agent-JZW

- Troj/Agent-JZW at Sophos

...

Mal/Behav-334

- Mal/Behav-334 at Sophos

...

Mal/Bifrose-S

Mal/Delf-X

- Mal/Delf-X at Sophos

...

Mal/Delp-B

- Mal/Delp-B at Sophos

...

Mal/Pigeo-A

- Mal/Pigeo-A at Sophos

...

Mal/PWS-X

- Mal/PWS-X at Sophos

...

Troj/Agent-KAF

- Troj/Agent-KAF at Sophos

...

Troj/Bckdr-QUR

- Troj/Bckdr-QUR at Sophos

...

Troj/Bckdr-QUS

- Troj/Bckdr-QUS at Sophos

...

0 writebacks [05/27/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090525

PasswordStealer.BM

- PasswordStealer.BM at Panda

It obtains confidential information about the user, such as passwords stored in Internet Explorer, Outlook and
MSN Messenger, and about the affected computer, such as version of the operating system, username and IP
address. It spreads via IRC channels.
...

Troj/Agent-JZC

- Troj/Agent-JZC at Sophos

...

Troj/Agent-JZD

- Troj/Agent-JZD at Sophos

Troj/Agent-JZD is a Trojan for the Windows platform. Troj/Agent-JZD
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-JZD copies itself to <System>\servises.exe and creates the file
<System>\_id.d...

Troj/Agent-JZE

- Troj/Agent-JZE at Sophos

...

Troj/Agent-JZF

- Troj/Agent-JZF at Sophos

...

Troj/Agent-JZG

- Troj/Agent-JZG at Sophos

...

Troj/AutoIt-EH

- Troj/AutoIt-EH at Sophos

...

Troj/Dloadr-CMO

- Troj/Dloadr-CMO at Sophos

...

Troj/Dloadr-CMP

- Troj/Dloadr-CMP at Sophos

...

Troj/FakeAV-PAV

- Troj/FakeAV-PAV at Sophos

Troj/FakeAV-PAV is a Trojan for the Windows platform. Troj/FakeAV-PAV
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/FakeAV-PAV is installed the following file id created: <Program
Files>\pav\...

W32/AutoRun-AHU

- W32/AutoRun-AHU at Sophos

...

Worm:W32/Mabezat.B

- Worm:W32/Mabezat.B at F-Secure

...

WORM_NEERIS.L

WORM_KOOBFACE.EY

KillAV.KP

- KillAV.KP at Panda

It prevents the user from accessing websites belonging to antivirus companies and to support forums. It does
not spread automatically using its own means.
...

Mal/Behav-333

- Mal/Behav-333 at Sophos

...

Mal/Dial-X

- Mal/Dial-X at Sophos

...

Mal/FakeAle-E

- Mal/FakeAle-E at Sophos

...

Mal/Gluke-A

- Mal/Gluke-A at Sophos

...

Mal/Sisron-A

- Mal/Sisron-A at Sophos

...

Troj/Agent-JZS

- Troj/Agent-JZS at Sophos

...

Troj/Agent-JZT

- Troj/Agent-JZT at Sophos

...

Troj/Agent-JZU

- Troj/Agent-JZU at Sophos

...

Troj/Agent-JZV

- Troj/Agent-JZV at Sophos

...

Troj/Agent-JZW

- Troj/Agent-JZW at Sophos

...

0 writebacks [05/26/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090524

Troj/FakeAV-RM

- Troj/FakeAV-RM at Sophos

...

Troj/FakeAV-RN

- Troj/FakeAV-RN at Sophos

...

Troj/FakeAV-RO

- Troj/FakeAV-RO at Sophos

...

Troj/Agent-JVK

- Troj/Agent-JVK at Sophos

...

Troj/AutoIt-EG

- Troj/AutoIt-EG at Sophos

...

Troj/Banker-ESF

- Troj/Banker-ESF at Sophos

...

Troj/Banker-ESG

- Troj/Banker-ESG at Sophos

...

Troj/Agent-JYR

- Troj/Agent-JYR at Sophos

...

W32/AutoRun-AHT

- W32/AutoRun-AHT at Sophos

...

PasswordStealer.BM

Troj/Agent-JZC

- Troj/Agent-JZC at Sophos

...

Troj/Agent-JZD

Troj/Agent-JZE

- Troj/Agent-JZE at Sophos

...

Troj/Agent-JZF

- Troj/Agent-JZF at Sophos

...

Troj/Agent-JZG

- Troj/Agent-JZG at Sophos

...

Troj/AutoIt-EH

- Troj/AutoIt-EH at Sophos

...

Troj/Dloadr-CMO

- Troj/Dloadr-CMO at Sophos

...

Troj/Dloadr-CMP

- Troj/Dloadr-CMP at Sophos

...

Troj/FakeAV-PAV

W32/AutoRun-AHU

- W32/AutoRun-AHU at Sophos

...

0 writebacks [05/25/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090523

W32.Simouk

- W32.Simouk at Norton Symantec

W.32.Simouk is a virus that infects executable files on the compromised computer.
...

W32.Simouk

- W32.Simouk at Norton Symantec

W32.Simouk is a virus that infects .exe files on the compromised computer.
...

Troj/Agent-JYQ

- Troj/Agent-JYQ at Sophos

...

Troj/Banhost-AG

- Troj/Banhost-AG at Sophos

...

Troj/BankDL-DQ

- Troj/BankDL-DQ at Sophos

...

Troj/Banker-ESE

- Troj/Banker-ESE at Sophos

...

Troj/FakeAle-NP

- Troj/FakeAle-NP at Sophos

...

Troj/SWFDlr-J

- Troj/SWFDlr-J at Sophos

...

Troj/Agent-JYO

- Troj/Agent-JYO at Sophos

...

Troj/Agent-JYP

- Troj/Agent-JYP at Sophos

...

Troj/Banker-ESB

- Troj/Banker-ESB at Sophos

...

Troj/Banker-ESD

- Troj/Banker-ESD at Sophos

...

Troj/FakeAV-RM

- Troj/FakeAV-RM at Sophos

...

Troj/FakeAV-RN

- Troj/FakeAV-RN at Sophos

...

Troj/FakeAV-RO

- Troj/FakeAV-RO at Sophos

...

Troj/Agent-JVK

- Troj/Agent-JVK at Sophos

...

Troj/AutoIt-EG

- Troj/AutoIt-EG at Sophos

...

Troj/Banker-ESF

- Troj/Banker-ESF at Sophos

...

Troj/Banker-ESG

- Troj/Banker-ESG at Sophos

...

Troj/Agent-JYR

- Troj/Agent-JYR at Sophos

...

W32/AutoRun-AHT

- W32/AutoRun-AHT at Sophos

...

0 writebacks [05/24/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090522

Trojan.Pidief.F

- Trojan.Pidief.F at Norton Symantec

Trojan.Pidief.F is a Trojan horse that drops a back door on the compromised computer and exploits the Adobe
Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability (BID
34169)...

Mal/SalMem-A

- Mal/SalMem-A at Sophos

Mal/SalMem-A is an in-memory detection for the Mal/Sality-C file infecting virus.
...

Troj/FakeAle-NO

- Troj/FakeAle-NO at Sophos

...

W32/Vetor-DAM

- W32/Vetor-DAM at Sophos

W32/Vetor-DAM is a file that has been corrupted by the W32/Vetor-A file infecting virus.
Files detected as W32/Vetor-DAM are generally not recoverable and will usually have to be
restored from backup.
...

Mal/FakeAv-AW

- Mal/FakeAv-AW at Sophos

Mal/FakeAv-AW is a family of fake Anti-Virus Trojans. Mal/FakeAv-AW does
not include cleanup. It is very important that any samples detected as Mal/FakeAv-AW
are submitted to SophosLabs to help us improve our detection.
...

Troj/Agent-JYN

- Troj/Agent-JYN at Sophos

...

Troj/Bankr-D

- Troj/Bankr-D at Sophos

...

Troj/Click-G

- Troj/Click-G at Sophos

...

Troj/PDFJs-AT

- Troj/PDFJs-AT at Sophos

Troj/PDFJs-AT uses JavaScript within a PDF to install malware.
...

Troj/VB-EDK

- Troj/VB-EDK at Sophos

...

W32.Simouk

- W32.Simouk at Norton Symantec

W.32.Simouk is a virus that infects executable files on the compromised computer.
...

W32.Simouk

- W32.Simouk at Norton Symantec

W32.Simouk is a virus that infects .exe files on the compromised computer.
...

Troj/Agent-JYQ

- Troj/Agent-JYQ at Sophos

...

Troj/Banhost-AG

- Troj/Banhost-AG at Sophos

...

Troj/BankDL-DQ

- Troj/BankDL-DQ at Sophos

...

Troj/Banker-ESE

- Troj/Banker-ESE at Sophos

...

Troj/FakeAle-NP

- Troj/FakeAle-NP at Sophos

...

Troj/SWFDlr-J

- Troj/SWFDlr-J at Sophos

...

Troj/Agent-JYO

- Troj/Agent-JYO at Sophos

...

Troj/Agent-JYP

- Troj/Agent-JYP at Sophos

...

Troj/Banker-ESB

- Troj/Banker-ESB at Sophos

...

Troj/Banker-ESD

- Troj/Banker-ESD at Sophos

...

0 writebacks [05/23/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090521

W32.Korron.B

- W32.Korron.B at Norton Symantec

W32.Korron.B is a worm that replaces some file types with a copy of itself. It also copies itself to all
accessible drives on the compromised computer.
...

WORM_KOOBFACE.EX

- WORM_KOOBFACE.EX at Trend Micro

This worm has received attention from independent media sources and/or other security firms.This worm may be
dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.It
searches for cookies created by certain social networking Web sites. Once cookies related to social networking
Web sites...

HTML_JSREDIR.AE

- HTML_JSREDIR.AE at Trend Micro

This HTML has received attention from independent media sources and/or other security firms.This is a Trend
Micro detection for compromised HTML pages by the insertion of an encrypted malicious Javascript. The script
checks for the affected system's Web Browser and its version. It then generates a random string based on the
version. ...

Joleee.F

- Joleee.F at Panda

It obtains information about the affected computer, such as how long the computer is turned on or if
there is an SMTP service available. It downloads email addresses from a certain website to which it sends
messages that offer pharmaceuticals.
...

Mal/Horst-F

- Mal/Horst-F at Sophos

...

Mal/VBDrop-F

- Mal/VBDrop-F at Sophos

...

Troj/Agent-JYJ

- Troj/Agent-JYJ at Sophos

...

Troj/Agent-JYK

- Troj/Agent-JYK at Sophos

...

Troj/Agent-JYL

- Troj/Agent-JYL at Sophos

...

Troj/Dwgun-A

- Troj/Dwgun-A at Sophos

...

Troj/FakeAV-RK

- Troj/FakeAV-RK at Sophos

...

Troj/PcClien-MU

- Troj/PcClien-MU at Sophos

...

Troj/PHPShell-T

- Troj/PHPShell-T at Sophos

...

Trojan.Pidief.F

Mal/SalMem-A

- Mal/SalMem-A at Sophos

Mal/SalMem-A is an in-memory detection for the Mal/Sality-C file infecting virus.
...

Troj/FakeAle-NO

- Troj/FakeAle-NO at Sophos

...

W32/Vetor-DAM

Mal/FakeAv-AW

Troj/Agent-JYN

- Troj/Agent-JYN at Sophos

...

Troj/Bankr-D

- Troj/Bankr-D at Sophos

...

Troj/Click-G

- Troj/Click-G at Sophos

...

Troj/PDFJs-AT

- Troj/PDFJs-AT at Sophos

Troj/PDFJs-AT uses JavaScript within a PDF to install malware.
...

Troj/VB-EDK

- Troj/VB-EDK at Sophos

...

0 writebacks [05/22/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090520

Downloader.Kidkiti

- Downloader.Kidkiti at Norton Symantec

Downloader.Kidkiti is a Trojan horse that downloads files on to the compromised computer.
...

BKDR_QAKBOT.AF

- BKDR_QAKBOT.AF at Trend Micro

-->This backdoor may be downloaded unknowingly by a user when visiting malicious Web sites.It may arrive
bundled as a combination of files also detected as BKDR_QAKBOT.AF. It is then is injected into a process
running in memory. It creates a registry entry to enable its automatic execution at every system startup. This
backdoor conne...

WORM_KOOBFACE.BX

- WORM_KOOBFACE.BX at Trend Micro

This worm may be dropped by WORM_KOOBFACE.ER.Once executed, it propagates via social networking sites by
sending malicious links to all user contacts using an infected machine. These links redirect the user to
download copies of the worm.
...

Mal/Alureon-D

- Mal/Alureon-D at Sophos

...

Troj/Agent-JYC

- Troj/Agent-JYC at Sophos

...

Troj/BHO-MB

- Troj/BHO-MB at Sophos

...

Troj/Hosts-I

- Troj/Hosts-I at Sophos

...

W32/Autorun-AHK

- W32/Autorun-AHK at Sophos

...

Mal/PcClient-G

- Mal/PcClient-G at Sophos

...

Troj/Agent-JYA

- Troj/Agent-JYA at Sophos

...

Troj/Agent-JYB

- Troj/Agent-JYB at Sophos

...

W32.Korron.B

- W32.Korron.B at Norton Symantec

W32.Korron.B is a worm that replaces some file types with a copy of itself. It also copies itself to all
accessible drives on the compromised computer.
...

WORM_KOOBFACE.EX

HTML_JSREDIR.AE

Joleee.F

Mal/Horst-F

- Mal/Horst-F at Sophos

...

Mal/VBDrop-F

- Mal/VBDrop-F at Sophos

...

Troj/Agent-JYJ

- Troj/Agent-JYJ at Sophos

...

Troj/Agent-JYK

- Troj/Agent-JYK at Sophos

...

Troj/Agent-JYL

- Troj/Agent-JYL at Sophos

...

Troj/Dwgun-A

- Troj/Dwgun-A at Sophos

...

Troj/FakeAV-RK

- Troj/FakeAV-RK at Sophos

...

Troj/PcClien-MU

- Troj/PcClien-MU at Sophos

...

Troj/PHPShell-T

- Troj/PHPShell-T at Sophos

...

0 writebacks [05/21/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090519

VBS.Runauto.F

- VBS.Runauto.F at Norton Symantec

VBS.Runauto.F is a worm that spreads by copying itself to removable drives.
...

Infostealer.Daonol

- Infostealer.Daonol at Norton Symantec

Infostealer.Daonol is a Trojan horse that redirects network traffic and attempts to steal FTP account
information from the compromised computer.
...

TROJ_SMALL.UY

- TROJ_SMALL.UY at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious Web sites. Upon execution, it
creates folders. It adds an Uninstall option in the Control Panel. It creates registry entries as part of its
installation routine.It drops files detected by Trend Micro as TROJ_DLOADER.ZEK. It also drops several Adobe
Flash Play...

IRCBot.CNK

- IRCBot.CNK at Panda

It connects to an IRC server in order to receive remote commands. It spreads exploiting the LSASS
vulnerability, across network shares, and through shared, mapped and removable drives.
...

Mal/GamDam-B

- Mal/GamDam-B at Sophos

...

Mal/MDrop-Gen

- Mal/MDrop-Gen at Sophos

Detection for members of Mal/Mdrop-Gen is behavior based. It is extremely important that customers
report detections of Mal/Mdrop-Gen to Sophos and send a sample for analysis.
...

Mal/PurityDam-A

- Mal/PurityDam-A at Sophos

...

Mal/TDSSPack-L

- Mal/TDSSPack-L at Sophos

...

Mal/TDSSPack-M

- Mal/TDSSPack-M at Sophos

...

Troj/Agent-JWB

- Troj/Agent-JWB at Sophos

...

Troj/Agent-JXR

- Troj/Agent-JXR at Sophos

...

Troj/Agent-JXS

- Troj/Agent-JXS at Sophos

...

Troj/BHO-MA

- Troj/BHO-MA at Sophos

...

Troj/Delf-FCE

- Troj/Delf-FCE at Sophos

...

Downloader.Kidkiti

- Downloader.Kidkiti at Norton Symantec

Downloader.Kidkiti is a Trojan horse that downloads files on to the compromised computer.
...

BKDR_QAKBOT.AF

WORM_KOOBFACE.BX

Mal/Alureon-D

- Mal/Alureon-D at Sophos

...

Troj/Agent-JYC

- Troj/Agent-JYC at Sophos

...

Troj/BHO-MB

- Troj/BHO-MB at Sophos

...

Troj/Hosts-I

- Troj/Hosts-I at Sophos

...

W32/Autorun-AHK

- W32/Autorun-AHK at Sophos

...

Mal/PcClient-G

- Mal/PcClient-G at Sophos

...

Troj/Agent-JYA

- Troj/Agent-JYA at Sophos

...

Troj/Agent-JYB

- Troj/Agent-JYB at Sophos

...

0 writebacks [05/20/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090518

Autorun.IYQ

- Autorun.IYQ at Panda

It prevents the computer from being started in safe mode, does not allow to write on the removable
devices and reduces considerably the security level of the computer. It spreads through shared, mapped and
removable drives....

Troj/Agent-JWV

- Troj/Agent-JWV at Sophos

...

Troj/Agent-JWW

- Troj/Agent-JWW at Sophos

...

Troj/Banker-ERX

- Troj/Banker-ERX at Sophos

...

Troj/Bckdr-QUM

- Troj/Bckdr-QUM at Sophos

...

Troj/Bckdr-QUN

- Troj/Bckdr-QUN at Sophos

Troj/Bckdr-QUN drops the file <System>\drivers\fswudor.sys which is detected as Mal/Rustok-B.
...

Troj/BinSub-A

- Troj/BinSub-A at Sophos

...

Troj/Daonol-E

- Troj/Daonol-E at Sophos

...

Troj/Dloadr-CMK

- Troj/Dloadr-CMK at Sophos

...

VBS.Runauto.F

- VBS.Runauto.F at Norton Symantec

VBS.Runauto.F is a worm that spreads by copying itself to removable drives.
...

Infostealer.Daonol

- Infostealer.Daonol at Norton Symantec

Infostealer.Daonol is a Trojan horse that redirects network traffic and attempts to steal FTP account
information from the compromised computer.
...

TROJ_SMALL.UY

IRCBot.CNK

Mal/GamDam-B

- Mal/GamDam-B at Sophos

...

Mal/MDrop-Gen

Mal/PurityDam-A

- Mal/PurityDam-A at Sophos

...

Mal/TDSSPack-L

- Mal/TDSSPack-L at Sophos

...

Mal/TDSSPack-M

- Mal/TDSSPack-M at Sophos

...

Troj/Agent-JWB

- Troj/Agent-JWB at Sophos

...

Troj/Agent-JXR

- Troj/Agent-JXR at Sophos

...

Troj/Agent-JXS

- Troj/Agent-JXS at Sophos

...

Troj/BHO-MA

- Troj/BHO-MA at Sophos

...

Troj/Delf-FCE

- Troj/Delf-FCE at Sophos

...

0 writebacks [05/19/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090517

Troj/Agent-JWP

- Troj/Agent-JWP at Sophos

...

Troj/Mdrop-CCG

- Troj/Mdrop-CCG at Sophos

...

W32/Agent-JWO

- W32/Agent-JWO at Sophos

...

W32/Autorun-AHD

- W32/Autorun-AHD at Sophos

...

Troj/Agent-JWN

- Troj/Agent-JWN at Sophos

...

Troj/Banker-ERW

- Troj/Banker-ERW at Sophos

...

Troj/Bckdr-QUI

- Troj/Bckdr-QUI at Sophos

...

Troj/Iframe-BY

- Troj/Iframe-BY at Sophos

...

W32/Tiotua-AW

- W32/Tiotua-AW at Sophos

...

Troj/Agent-JWL

- Troj/Agent-JWL at Sophos

Troj/Agent-JWL is a Trojan for the Windows platform. When the
Troj/Agent-JWL is installed it is copied to <Windows>\winudpmgr.exe. The
following registry entry is created to run winudpmgr.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVers...

Autorun.IYQ

Troj/Agent-JWV

- Troj/Agent-JWV at Sophos

...

Troj/Agent-JWW

- Troj/Agent-JWW at Sophos

...

Troj/Banker-ERX

- Troj/Banker-ERX at Sophos

...

Troj/Bckdr-QUM

- Troj/Bckdr-QUM at Sophos

...

Troj/Bckdr-QUN

- Troj/Bckdr-QUN at Sophos

Troj/Bckdr-QUN drops the file <System>\drivers\fswudor.sys which is detected as Mal/Rustok-B.
...

Troj/BinSub-A

- Troj/BinSub-A at Sophos

...

Troj/Daonol-E

- Troj/Daonol-E at Sophos

...

Troj/Dloadr-CMK

- Troj/Dloadr-CMK at Sophos

...

0 writebacks [05/18/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090516

Troj/Agent-JWK

- Troj/Agent-JWK at Sophos

...

Troj/Bancos-BFP

- Troj/Bancos-BFP at Sophos

...

Troj/DownLd-AK

- Troj/DownLd-AK at Sophos

...

Troj/Poison-AW

- Troj/Poison-AW at Sophos

...

W32/AutoRun-AHC

- W32/AutoRun-AHC at Sophos

...

Troj/Banker-ERU

- Troj/Banker-ERU at Sophos

...

Troj/Banker-ERV

- Troj/Banker-ERV at Sophos

...

Troj/FakeAV-QX

- Troj/FakeAV-QX at Sophos

...

Troj/PWS-BAE

- Troj/PWS-BAE at Sophos

...

W32/AutoRun-AHB

- W32/AutoRun-AHB at Sophos

W32/AutoRun-AHB is a worm for the Windows platform. W32/AutoRun-AHB spreads via removable shared
drives. When run W32/AutoRun-AHB copies itself to: <Windows>\regsvr.
exe <System>\regsvr.exe <System>\svchost<blank space>.exe
...

Troj/Agent-JWP

- Troj/Agent-JWP at Sophos

...

Troj/Mdrop-CCG

- Troj/Mdrop-CCG at Sophos

...

W32/Agent-JWO

- W32/Agent-JWO at Sophos

...

W32/Autorun-AHD

- W32/Autorun-AHD at Sophos

...

Troj/Agent-JWN

- Troj/Agent-JWN at Sophos

...

Troj/Banker-ERW

- Troj/Banker-ERW at Sophos

...

Troj/Bckdr-QUI

- Troj/Bckdr-QUI at Sophos

...

Troj/Iframe-BY

- Troj/Iframe-BY at Sophos

...

W32/Tiotua-AW

- W32/Tiotua-AW at Sophos

...

Troj/Agent-JWL

0 writebacks [05/17/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090515

Mal/Behav-308

- Mal/Behav-308 at Sophos

...

Troj/Agent-JWF

- Troj/Agent-JWF at Sophos

...

Troj/Agent-JWG

- Troj/Agent-JWG at Sophos

...

Troj/Agent-JWH

- Troj/Agent-JWH at Sophos

...

Troj/Backdr-AK

- Troj/Backdr-AK at Sophos

...

Troj/LdPinch-SB

- Troj/LdPinch-SB at Sophos

...

Troj/Zbot-FU

- Troj/Zbot-FU at Sophos

...

W32/Autorun-AHA

- W32/Autorun-AHA at Sophos

...

W32/IRCbot-AEL

- W32/IRCbot-AEL at Sophos

W32/IRCbot-AEL copies itself to <System>\smsc.exe and creates the following registry entry
to run itself on system restart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WSSVC <System>\smsc.
exe...

Mal/Inject-N

- Mal/Inject-N at Sophos

Mal/Inject-N is a malicious program that drops and executes other malware.
...

Troj/Agent-JWK

- Troj/Agent-JWK at Sophos

...

Troj/Bancos-BFP

- Troj/Bancos-BFP at Sophos

...

Troj/DownLd-AK

- Troj/DownLd-AK at Sophos

...

Troj/Poison-AW

- Troj/Poison-AW at Sophos

...

W32/AutoRun-AHC

- W32/AutoRun-AHC at Sophos

...

Troj/Banker-ERU

- Troj/Banker-ERU at Sophos

...

Troj/Banker-ERV

- Troj/Banker-ERV at Sophos

...

Troj/FakeAV-QX

- Troj/FakeAV-QX at Sophos

...

Troj/PWS-BAE

- Troj/PWS-BAE at Sophos

...

W32/AutoRun-AHB

0 writebacks [05/16/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090514

Boface.BJ

- Boface.BJ at Panda

Its main aim is to spread itself via the social network Facebook and affect as many computers as
possible. It downloads and installs in the computer fake antivirus programs that warn users of unexisting
threats....

Mal/VB-AO

- Mal/VB-AO at Sophos

...

Mal/VB-AP

- Mal/VB-AP at Sophos

...

Troj/Agent-JVS

- Troj/Agent-JVS at Sophos

...

Troj/Agent-JVW

- Troj/Agent-JVW at Sophos

Troj/Agent-JVW is a Trojan for the Windows platform. Troj/Agent-JVW
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Agent-JVW copies itself to <System>\ocxlist\BbSeg.exe and creates a large
number of files ...

Troj/Agent-JVX

- Troj/Agent-JVX at Sophos

Troj/Agent-JVX is a Trojan for the Windows platform. When the
Troj/Agent-JVX is installed it is copied to the following locations:
<System>\nounina.exe <System>\quouvoofife.exe The following
registry entry is created to run Troj/A...

Troj/Bckdr-QUH

- Troj/Bckdr-QUH at Sophos

...

Troj/DNSCgr-Gen

- Troj/DNSCgr-Gen at Sophos

...

Troj/IRCBot-AEK

- Troj/IRCBot-AEK at Sophos

...

VBS/Autorun-AGY

- VBS/Autorun-AGY at Sophos

...

W32/Autorun-AGX

- W32/Autorun-AGX at Sophos

...

Mal/Behav-308

- Mal/Behav-308 at Sophos

...

Troj/Agent-JWF

- Troj/Agent-JWF at Sophos

...

Troj/Agent-JWG

- Troj/Agent-JWG at Sophos

...

Troj/Agent-JWH

- Troj/Agent-JWH at Sophos

...

Troj/Backdr-AK

- Troj/Backdr-AK at Sophos

...

Troj/LdPinch-SB

- Troj/LdPinch-SB at Sophos

...

Troj/Zbot-FU

- Troj/Zbot-FU at Sophos

...

W32/Autorun-AHA

- W32/Autorun-AHA at Sophos

...

W32/IRCbot-AEL

Mal/Inject-N

- Mal/Inject-N at Sophos

Mal/Inject-N is a malicious program that drops and executes other malware.
...

0 writebacks [05/15/2009 21:43] [] permanent link

Virus Malware and Threat News for 20090513

MS09-017

- MS09-017 at Panda

It is a group of critical vulnerabilities in PowerPoint, which allows hackers to gain remote control of
the affected computer with the same privileges as the logged on user.
...

IRCBot.CNE

- IRCBot.CNE at Panda

Its main aim is to spread itself via the instant messaging program MSN Messenger and affect as many computers
as possible....

Mal/VB-RZC

- Mal/VB-RZC at Sophos

...

Troj/BDoor-AVG

- Troj/BDoor-AVG at Sophos

...

Troj/Bifr-B

- Troj/Bifr-B at Sophos

...

Troj/FakeAV-QQ

- Troj/FakeAV-QQ at Sophos

...

Troj/FakeAV-QR

- Troj/FakeAV-QR at Sophos

...

Troj/Spy-CK

- Troj/Spy-CK at Sophos

...

W32/Wisy-Gen

- W32/Wisy-Gen at Sophos

W32/Wisy-Gen is a worm for the Windows platform. When W32/Wisy-Gen is
installed the following files are created: <User>\Application
Data\Microsoft\Desktop.ini <User>\Application Data\Microsoft\ncsv.exe
<System>\Windows 3D.scr ...

Mal/VidHtml-I

- Mal/VidHtml-I at Sophos

Mal/VidHtml-I is a malicious script that attempts to redirect to a malicious executable file. The
script is often found in a page pretending to be a video site. The malicious executable often pretends to be
related to a video codec or Flash update.
...

Boface.BJ

Mal/VB-AO

- Mal/VB-AO at Sophos

...

Mal/VB-AP

- Mal/VB-AP at Sophos

...

Troj/Agent-JVS

- Troj/Agent-JVS at Sophos

...

Troj/Agent-JVW

Troj/Agent-JVX

Troj/Bckdr-QUH

- Troj/Bckdr-QUH at Sophos

...

Troj/DNSCgr-Gen

- Troj/DNSCgr-Gen at Sophos

...

Troj/IRCBot-AEK

- Troj/IRCBot-AEK at Sophos

...

VBS/Autorun-AGY

- VBS/Autorun-AGY at Sophos

...

W32/Autorun-AGX

- W32/Autorun-AGX at Sophos

...

0 writebacks [05/14/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090512

W32.Fiala.A

- W32.Fiala.A at Norton Symantec

W32.Fiala.A is a worm that spreads by copying itself to fixed and removable drives. It also lowers security
settings on the compromised computer.
...

W32.Lujer

- W32.Lujer at Norton Symantec

W32.Lujer is a virus that infects executable files on the compromised computer.
...

XF_HELPOPY.AW

- XF_HELPOPY.AW at Trend Micro

...

BckPatcher.C

- BckPatcher.C at Panda

It modifies the Desktop wallpaper, the icons of the folders and the wallpaper of the Windows Explorer.
Whenever files with certain extensions are run, the worm will be run instead of the application associated
with them. It spreads through shared, mapped and removable drives.
...

Troj/Agent-JVE

- Troj/Agent-JVE at Sophos

...

Troj/Cimuz-CN

- Troj/Cimuz-CN at Sophos

...

Troj/Dloadr-CMH

- Troj/Dloadr-CMH at Sophos

...

Troj/FakeAV-QP

- Troj/FakeAV-QP at Sophos

...

Troj/Sinowal-G

- Troj/Sinowal-G at Sophos

...

Troj/Spy-CI

- Troj/Spy-CI at Sophos

...

Troj/SWFDlr-H

- Troj/SWFDlr-H at Sophos

Troj/SWFDlr-H is a Flash file that installs more malware.
...

Troj/VBDrop-L

- Troj/VBDrop-L at Sophos

Troj/VBDrop-L has been seen in a mass-mailed campaign.
...

MS09-017

- MS09-017 at Panda

It is a group of critical vulnerabilities in PowerPoint, which allows hackers to gain remote control of
the affected computer with the same privileges as the logged on user.
...

IRCBot.CNE

- IRCBot.CNE at Panda

Its main aim is to spread itself via the instant messaging program MSN Messenger and affect as many computers
as possible....

Mal/VB-RZC

- Mal/VB-RZC at Sophos

...

Troj/BDoor-AVG

- Troj/BDoor-AVG at Sophos

...

Troj/Bifr-B

- Troj/Bifr-B at Sophos

...

Troj/FakeAV-QQ

- Troj/FakeAV-QQ at Sophos

...

Troj/FakeAV-QR

- Troj/FakeAV-QR at Sophos

...

Troj/Spy-CK

- Troj/Spy-CK at Sophos

...

W32/Wisy-Gen

Mal/VidHtml-I

0 writebacks [05/13/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090511

Packed.Generic.225

- Packed.Generic.225 at Norton Symantec

Packed.Generic.225 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Mal/PdfEx-E

- Mal/PdfEx-E at Sophos

Mal/PdfEx-E is a PDF file which contains malicious JavaScript.
...

Mal/Spy-D

- Mal/Spy-D at Sophos

...

Mal/Zbot-O

- Mal/Zbot-O at Sophos

...

Troj/Agent-JUU

- Troj/Agent-JUU at Sophos

...

Troj/FakeAV-QM

- Troj/FakeAV-QM at Sophos

...

Troj/Rabbit-C

- Troj/Rabbit-C at Sophos

...

Troj/Agent-JUR

- Troj/Agent-JUR at Sophos

Troj/Agent-JUR has been seen in a mass-mailed campaign.
...

Troj/Agent-JUS

- Troj/Agent-JUS at Sophos

...

Troj/Agent-JUT

- Troj/Agent-JUT at Sophos

...

Troj/Dloadr-CMF

- Troj/Dloadr-CMF at Sophos

...

W32.Fiala.A

- W32.Fiala.A at Norton Symantec

W32.Fiala.A is a worm that spreads by copying itself to fixed and removable drives. It also lowers security
settings on the compromised computer.
...

W32.Lujer

- W32.Lujer at Norton Symantec

W32.Lujer is a virus that infects executable files on the compromised computer.
...

XF_HELPOPY.AW

- XF_HELPOPY.AW at Trend Micro

...

BckPatcher.C

Troj/Agent-JVE

- Troj/Agent-JVE at Sophos

...

Troj/Cimuz-CN

- Troj/Cimuz-CN at Sophos

...

Troj/Dloadr-CMH

- Troj/Dloadr-CMH at Sophos

...

Troj/FakeAV-QP

- Troj/FakeAV-QP at Sophos

...

Troj/Sinowal-G

- Troj/Sinowal-G at Sophos

...

Troj/Spy-CI

- Troj/Spy-CI at Sophos

...

Troj/SWFDlr-H

- Troj/SWFDlr-H at Sophos

Troj/SWFDlr-H is a Flash file that installs more malware.
...

Troj/VBDrop-L

- Troj/VBDrop-L at Sophos

Troj/VBDrop-L has been seen in a mass-mailed campaign.
...

0 writebacks [05/12/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090510

Troj/Agent-JUM

- Troj/Agent-JUM at Sophos

...

Troj/Agent-JUN

- Troj/Agent-JUN at Sophos

...

Troj/FakeAV-QL

- Troj/FakeAV-QL at Sophos

...

Troj/Refpron-L

- Troj/Refpron-L at Sophos

...

W32/Tiotua-AT

- W32/Tiotua-AT at Sophos

...

Troj/Bancos-BFN

- Troj/Bancos-BFN at Sophos

...

Troj/Bancos-BFO

- Troj/Bancos-BFO at Sophos

...

Troj/Dloadr-CME

- Troj/Dloadr-CME at Sophos

...

VBS/Rock-D

- VBS/Rock-D at Sophos

VBS/Rock-D is a VisualBasic script worm. When run the worm will attempt to
copy itself to various system folders as VBSyS.vbs and create the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run windows VBSyS.vbs
...

Packed.Generic.225

- Packed.Generic.225 at Norton Symantec

Packed.Generic.225 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Mal/PdfEx-E

- Mal/PdfEx-E at Sophos

Mal/PdfEx-E is a PDF file which contains malicious JavaScript.
...

Mal/Spy-D

- Mal/Spy-D at Sophos

...

Mal/Zbot-O

- Mal/Zbot-O at Sophos

...

Troj/Agent-JUU

- Troj/Agent-JUU at Sophos

...

Troj/FakeAV-QM

- Troj/FakeAV-QM at Sophos

...

Troj/Rabbit-C

- Troj/Rabbit-C at Sophos

...

Troj/Agent-JUR

- Troj/Agent-JUR at Sophos

Troj/Agent-JUR has been seen in a mass-mailed campaign.
...

Troj/Agent-JUS

- Troj/Agent-JUS at Sophos

...

Troj/Agent-JUT

- Troj/Agent-JUT at Sophos

...

Troj/Dloadr-CMF

- Troj/Dloadr-CMF at Sophos

...

0 writebacks [05/11/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090509

Troj/Agent-JUL

- Troj/Agent-JUL at Sophos

...

Troj/Dloadr-CMD

- Troj/Dloadr-CMD at Sophos

...

Troj/FakeAV-QK

- Troj/FakeAV-QK at Sophos

...

Troj/PDFex-AX

- Troj/PDFex-AX at Sophos

...

Troj/Agent-JUJ

- Troj/Agent-JUJ at Sophos

Troj/Agent-JUJ is a Trojan for the Windows platform. When run
Troj/Agent-JUJ copies itself to <System>\servises.exe and sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run servises
<System>...

Troj/Agent-JUK

- Troj/Agent-JUK at Sophos

...

Troj/Banker-ERR

- Troj/Banker-ERR at Sophos

...

Troj/FakeVir-MF

- Troj/FakeVir-MF at Sophos

...

Troj/FakeAle-NG

- Troj/FakeAle-NG at Sophos

...

Troj/Agent-JUM

- Troj/Agent-JUM at Sophos

...

Troj/Agent-JUN

- Troj/Agent-JUN at Sophos

...

Troj/FakeAV-QL

- Troj/FakeAV-QL at Sophos

...

Troj/Refpron-L

- Troj/Refpron-L at Sophos

...

W32/Tiotua-AT

- W32/Tiotua-AT at Sophos

...

Troj/Bancos-BFN

- Troj/Bancos-BFN at Sophos

...

Troj/Bancos-BFO

- Troj/Bancos-BFO at Sophos

...

Troj/Dloadr-CME

- Troj/Dloadr-CME at Sophos

...

VBS/Rock-D

0 writebacks [05/10/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090508

Bloodhound.Exploit.236

- Bloodhound.Exploit.236 at Norton Symantec

Bloodhound.Exploit.236 is a heuristic detection for files attempting to exploit the Adobe Reader 'spell.
customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability (BID 34740).
...

Bloodhound.Exploit.235

- Bloodhound.Exploit.235 at Norton Symantec

Bloodhound.Exploit.235 is a heuristic detection for files attempting to exploit the Adobe Reader 'getAnnots()'
JavaScript Function Remote Code Execution Vulnerability (BID 34736).
...

Mal/Delf-V

- Mal/Delf-V at Sophos

...

Mal/SkimTrim-E

- Mal/SkimTrim-E at Sophos

...

Troj/Agent-JUH

- Troj/Agent-JUH at Sophos

...

Troj/Agent-JUI

- Troj/Agent-JUI at Sophos

...

Troj/Banker-ERQ

- Troj/Banker-ERQ at Sophos

...

Troj/Delf-FCD

- Troj/Delf-FCD at Sophos

...

Troj/Dload-GH

- Troj/Dload-GH at Sophos

...

Troj/Dload-GI

- Troj/Dload-GI at Sophos

...

Troj/Dloadr-CMC

- Troj/Dloadr-CMC at Sophos

...

Troj/Agent-JUL

- Troj/Agent-JUL at Sophos

...

Troj/Dloadr-CMD

- Troj/Dloadr-CMD at Sophos

...

Troj/FakeAV-QK

- Troj/FakeAV-QK at Sophos

...

Troj/PDFex-AX

- Troj/PDFex-AX at Sophos

...

Troj/Agent-JUJ

Troj/Agent-JUK

- Troj/Agent-JUK at Sophos

...

Troj/Banker-ERR

- Troj/Banker-ERR at Sophos

...

Troj/FakeVir-MF

- Troj/FakeVir-MF at Sophos

...

Troj/FakeAle-NG

- Troj/FakeAle-NG at Sophos

...

0 writebacks [05/09/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090507

Suspicious.S.Cinmeng

- Suspicious.S.Cinmeng at Norton Symantec

Suspicious.S.Cinmeng is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Bloodhound.Exploit.234

- Bloodhound.Exploit.234 at Norton Symantec

Bloodhound.Exploit.234 is a heuristic detection for files attempting to exploit the Microsoft Excel Malformed
Object Remote Memory Corruption Vulnerability (BID 34413).
...

W32.Qakbot

- W32.Qakbot at Norton Symantec

W32.Qakbot is a worm that spreads through network shares and opens a back door on the compromised computer. It
may also steal information and download more files on to the compromised computer.
...

PrivacyCenter

- PrivacyCenter at Norton Symantec

BehaviorPrivacyCenter is a misleading application that may give exaggerated reports of threats on the computer.
...

Suspicious.S.Infostealer

- Suspicious.S.Infostealer at Norton Symantec

Suspicious.S.Infostealer is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Suspicious.S.Gamestealer

- Suspicious.S.Gamestealer at Norton Symantec

Suspicious.S.Gamestealer is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

PE_PATCHED.MM

- PE_PATCHED.MM at Trend Micro

This is the Trend Micro detection for copies of the legitimate Windows file KERNEL32.DLL located in the
%System%dllcache folder which have been injected with a malicious code. This DLL was modified by TROJ_PATCHED.
MM....

TROJ_PATCHED.MM

- TROJ_PATCHED.MM at Trend Micro

This Trojan may be unknowingly downloaded from malicious Web sites.This Trojan drops several files.Upon
execution, it displays a command line window indicating the progress of the KERNEL32 patcher. It also drops
another patched KERNEL32.DLL. The modified KERNEL32.DLL is detected by Trend Micro as PE_PATCHED.MM.
...

TROJ_AGENT.NICE

- TROJ_AGENT.NICE at Trend Micro

This Trojan may be dropped by the following malware: TROJ_DROPPER.SPXIt drops a file which Trend Micro detects
as TROJ_DLOADR.TXWQ. It then executes the dropped file. As a result, malicious routines of the dropped file
are exhibited on the affected system. It then deletes the dropped file.It uses the
MoveFileExA(DELAY_UNTIL_REBOOT) A...

TROJ_DROPPER.SPX

- TROJ_DROPPER.SPX at Trend Micro

This Trojan may be downloaded from remote sites.It is a fake/Trojanized Windows 7 Release Candidate (RC) build.
It is a self extracting executable that containing the original Windows 7 RC build and a malicious file
detected as TROJ_AGENT.NICE.When an unsuspecting user executes the Trojanized setup file, the embedded malware
is also ...

OSX_TORED.D

- OSX_TORED.D at Trend Micro

This worm arrives as attachment to email messages spammed by another malware or a malicious user.Upon
execution, it drops a copy of itself at startup items folder to automatically execute at system startup. It
propagates by mass mailing copies of itself as an attachment to email messages that it creates. It also has
the capability to...

EvilHot.A

- EvilHot.A at Panda

It modifies the login password of the user's account which is active at the moment of the infection, so that
they could not access the system. It does not spread automatically using its own means.
...

Troj/Adload-LQ

- Troj/Adload-LQ at Sophos

...

Troj/Dldr-V

- Troj/Dldr-V at Sophos

...

Troj/Dwnldr-HQQ

- Troj/Dwnldr-HQQ at Sophos

...

Mal/FakeAle-D

- Mal/FakeAle-D at Sophos

Mal/FakeAle-D is a family of malware which masquerade as security software.
...

Troj/Agent-JUC

- Troj/Agent-JUC at Sophos

...

Troj/AutoIt-DX

- Troj/AutoIt-DX at Sophos

...

Troj/AutoIt-DY

- Troj/AutoIt-DY at Sophos

...

Troj/Dldr-U

- Troj/Dldr-U at Sophos

...

Troj/Droppr-Gen

- Troj/Droppr-Gen at Sophos

Troj/Droppr-Gen is a Trojan for the Windows platform.
...

Troj/JSRedir-R

- Troj/JSRedir-R at Sophos

Troj/JSRedir-R is a malicious script likely to have been injected into compromised web pages in
order to load remote malicious content when the page is viewed.
...

Bloodhound.Exploit.236

Bloodhound.Exploit.235

Mal/Delf-V

- Mal/Delf-V at Sophos

...

Mal/SkimTrim-E

- Mal/SkimTrim-E at Sophos

...

Troj/Agent-JUH

- Troj/Agent-JUH at Sophos

...

Troj/Agent-JUI

- Troj/Agent-JUI at Sophos

...

Troj/Banker-ERQ

- Troj/Banker-ERQ at Sophos

...

Troj/Delf-FCD

- Troj/Delf-FCD at Sophos

...

Troj/Dload-GH

- Troj/Dload-GH at Sophos

...

Troj/Dload-GI

- Troj/Dload-GI at Sophos

...

Troj/Dloadr-CMC

- Troj/Dloadr-CMC at Sophos

...

0 writebacks [05/08/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090506

Worm:OSX/Tored.A

- Worm:OSX/Tored.A at F-Secure

...

Packed.Generic.223

- Packed.Generic.223 at Norton Symantec

Packed.Generic.223 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

PerfectDefender2009

- PerfectDefender2009 at Norton Symantec

BehaviorPerfectDefender2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Suspicious.S.Vundo.2

- Suspicious.S.Vundo.2 at Norton Symantec

Suspicious.S.Vundo.2 is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

CoreGuard2009

- CoreGuard2009 at Panda

It deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they
are enticed to purchase a certain program. It can be downloaded from the website belonging to the company that
has developed it....

Troj/Agent-JTQ

- Troj/Agent-JTQ at Sophos

...

Troj/Agent-JTR

- Troj/Agent-JTR at Sophos

...

Troj/Agent-JTS

- Troj/Agent-JTS at Sophos

...

Troj/FakeVir-ME

- Troj/FakeVir-ME at Sophos

...

Troj/PWS-BAC

- Troj/PWS-BAC at Sophos

...

Troj/PWS-BAD

- Troj/PWS-BAD at Sophos

...

W32/Autorun-AGM

- W32/Autorun-AGM at Sophos

...

W32/Autorun-AGN

- W32/Autorun-AGN at Sophos

...

Troj/Bckdr-QUA

- Troj/Bckdr-QUA at Sophos

...

Troj/Mdrop-CBT

- Troj/Mdrop-CBT at Sophos

...

Suspicious.S.Cinmeng

Bloodhound.Exploit.234

W32.Qakbot

PrivacyCenter

- PrivacyCenter at Norton Symantec

BehaviorPrivacyCenter is a misleading application that may give exaggerated reports of threats on the computer.
...

Suspicious.S.Infostealer

Suspicious.S.Gamestealer

PE_PATCHED.MM

TROJ_PATCHED.MM

TROJ_AGENT.NICE

TROJ_DROPPER.SPX

OSX_TORED.D

EvilHot.A

Troj/Adload-LQ

- Troj/Adload-LQ at Sophos

...

Troj/Dldr-V

- Troj/Dldr-V at Sophos

...

Troj/Dwnldr-HQQ

- Troj/Dwnldr-HQQ at Sophos

...

Mal/FakeAle-D

- Mal/FakeAle-D at Sophos

Mal/FakeAle-D is a family of malware which masquerade as security software.
...

Troj/Agent-JUC

- Troj/Agent-JUC at Sophos

...

Troj/AutoIt-DX

- Troj/AutoIt-DX at Sophos

...

Troj/AutoIt-DY

- Troj/AutoIt-DY at Sophos

...

Troj/Dldr-U

- Troj/Dldr-U at Sophos

...

Troj/Droppr-Gen

- Troj/Droppr-Gen at Sophos

Troj/Droppr-Gen is a Trojan for the Windows platform.
...

Troj/JSRedir-R

- Troj/JSRedir-R at Sophos

Troj/JSRedir-R is a malicious script likely to have been injected into compromised web pages in
order to load remote malicious content when the page is viewed.
...

0 writebacks [05/07/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090505

Backdoor:W32/Oscarbot.gen!A

- Backdoor:W32/Oscarbot.gen!A at F-Secure

...

OSX.Tored

- OSX.Tored at Norton Symantec

OSX.Tored is a worm that attempts to spread through network shares and by email. It opens a back door on the
compromised computer.
...

Trojan.Downexec.E!inf

- Trojan.Downexec.E!inf at Norton Symantec

Trojan.Downexec.E!inf is a detection for infected files that download and execute files on the compromised
computer....

Trojan.Downexec.D!inf

- Trojan.Downexec.D!inf at Norton Symantec

Trojan.Downexec.D!inf is a detection for files infected with code to download and execute other potentially
malicious files....

TROJ_QHOST.TB

- TROJ_QHOST.TB at Trend Micro

This Trojan uses social engineering methods to lure users into performing certain actions that may, directly
or indirectly, cause malicious routines to be performed. Specifically, it makes use of current events,
particularly the H1N1 influenza.This Trojan arrives as attachment to email messages spammed by another malware
or a malicio...

Kobcka.A

- Kobcka.A at Panda

It is designed to send spam messages to different email addresses. It does not spread automatically using its
own means....

Mal/EncPk-IG

- Mal/EncPk-IG at Sophos

...

Mal/FakeAV-AS

- Mal/FakeAV-AS at Sophos

...

Mal/Mdrop-N

- Mal/Mdrop-N at Sophos

...

Mal/ObfJS-BU

- Mal/ObfJS-BU at Sophos

Mal/ObfJS-BU is a malicious script that attempts to load malicious content from a remote server
when the malicious web page is browsed.
...

Mal/SkimTrim-D

- Mal/SkimTrim-D at Sophos

...

Troj/Agent-JSX

- Troj/Agent-JSX at Sophos

...

Troj/Agent-JSY

- Troj/Agent-JSY at Sophos

...

Troj/Agent-JSZ

- Troj/Agent-JSZ at Sophos

...

Troj/Agent-JTB

- Troj/Agent-JTB at Sophos

...

Troj/Agent-JTC

- Troj/Agent-JTC at Sophos

...

Worm:OSX/Tored.A

- Worm:OSX/Tored.A at F-Secure

...

Packed.Generic.223

- Packed.Generic.223 at Norton Symantec

Packed.Generic.223 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

PerfectDefender2009

- PerfectDefender2009 at Norton Symantec

BehaviorPerfectDefender2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Suspicious.S.Vundo.2

CoreGuard2009

Troj/Agent-JTQ

- Troj/Agent-JTQ at Sophos

...

Troj/Agent-JTR

- Troj/Agent-JTR at Sophos

...

Troj/Agent-JTS

- Troj/Agent-JTS at Sophos

...

Troj/FakeVir-ME

- Troj/FakeVir-ME at Sophos

...

Troj/PWS-BAC

- Troj/PWS-BAC at Sophos

...

Troj/PWS-BAD

- Troj/PWS-BAD at Sophos

...

W32/Autorun-AGM

- W32/Autorun-AGM at Sophos

...

W32/Autorun-AGN

- W32/Autorun-AGN at Sophos

...

Troj/Bckdr-QUA

- Troj/Bckdr-QUA at Sophos

...

Troj/Mdrop-CBT

- Troj/Mdrop-CBT at Sophos

...

0 writebacks [05/06/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090504

Mal/SWFDlr-A

- Mal/SWFDlr-A at Sophos

Mal/SWFDlr-A is a malicious SWF file that attempts to download and execute another file.
...

Troj/Agent-JSP

- Troj/Agent-JSP at Sophos

...

Troj/Agent-JSQ

- Troj/Agent-JSQ at Sophos

...

Troj/FakeAV-QA

- Troj/FakeAV-QA at Sophos

Troj/FakeAV-QA includes functionality to access the internet and communicate with a remote server
via HTTP. When first run Troj/FakeAV-QA copies itself to <Windows>\sysguard.exe.
The following registry entry is created to run sysguard.exe on startup:
...

Troj/Keylog-LH

- Troj/Keylog-LH at Sophos

...

Troj/Lineag-BG

- Troj/Lineag-BG at Sophos

Troj/Lineag-BG is a Trojan for the Windows platform. When Troj/Lineag-BG is
installed the following files are created: <Windows>\fonts\PeMTdMfqzpGTb5ps.Ttf
<System>\qB5BKZy7vR5m.dll The file qB5BKZy7vR5m.dll is registered as a
COM ...

Troj/PDFJs-AX

- Troj/PDFJs-AX at Sophos

Troj/PDFJs-AX uses JavaScript to install more malware.
...

Troj/SWFDlr-F

- Troj/SWFDlr-F at Sophos

...

W32/AutoIt-DW

- W32/AutoIt-DW at Sophos

...

Troj/Agent-JSN

- Troj/Agent-JSN at Sophos

...

Backdoor:W32/Oscarbot.gen!A

- Backdoor:W32/Oscarbot.gen!A at F-Secure

...

OSX.Tored

- OSX.Tored at Norton Symantec

OSX.Tored is a worm that attempts to spread through network shares and by email. It opens a back door on the
compromised computer.
...

Trojan.Downexec.E!inf

- Trojan.Downexec.E!inf at Norton Symantec

Trojan.Downexec.E!inf is a detection for infected files that download and execute files on the compromised
computer....

Trojan.Downexec.D!inf

- Trojan.Downexec.D!inf at Norton Symantec

Trojan.Downexec.D!inf is a detection for files infected with code to download and execute other potentially
malicious files....

TROJ_QHOST.TB

Kobcka.A

- Kobcka.A at Panda

It is designed to send spam messages to different email addresses. It does not spread automatically using its
own means....

Mal/EncPk-IG

- Mal/EncPk-IG at Sophos

...

Mal/FakeAV-AS

- Mal/FakeAV-AS at Sophos

...

Mal/Mdrop-N

- Mal/Mdrop-N at Sophos

...

Mal/ObfJS-BU

- Mal/ObfJS-BU at Sophos

Mal/ObfJS-BU is a malicious script that attempts to load malicious content from a remote server
when the malicious web page is browsed.
...

Mal/SkimTrim-D

- Mal/SkimTrim-D at Sophos

...

Troj/Agent-JSX

- Troj/Agent-JSX at Sophos

...

Troj/Agent-JSY

- Troj/Agent-JSY at Sophos

...

Troj/Agent-JSZ

- Troj/Agent-JSZ at Sophos

...

Troj/Agent-JTB

- Troj/Agent-JTB at Sophos

...

Troj/Agent-JTC

- Troj/Agent-JTC at Sophos

...

0 writebacks [05/05/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090503

Troj/Qbot-B

- Troj/Qbot-B at Sophos

Troj/Qbot-B is a Trojan for the Windows platform. Troj/Qbot-B attempts to
create a service to start itself automatically. Troj/Qbot-B attempts to download a file
from a remote site to <System>\q1.dll and execute it.
...

W32/Autorun-AGI

- W32/Autorun-AGI at Sophos

...

Troj/DownLd-AI

- Troj/DownLd-AI at Sophos

...

Troj/Gamet-C

- Troj/Gamet-C at Sophos

Troj/Gamet-C is a Trojan for the Windows platform. When Troj/Gamet-C is
installed the following detected file is created: <System>\qB5BKZy7vR5m.dll
The following non infected file is also created:
<Windows>\Fonts\PeMTdM...

W32/Tiotua-AS

- W32/Tiotua-AS at Sophos

...

OSX/Tored-A

- OSX/Tored-A at Sophos

OSX/Tored-A is an attempted worm for OSX. OSX/Tored-A is written in
RealBasic and contains "Infected and boted by OSX.Raedbot.B".
...

Troj/Agent-JSJ

- Troj/Agent-JSJ at Sophos

Troj/Agent-JSJ is a Trojan for the Windows platform. When installed
Troj/Agent-JSJ copies itself to the following location:
<System>\wins\setup\msmgrs.exe When installed the following file is also created:
<Startup>\ntd...

Troj/Dcaei-Gen

- Troj/Dcaei-Gen at Sophos

...

Troj/Dload-GG

- Troj/Dload-GG at Sophos

...

Mal/SWFDlr-A

- Mal/SWFDlr-A at Sophos

Mal/SWFDlr-A is a malicious SWF file that attempts to download and execute another file.
...

Troj/Agent-JSP

- Troj/Agent-JSP at Sophos

...

Troj/Agent-JSQ

- Troj/Agent-JSQ at Sophos

...

Troj/FakeAV-QA

Troj/Keylog-LH

- Troj/Keylog-LH at Sophos

...

Troj/Lineag-BG

Troj/PDFJs-AX

- Troj/PDFJs-AX at Sophos

Troj/PDFJs-AX uses JavaScript to install more malware.
...

Troj/SWFDlr-F

- Troj/SWFDlr-F at Sophos

...

W32/AutoIt-DW

- W32/AutoIt-DW at Sophos

...

Troj/Agent-JSN

- Troj/Agent-JSN at Sophos

...

0 writebacks [05/04/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090502

Troj/Agent-JSI

- Troj/Agent-JSI at Sophos

...

Troj/Banker-ERN

- Troj/Banker-ERN at Sophos

...

Troj/Dwnldr-HQJ

- Troj/Dwnldr-HQJ at Sophos

...

Troj/FakeAV-PX

- Troj/FakeAV-PX at Sophos

...

Troj/FakeAv-PY

- Troj/FakeAv-PY at Sophos

...

W32/Autorun-AFM

- W32/Autorun-AFM at Sophos

W32/Autorun-AFM is a worm for the Windows platform. W32/Autorun-AFM
creates a folder C:\RECYCLER and copies itself to that folder. W32/Autorun-AFM also
installs a C:\autorun.inf file, detected as Mal/AutoInf-A. W32/Autorun-AFM spreads via
removable sto...

W32/Frethog-K

- W32/Frethog-K at Sophos

...

Mal/QHost-C

- Mal/QHost-C at Sophos

...

Troj/Castor-Gen

- Troj/Castor-Gen at Sophos

...

JS/Twitter-Gen

- JS/Twitter-Gen at Sophos

JS/Twitter-Gen is a family of worms for the Windows platform. Members of
JS/Twitter-Gen spread via cross-site scripting vulnerabilities in the "Twitter" website.
...

Troj/Qbot-B

W32/Autorun-AGI

- W32/Autorun-AGI at Sophos

...

Troj/DownLd-AI

- Troj/DownLd-AI at Sophos

...

Troj/Gamet-C

W32/Tiotua-AS

- W32/Tiotua-AS at Sophos

...

OSX/Tored-A

- OSX/Tored-A at Sophos

OSX/Tored-A is an attempted worm for OSX. OSX/Tored-A is written in
RealBasic and contains "Infected and boted by OSX.Raedbot.B".
...

Troj/Agent-JSJ

Troj/Dcaei-Gen

- Troj/Dcaei-Gen at Sophos

...

Troj/Dload-GG

- Troj/Dload-GG at Sophos

...

0 writebacks [05/03/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090501

W32.Sens.A

- W32.Sens.A at Norton Symantec

W32.Sens.A is a virus that may infect files on the compromised computer. It may steal sensitive information
and may also download files from a remote location.
...

Bloodhound.PDF.12

- Bloodhound.PDF.12 at Norton Symantec

Bloodhound.PDF.12 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Trojan.Bankpatch.E

- Trojan.Bankpatch.E at Norton Symantec

Trojan.Bankpatch.E is a Trojan horse that infects certain system files with code to connect to a predefined
URL. The code has the functionality to upload and download data to and from the URL.
...

W32/Sdbot-DOQ

- W32/Sdbot-DOQ at Sophos

...

Mal/Pado-Dam

- Mal/Pado-Dam at Sophos

...

Troj/FakeAV-PV

- Troj/FakeAV-PV at Sophos

...

Troj/Redosd-Gen

- Troj/Redosd-Gen at Sophos

...

Troj/StartP-BU

- Troj/StartP-BU at Sophos

...

Troj/Unruy-Gen

- Troj/Unruy-Gen at Sophos

...

Troj/VB-ECY

- Troj/VB-ECY at Sophos

...

Troj/VBdrop-K

- Troj/VBdrop-K at Sophos

...

W32/Autorun-AGH

- W32/Autorun-AGH at Sophos

...

Troj/Agent-JSI

- Troj/Agent-JSI at Sophos

...

Troj/Banker-ERN

- Troj/Banker-ERN at Sophos

...

Troj/Dwnldr-HQJ

- Troj/Dwnldr-HQJ at Sophos

...

Troj/FakeAV-PX

- Troj/FakeAV-PX at Sophos

...

Troj/FakeAv-PY

- Troj/FakeAv-PY at Sophos

...

W32/Autorun-AFM

W32/Frethog-K

- W32/Frethog-K at Sophos

...

Mal/QHost-C

- Mal/QHost-C at Sophos

...

Troj/Castor-Gen

- Troj/Castor-Gen at Sophos

...

JS/Twitter-Gen

- JS/Twitter-Gen at Sophos

JS/Twitter-Gen is a family of worms for the Windows platform. Members of
JS/Twitter-Gen spread via cross-site scripting vulnerabilities in the "Twitter" website.
...

0 writebacks [05/02/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090430

CoreGuardAntivirus2009

- CoreGuardAntivirus2009 at Norton Symantec

BehaviorCoreGuardAntivirus2009 is a misleading application that may give exaggerated reports of threats on the
computer....

W32.SillyFDC.BBS

- W32.SillyFDC.BBS at Norton Symantec

W32.SillyFDC.BBS is a worm that spreads by copying itself to removable drives.
...

Mal/EncPk-IF

- Mal/EncPk-IF at Sophos

...

Troj/BHO-LY

- Troj/BHO-LY at Sophos

...

Troj/Nonaco-Fam

- Troj/Nonaco-Fam at Sophos

...

Troj/Nonaco-Gen

- Troj/Nonaco-Gen at Sophos

Troj/Nonaco-Gen is a family of Trojans for the Windows platform. Members of
Troj/Nonaco-Gen typically copy themselves to the Windows or Temp folder, and set a registry entry at the
following location to run themselves at startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\...

Troj/Notify-B

- Troj/Notify-B at Sophos

...

Troj/Small-ENC

- Troj/Small-ENC at Sophos

...

Mal/Behav-144

- Mal/Behav-144 at Sophos

Mal/Behav-144 is a malicious program for the Windows platform. Detection
for members of Mal/Behav-144 is behavior based. It is extremely important that customers report detections of
Mal/Behav-144 to Sophos and send a sample for analysis.
...

Troj/Agent-JRO

- Troj/Agent-JRO at Sophos

...

Troj/Agent-JRT

- Troj/Agent-JRT at Sophos

...

W32.Sens.A

- W32.Sens.A at Norton Symantec

W32.Sens.A is a virus that may infect files on the compromised computer. It may steal sensitive information
and may also download files from a remote location.
...

Bloodhound.PDF.12

- Bloodhound.PDF.12 at Norton Symantec

Bloodhound.PDF.12 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...