MWBLOG.ORG

Virus Malware and Threat News for 20090629

Bloodhound.Exploit.257

- Bloodhound.Exploit.257 at Norton Symantec

Bloodhound.Exploit.257 is a heuristic detection for potentially malicious files that may exploit
vulnerabilities in order to perform further malicious actions.
...

W32.Slegon

- W32.Slegon at Norton Symantec

W32.Slegon is a worm that spreads by copying itself to removable and mapped drives. It may also download files
on to the compromised computer.
...

WORM_IRCBOT.GAT

- WORM_IRCBOT.GAT at Trend Micro

This worm uses social engineering methods to lure users into performing certain actions that may, directly or
indirectly, cause malicious routines to be performed. Specifically, it makes use of MSN Messenger to send
copies of itself.It may be downloaded from remote sites by other malware.It may be downloaded unknowingly by a
user whe...

WORM_BLAZEBOT.A

- WORM_BLAZEBOT.A at Trend Micro

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be
downloaded unknowingly by a user when visiting malicious Web sites.It locates the download directory for
certain peer to peer applications where it drops a copy of itself. This worm uses enticing file names for its
dropped co...

WORM_KOOBFACE.JG

- WORM_KOOBFACE.JG at Trend Micro

This worm has received attention from independent media sources and/or other security firms.It may be
downloaded from remote sites by other malware. It may be installed manually by a user.When executed, it
accesses a certain website where it downloads another worm, which Trend Micro detects as WORM_KOOBFACE.CV. As
a result, malicious...

OSX_JAHLAV.C

- OSX_JAHLAV.C at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious Web sites. It may arrive as a
specific file. It comes as a MAC OS X mountable Disk Image file that contains INSTALL.PKG installer package
file. The said installer package file contains its malicious script and its component files. Upon execution of
this packa...

Mal/Behav-274

- Mal/Behav-274 at Sophos

...

Mal/Bifrose-U

- Mal/Bifrose-U at Sophos

...

Mal/DelpInj-A

- Mal/DelpInj-A at Sophos

...

Mal/EncPk-IU

- Mal/EncPk-IU at Sophos

...

Mal/Poeb-A

- Mal/Poeb-A at Sophos

...

Mal/PWS-AA

- Mal/PWS-AA at Sophos

...

Mal/SillyFDC-A

- Mal/SillyFDC-A at Sophos

Members of Mal/SillyFDC-A are worms which attempt to spread via removeable shared drives.
...

Troj/Agent-KJE

- Troj/Agent-KJE at Sophos

...

Troj/Bckdr-QWD

- Troj/Bckdr-QWD at Sophos

...

Troj/Dloadr-COU

- Troj/Dloadr-COU at Sophos

...

Bloodhound.Malautoit

- Bloodhound.Malautoit at Norton Symantec

Bloodhound.Malautoit is a heuristic detection for AutoIt compiled scripts that are considered malicious.
...

W32.SillyFDC.BCD

- W32.SillyFDC.BCD at Norton Symantec

W32.SillyFDC.BCD is a worm that spreads by copying itself to removable drives.
...

W32.Ackantta.F@mm

- W32.Ackantta.F@mm at Norton Symantec

W32.Ackantta.F@mm is a mass-mailing worm that spreads through removable drives and sends an email that
contains an attachment of itself. It may also download potentially malicious files from the Internet.
...

Troj/Agent-KJJ

- Troj/Agent-KJJ at Sophos

...

Troj/Agent-KJK

- Troj/Agent-KJK at Sophos

...

Troj/Agent-KJL

- Troj/Agent-KJL at Sophos

...

Troj/Agent-KJM

- Troj/Agent-KJM at Sophos

...

Troj/Dloadr-CPG

- Troj/Dloadr-CPG at Sophos

...

Troj/DwnLdr-HRM

- Troj/DwnLdr-HRM at Sophos

...

Troj/FakeAv-UX

- Troj/FakeAv-UX at Sophos

...

Troj/Zbot-GH

- Troj/Zbot-GH at Sophos

...

WM97/Cloac-A

- WM97/Cloac-A at Sophos

...

WM97/VMPCK1-F

- WM97/VMPCK1-F at Sophos

...

0 writebacks [06/30/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090628

VBS.Sasan

- VBS.Sasan at Norton Symantec

VBS.Sasan is a worm that spreads by copying itself to other drives.
...

Troj/Dloadr-CPE

- Troj/Dloadr-CPE at Sophos

...

Troj/Agent-KIS

- Troj/Agent-KIS at Sophos

...

Troj/FakeAV-UQ

- Troj/FakeAV-UQ at Sophos

...

Troj/Inject-HW

- Troj/Inject-HW at Sophos

...

Troj/Mdrop-CDJ

- Troj/Mdrop-CDJ at Sophos

...

Troj/AdClick-FO

- Troj/AdClick-FO at Sophos

Troj/AdClick-FO is a Trojan for the Windows platform. Troj/AdClick-FO
copies itself to <System>\net.net and sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run net <System>\net.net\
HK...

Troj/Agent-KIR

- Troj/Agent-KIR at Sophos

Troj/Agent-KIR is a Trojan for the Windows platform. When run
Troj/Agent-KIR creates the files: <Temp>\bassmod.dll - can be safely deleted
<Temp>\keygen.exe - detected as Troj/Agent-KIR <Temp>\nzm.exe - detected as
Troj/Agent-KIR <S...

Troj/FakeAV-UP

- Troj/FakeAV-UP at Sophos

Troj/FakeAV-UP is a Trojan for the Windows platform. When run
Troj/FakeAV-UP copies itself to <Windows>\sysguard.exe and sets the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Download CheckExeSignatures no
...

Troj/Agent-KIP

- Troj/Agent-KIP at Sophos

...

Troj/Agent-KIQ

- Troj/Agent-KIQ at Sophos

...

Bloodhound.Exploit.257

W32.Slegon

- W32.Slegon at Norton Symantec

W32.Slegon is a worm that spreads by copying itself to removable and mapped drives. It may also download files
on to the compromised computer.
...

WORM_IRCBOT.GAT

WORM_BLAZEBOT.A

WORM_KOOBFACE.JG

OSX_JAHLAV.C

Mal/Behav-274

- Mal/Behav-274 at Sophos

...

Mal/Bifrose-U

- Mal/Bifrose-U at Sophos

...

Mal/DelpInj-A

- Mal/DelpInj-A at Sophos

...

Mal/EncPk-IU

- Mal/EncPk-IU at Sophos

...

Mal/Poeb-A

- Mal/Poeb-A at Sophos

...

Mal/PWS-AA

- Mal/PWS-AA at Sophos

...

Mal/SillyFDC-A

- Mal/SillyFDC-A at Sophos

Members of Mal/SillyFDC-A are worms which attempt to spread via removeable shared drives.
...

Troj/Agent-KJE

- Troj/Agent-KJE at Sophos

...

Troj/Bckdr-QWD

- Troj/Bckdr-QWD at Sophos

...

Troj/Dloadr-COU

- Troj/Dloadr-COU at Sophos

...

0 writebacks [06/29/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090627

OSX_JAHLAV.B

- OSX_JAHLAV.B at Trend Micro

...

TROJ_FAKEAV.BBM

- TROJ_FAKEAV.BBM at Trend Micro

This Trojan may be downloaded from certain remote sites.It creates folders. It drops copies of itself.It drops
files/components. It creates registry entries to enable its automatic execution at every system startup. It
creates registry key(s)/entry(ies).This fake antivirus program stems from the news of Farrah Fawcett's death.
Users ...

Troj/Agent-KIN

- Troj/Agent-KIN at Sophos

...

Troj/Agent-KIO

- Troj/Agent-KIO at Sophos

...

Troj/Banker-ETE

- Troj/Banker-ETE at Sophos

Troj/Banker-ETE is a Trojan that steals bank details.
...

Troj/BHO-MP

- Troj/BHO-MP at Sophos

...

Troj/Bifrose-XE

- Troj/Bifrose-XE at Sophos

Troj/Bifrose-XE is a backdoor Trojan for the Windows platform
...

Troj/FakeAV-UO

- Troj/FakeAV-UO at Sophos

...

Troj/Flux-EJ

- Troj/Flux-EJ at Sophos

...

Troj/Flux-EK

- Troj/Flux-EK at Sophos

...

Troj/Lineag-DF

- Troj/Lineag-DF at Sophos

...

Troj/YahooPas-B

- Troj/YahooPas-B at Sophos

...

VBS.Sasan

- VBS.Sasan at Norton Symantec

VBS.Sasan is a worm that spreads by copying itself to other drives.
...

Troj/Dloadr-CPE

- Troj/Dloadr-CPE at Sophos

...

Troj/Agent-KIS

- Troj/Agent-KIS at Sophos

...

Troj/FakeAV-UQ

- Troj/FakeAV-UQ at Sophos

...

Troj/Inject-HW

- Troj/Inject-HW at Sophos

...

Troj/Mdrop-CDJ

- Troj/Mdrop-CDJ at Sophos

...

Troj/AdClick-FO

Troj/Agent-KIR

Troj/FakeAV-UP

Troj/Agent-KIP

- Troj/Agent-KIP at Sophos

...

Troj/Agent-KIQ

- Troj/Agent-KIQ at Sophos

...

0 writebacks [06/28/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090626

Infostealer.Opassmtp

- Infostealer.Opassmtp at Norton Symantec

...

Trojan.Winloggot

- Trojan.Winloggot at Norton Symantec

Trojan.Winloggot is a Trojan horse that opens a back door on the compromised computer.
...

Trojan.Winloggot!Inf

- Trojan.Winloggot!Inf at Norton Symantec

Trojan.Winloggot!Inf is a detection for files infected by Trojan.Winloggot.
...

Suspicious.Graybird.1

- Suspicious.Graybird.1 at Norton Symantec

Suspicious.Graybird.1 is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Mal/TDSS-D

- Mal/TDSS-D at Sophos

...

OSX/Jahlav-C

- OSX/Jahlav-C at Sophos

OSX/Jahlav-C is a Trojan created for the Mac OS X operating system. The initial malicious
installer is distributed as a missing Video ActiveX Object. As a part of the
installation a malicious shell script file AdobeFlash is created in /Library/Internet Plug-Ins folder and
setup to periodically run. ...

Troj/Agent-KII

- Troj/Agent-KII at Sophos

...

Troj/Agent-KIJ

- Troj/Agent-KIJ at Sophos

...

Troj/Dloadr-CPC

- Troj/Dloadr-CPC at Sophos

...

Troj/Dloadr-CPD

- Troj/Dloadr-CPD at Sophos

...

Troj/FakeAV-UN

- Troj/FakeAV-UN at Sophos

...

Troj/Inject-HV

- Troj/Inject-HV at Sophos

...

W32/Autoit-EA

- W32/Autoit-EA at Sophos

...

W32/AutoRun-AKK

- W32/AutoRun-AKK at Sophos

...

OSX_JAHLAV.B

- OSX_JAHLAV.B at Trend Micro

...

TROJ_FAKEAV.BBM

Troj/Agent-KIN

- Troj/Agent-KIN at Sophos

...

Troj/Agent-KIO

- Troj/Agent-KIO at Sophos

...

Troj/Banker-ETE

- Troj/Banker-ETE at Sophos

Troj/Banker-ETE is a Trojan that steals bank details.
...

Troj/BHO-MP

- Troj/BHO-MP at Sophos

...

Troj/Bifrose-XE

- Troj/Bifrose-XE at Sophos

Troj/Bifrose-XE is a backdoor Trojan for the Windows platform
...

Troj/FakeAV-UO

- Troj/FakeAV-UO at Sophos

...

Troj/Flux-EJ

- Troj/Flux-EJ at Sophos

...

Troj/Flux-EK

- Troj/Flux-EK at Sophos

...

Troj/Lineag-DF

- Troj/Lineag-DF at Sophos

...

Troj/YahooPas-B

- Troj/YahooPas-B at Sophos

...

0 writebacks [06/27/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090625

AntivirusAgentPro

- AntivirusAgentPro at Norton Symantec

BehaviorAntivirusAgentPro is a misleading application that may give exaggerated reports of threats on the
computer....

W32.SillyFDC.BCC

- W32.SillyFDC.BCC at Norton Symantec

W32.SillyFDC.BCC is a worm that spreads by copying itself to removable and mapped drives.
...

Bloodhound.Exploit.254

- Bloodhound.Exploit.254 at Norton Symantec

Bloodhound.Exploit.254 is a heuristic detection for files attempting to exploit the Microsoft Excel QSIR
Record Pointer Corruption Remote Code Execution Vulnerability (BID 35246).
...

W32.SillyFDC.BCB

- W32.SillyFDC.BCB at Norton Symantec

W32.SillyFDC.BCB is a worm that spreads by copying itself to removable and mapped drives.
...

W32.SillyFDC.BCA

- W32.SillyFDC.BCA at Norton Symantec

W32.SillyFDC.BCA is a worm that spreads by copying itself to removable and mapped drives.
...

Troj/DownLd-BAT

- Troj/DownLd-BAT at Sophos

...

Troj/Agent-KHV

- Troj/Agent-KHV at Sophos

...

Troj/Agent-KHW

- Troj/Agent-KHW at Sophos

Troj/Agent-KHW is a Trojan for the Windows platform. When Troj/Agent-KHW
is installed the following files are created: <System>\064a60.imk
<System>\adcjrm.fdf <System>\drivers\adcjrm.qwq The file adcjrm.
fdf is det...

Troj/Dloadr-CNW

- Troj/Dloadr-CNW at Sophos

...

Troj/FakeAle-OG

- Troj/FakeAle-OG at Sophos

Troj/FakeAle-OG is a Trojan for the Windows platform. Troj/FakeAle-OG
includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/FakeAle-OG is installed the following files is created: <Program
Files>\Per...

Troj/FakeAv-UM

- Troj/FakeAv-UM at Sophos

...

Troj/Lolyda-G

- Troj/Lolyda-G at Sophos

...

Troj/Spy-DD

- Troj/Spy-DD at Sophos

...

Troj/Spy-DE

- Troj/Spy-DE at Sophos

...

W32/Autorun-AKH

- W32/Autorun-AKH at Sophos

...

Infostealer.Opassmtp

- Infostealer.Opassmtp at Norton Symantec

...

Trojan.Winloggot

- Trojan.Winloggot at Norton Symantec

Trojan.Winloggot is a Trojan horse that opens a back door on the compromised computer.
...

Trojan.Winloggot!Inf

- Trojan.Winloggot!Inf at Norton Symantec

Trojan.Winloggot!Inf is a detection for files infected by Trojan.Winloggot.
...

Suspicious.Graybird.1

Mal/TDSS-D

- Mal/TDSS-D at Sophos

...

OSX/Jahlav-C

Troj/Agent-KII

- Troj/Agent-KII at Sophos

...

Troj/Agent-KIJ

- Troj/Agent-KIJ at Sophos

...

Troj/Dloadr-CPC

- Troj/Dloadr-CPC at Sophos

...

Troj/Dloadr-CPD

- Troj/Dloadr-CPD at Sophos

...

Troj/FakeAV-UN

- Troj/FakeAV-UN at Sophos

...

Troj/Inject-HV

- Troj/Inject-HV at Sophos

...

W32/Autoit-EA

- W32/Autoit-EA at Sophos

...

W32/AutoRun-AKK

- W32/AutoRun-AKK at Sophos

...

0 writebacks [06/26/2009 21:43] [] permanent link

Virus Malware and Threat News for 20090624

Packed.Generic.238

- Packed.Generic.238 at Norton Symantec

Packed.Generic.238 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.237

- Packed.Generic.237 at Norton Symantec

Packed.Generic.237 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Suspicious.S.MrC

- Suspicious.S.MrC at Norton Symantec

Suspicious.S.MrC is a detection technology designed to detect entirely new malware threats without traditional
signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or
morphed by attackers.
...

WORM_RANSOM.FD

- WORM_RANSOM.FD at Trend Micro

This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be
downloaded unknowingly by a user when visiting malicious Web sites.It drops copies of itself. It drops
files/components. It creates registry entries to enable its automatic execution at every system startup.It
creates registr...

Troj/ZipCard-C

- Troj/ZipCard-C at Sophos

...

W32/Autorun-AKG

- W32/Autorun-AKG at Sophos

W32/Autorun-AKG is an email and USB worm. When installed the worm will copy
itself to the Windows system folder as winlogin.exe and add a firewall rule to allow winlogin.exe to
communicate with other computers. The worm will install several files:
<sy...

Troj/Agent-KHH

- Troj/Agent-KHH at Sophos

...

Troj/Fbot-A

- Troj/Fbot-A at Sophos

When first run, Troj/Fbot-A copies itself to the following locations:
<Windows>\winrun.exe <Windows>\winlogin.exe The following
registry entry is created to start Troj/FBot-A when Windows starts: HKCU\Software\Microsoft\Windows
NT\CurrentVersion\Windows ...

W32/Starter-J

- W32/Starter-J at Sophos

W32/Starter-J is a multicomponent worm for the Windows platform where executable components are
detected as Troj/Agent-KEY. The worm may include the following files:
OSPUM.exe suchost.exe Adobe.bat Adobe.vbs Desktop.ini
...

XM97/Ksart-A

- XM97/Ksart-A at Sophos

XM97/Ksart-A is a macro virus. XM97/Ksart-A may display "ya estoy infectado
!!!!"....

XM97/Permnt-A

- XM97/Permnt-A at Sophos

XM97/Permnt-A is an excel macro virus. When XM97/Permnt-A infects it
creates a file PERSONAL.XLS in the XLSTART folder.
...

XM97/Ranger-A

- XM97/Ranger-A at Sophos

XM97/Ranger-A is a macro virus. Every time an infected excel file is opened
a file in the XLSTART folder called PROJETOV.XLS is created. PERSONAL.XLS is automatically opened every time
Excel is run. te. From then on, the virus infects every workbook used.
...

AntivirusAgentPro

- AntivirusAgentPro at Norton Symantec

BehaviorAntivirusAgentPro is a misleading application that may give exaggerated reports of threats on the
computer....

W32.SillyFDC.BCC

- W32.SillyFDC.BCC at Norton Symantec

W32.SillyFDC.BCC is a worm that spreads by copying itself to removable and mapped drives.
...

Bloodhound.Exploit.254

W32.SillyFDC.BCB

- W32.SillyFDC.BCB at Norton Symantec

W32.SillyFDC.BCB is a worm that spreads by copying itself to removable and mapped drives.
...

W32.SillyFDC.BCA

- W32.SillyFDC.BCA at Norton Symantec

W32.SillyFDC.BCA is a worm that spreads by copying itself to removable and mapped drives.
...

Troj/DownLd-BAT

- Troj/DownLd-BAT at Sophos

...

Troj/Agent-KHV

- Troj/Agent-KHV at Sophos

...

Troj/Agent-KHW

Troj/Dloadr-CNW

- Troj/Dloadr-CNW at Sophos

...

Troj/FakeAle-OG

Troj/FakeAv-UM

- Troj/FakeAv-UM at Sophos

...

Troj/Lolyda-G

- Troj/Lolyda-G at Sophos

...

Troj/Spy-DD

- Troj/Spy-DD at Sophos

...

Troj/Spy-DE

- Troj/Spy-DE at Sophos

...

W32/Autorun-AKH

- W32/Autorun-AKH at Sophos

...

0 writebacks [06/25/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090623

IACommand

- IACommand at Norton Symantec

BehaviorIACommand is a program that may be installed as part of a remote access application.
...

ErrorFix

- ErrorFix at Norton Symantec

BehaviorErrorFix is a misleading application that may give exaggerated reports of threats on the computer.
...

Trojan.Spadenf

- Trojan.Spadenf at Norton Symantec

Trojan.Spadenf is a Trojan horse that downloads files and sends spam emails from the compromised computer.
...

Troj/Agent-KGV

- Troj/Agent-KGV at Sophos

...

Troj/Agent-KGW

- Troj/Agent-KGW at Sophos

...

Troj/Agent-KGX

- Troj/Agent-KGX at Sophos

...

Troj/Bdoor-AVN

- Troj/Bdoor-AVN at Sophos

Troj/Bdoor-AVN is a Trojan for the Windows platform. Troj/Bdoor-AVN
contacts a remote webserver and enables remote access to the infected computer.
Troj/Bdoor-AVN deletes the original <SYSTEM>\proquota.exe file and copies itself to
<SYSTEM>\wbem\proquota.exe. ...

Troj/Clickr-K

- Troj/Clickr-K at Sophos

...

Troj/Dloadr-COW

- Troj/Dloadr-COW at Sophos

...

Troj/FakeAV-UA

- Troj/FakeAV-UA at Sophos

...

Troj/JSDown-M

- Troj/JSDown-M at Sophos

...

Troj/RK-F

- Troj/RK-F at Sophos

...

Troj/Zlubu-B

- Troj/Zlubu-B at Sophos

Troj/Zlubu-B is a Trojan for the Windows platform.Troj/Zlubu-B attempts to delete certain files and registry
entries sometimes associated with Zlob Trojans.
...

Packed.Generic.238

- Packed.Generic.238 at Norton Symantec

Packed.Generic.238 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.237

- Packed.Generic.237 at Norton Symantec

Packed.Generic.237 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Suspicious.S.MrC

WORM_RANSOM.FD

Troj/ZipCard-C

- Troj/ZipCard-C at Sophos

...

W32/Autorun-AKG

Troj/Agent-KHH

- Troj/Agent-KHH at Sophos

...

Troj/Fbot-A

W32/Starter-J

XM97/Ksart-A

- XM97/Ksart-A at Sophos

XM97/Ksart-A is a macro virus. XM97/Ksart-A may display "ya estoy infectado
!!!!"....

XM97/Permnt-A

- XM97/Permnt-A at Sophos

XM97/Permnt-A is an excel macro virus. When XM97/Permnt-A infects it
creates a file PERSONAL.XLS in the XLSTART folder.
...

XM97/Ranger-A

0 writebacks [06/24/2009 21:40] [] permanent link

Virus Malware and Threat News for 20090622

Bloodhound.Exploit.244

- Bloodhound.Exploit.244 at Norton Symantec

Bloodhound.Exploit.244 is a heuristic detection for files attempting to exploit the Microsoft DirectX
DirectShow QuickTime Video Remote Code Execution Vulnerability (BID 35139).
...

Troj/Agent-KGH

- Troj/Agent-KGH at Sophos

...

Troj/Agent-KGJ

- Troj/Agent-KGJ at Sophos

...

Troj/Agent-KGK

- Troj/Agent-KGK at Sophos

...

Troj/Agent-KGM

- Troj/Agent-KGM at Sophos

...

Troj/Agent-KGN

- Troj/Agent-KGN at Sophos

...

Troj/Sudiet-A

- Troj/Sudiet-A at Sophos

...

W32/Poebot-NE

- W32/Poebot-NE at Sophos

...

W32/Poebot-NF

- W32/Poebot-NF at Sophos

...

W32/Poebot-NG

- W32/Poebot-NG at Sophos

...

IACommand

- IACommand at Norton Symantec

BehaviorIACommand is a program that may be installed as part of a remote access application.
...

ErrorFix

- ErrorFix at Norton Symantec

BehaviorErrorFix is a misleading application that may give exaggerated reports of threats on the computer.
...

Trojan.Spadenf

- Trojan.Spadenf at Norton Symantec

Trojan.Spadenf is a Trojan horse that downloads files and sends spam emails from the compromised computer.
...

Troj/Agent-KGV

- Troj/Agent-KGV at Sophos

...

Troj/Agent-KGW

- Troj/Agent-KGW at Sophos

...

Troj/Agent-KGX

- Troj/Agent-KGX at Sophos

...

Troj/Bdoor-AVN

Troj/Clickr-K

- Troj/Clickr-K at Sophos

...

Troj/Dloadr-COW

- Troj/Dloadr-COW at Sophos

...

Troj/FakeAV-UA

- Troj/FakeAV-UA at Sophos

...

Troj/JSDown-M

- Troj/JSDown-M at Sophos

...

Troj/RK-F

- Troj/RK-F at Sophos

...

Troj/Zlubu-B

- Troj/Zlubu-B at Sophos

Troj/Zlubu-B is a Trojan for the Windows platform.Troj/Zlubu-B attempts to delete certain files and registry
entries sometimes associated with Zlob Trojans.
...

0 writebacks [06/23/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090621

Troj/FakeAV-TO

- Troj/FakeAV-TO at Sophos

...

Troj/FakeVir-NH

- Troj/FakeVir-NH at Sophos

...

Troj/Agent-KGF

- Troj/Agent-KGF at Sophos

...

Troj/Banker-ETA

- Troj/Banker-ETA at Sophos

...

Troj/Delwin-AB

- Troj/Delwin-AB at Sophos

Troj/Delwin-AB is a batch script Trojan that attempts to delete critical Windows system files,
disable Windows firewall and terminate other Windows security processes.
...

Troj/Dropr-BB

- Troj/Dropr-BB at Sophos

...

Troj/Delf-FCP

- Troj/Delf-FCP at Sophos

...

Troj/VB-EEN

- Troj/VB-EEN at Sophos

...

Troj/Bancos-BFV

- Troj/Bancos-BFV at Sophos

...

Bloodhound.Exploit.244

Troj/Agent-KGH

- Troj/Agent-KGH at Sophos

...

Troj/Agent-KGJ

- Troj/Agent-KGJ at Sophos

...

Troj/Agent-KGK

- Troj/Agent-KGK at Sophos

...

Troj/Agent-KGM

- Troj/Agent-KGM at Sophos

...

Troj/Agent-KGN

- Troj/Agent-KGN at Sophos

...

Troj/Sudiet-A

- Troj/Sudiet-A at Sophos

...

W32/Poebot-NE

- W32/Poebot-NE at Sophos

...

W32/Poebot-NF

- W32/Poebot-NF at Sophos

...

W32/Poebot-NG

- W32/Poebot-NG at Sophos

...

0 writebacks [06/22/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090620

WORM_SDBOT.DHY

- WORM_SDBOT.DHY at Trend Micro

...

Troj/PcClien-MX

- Troj/PcClien-MX at Sophos

...

Troj/H2TExp-A

- Troj/H2TExp-A at Sophos

...

Troj/PhpExp-A

- Troj/PhpExp-A at Sophos

...

Troj/Agent-KGE

- Troj/Agent-KGE at Sophos

...

Troj/BankDl-DR

- Troj/BankDl-DR at Sophos

...

Troj/Banker-ESW

- Troj/Banker-ESW at Sophos

Troj/Banker-ESW is a Trojan for the Windows platform. When run
Troj/Banker-ESW copies itself to <System>\ocxlist\BbSeg.exe and sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Bb-Seg
<System>\ocxlist\BbSeg....

Troj/Oficla-A

- Troj/Oficla-A at Sophos

...

Mal/RKBlaze-A

- Mal/RKBlaze-A at Sophos

Mal/RKBlaze-A is a family of rootkits for the Windows platform, usually designed to hide running
processes.
...

Troj/Akbot-A

- Troj/Akbot-A at Sophos

Troj/Akbot-A is a Trojan for the Windows platform.Troj/Akbot-A runs continuously in the background, providing
a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run Troj/Akbot-A copies itself to <System>\msws2_32.exe.The following registry entry is
created t...

Troj/SWFLdr-A

- Troj/SWFLdr-A at Sophos

Troj/SWFLdr-A is a ShockWave Trojan which decodes and loads another malicious ShockWave object.
...

Troj/FakeAV-TO

- Troj/FakeAV-TO at Sophos

...

Troj/FakeVir-NH

- Troj/FakeVir-NH at Sophos

...

Troj/Agent-KGF

- Troj/Agent-KGF at Sophos

...

Troj/Banker-ETA

- Troj/Banker-ETA at Sophos

...

Troj/Delwin-AB

- Troj/Delwin-AB at Sophos

Troj/Delwin-AB is a batch script Trojan that attempts to delete critical Windows system files,
disable Windows firewall and terminate other Windows security processes.
...

Troj/Dropr-BB

- Troj/Dropr-BB at Sophos

...

Troj/Delf-FCP

- Troj/Delf-FCP at Sophos

...

Troj/VB-EEN

- Troj/VB-EEN at Sophos

...

Troj/Bancos-BFV

- Troj/Bancos-BFV at Sophos

...

0 writebacks [06/21/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090619

W32.Troresba

- W32.Troresba at Norton Symantec

...

Packed.Generic.236

- Packed.Generic.236 at Norton Symantec

...

W32.SillyFDC.BBY

- W32.SillyFDC.BBY at Norton Symantec

W32.SillyFDC.BBY is a worm that spreads by copying itself to removable drives.
...

Bloodhound.Exploit.256

- Bloodhound.Exploit.256 at Norton Symantec

Bloodhound.Exploit.256 is a heuristic detection for files attempting to exploit the Sun Java Runtime
Environment and Java Development Kit Multiple Security Vulnerabilities (BID 32608).
...

Suspicious.S.Gen

- Suspicious.S.Gen at Norton Symantec

Suspicious.S.Gen is a detection technology designed to detect entirely new malware threats without traditional
signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or
morphed by attackers.
...

Suspicious.S.Bifrose

- Suspicious.S.Bifrose at Norton Symantec

Suspicious.S.Bifrose is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Suspicious.S.Zlob

- Suspicious.S.Zlob at Norton Symantec

Suspicious.S.Zlob is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Troj/Agent-KGB

- Troj/Agent-KGB at Sophos

...

Troj/Bckdr-QVP

- Troj/Bckdr-QVP at Sophos

...

Troj/Inject-HR

- Troj/Inject-HR at Sophos

...

Troj/Rbot-GXX

- Troj/Rbot-GXX at Sophos

...

W32/VBTriv-Gen

- W32/VBTriv-Gen at Sophos

W32/VBTriv-Gen is a family of worms that attempt to spread by making copies of themselves in the
shared directories of various peer-to-peer filesharing programs. When first run,
members of W32/VBTriv-Gen typically copy themselves to the following location:
<User>\Localdir\svchost.ex...

Troj/BHO-MJ

- Troj/BHO-MJ at Sophos

...

Troj/BHO-MK

- Troj/BHO-MK at Sophos

...

Troj/DwnLdr-HTK

- Troj/DwnLdr-HTK at Sophos

Troj/DwnLdr-HTK is a downloader Trojan for the Windows platform.
...

Troj/PWS-BBU

- Troj/PWS-BBU at Sophos

...

WORM_SDBOT.DHY

- WORM_SDBOT.DHY at Trend Micro

...

Troj/PcClien-MX

- Troj/PcClien-MX at Sophos

...

Troj/H2TExp-A

- Troj/H2TExp-A at Sophos

...

Troj/PhpExp-A

- Troj/PhpExp-A at Sophos

...

Troj/Agent-KGE

- Troj/Agent-KGE at Sophos

...

Troj/BankDl-DR

- Troj/BankDl-DR at Sophos

...

Troj/Banker-ESW

Troj/Oficla-A

- Troj/Oficla-A at Sophos

...

Mal/RKBlaze-A

- Mal/RKBlaze-A at Sophos

Mal/RKBlaze-A is a family of rootkits for the Windows platform, usually designed to hide running
processes.
...

Troj/Akbot-A

Troj/SWFLdr-A

- Troj/SWFLdr-A at Sophos

Troj/SWFLdr-A is a ShockWave Trojan which decodes and loads another malicious ShockWave object.
...

0 writebacks [06/20/2009 21:40] [] permanent link

Virus Malware and Threat News for 20090618

Bloodhound.PDF.15

- Bloodhound.PDF.15 at Norton Symantec

Bloodhound.PDF.15 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Bloodhound.Exploit.251

- Bloodhound.Exploit.251 at Norton Symantec

Bloodhound.Exploit.251 is a heuristic detection for files attempting to exploit the Microsoft Excel Malformed
Shared String Table Record Integer Overflow Vulnerability (BID 35245).
...

Bloodhound.Exploit.250

- Bloodhound.Exploit.250 at Norton Symantec

Bloodhound.Exploit.250 is a heuristic detection for files attempting to exploit the Microsoft Excel Field
Sanitization Remote Code Execution Vulnerability (BID 35244).
...

Bloodhound.Exploit.249

- Bloodhound.Exploit.249 at Norton Symantec

Bloodhound.Exploit.249 is a heuristic detection for files attempting to exploit the Microsoft Excel String
Copy Stack Overflow Remote Code Execution Vulnerability (BID 35243).
...

Bloodhound.Exploit.245

- Bloodhound.Exploit.245 at Norton Symantec

Bloodhound.Exploit.245 is a heuristic detection for files that exploit the Microsoft Excel Record Object
Remote Code Execution Vulnerability (BID 35241).
...

Bloodhound.Exploit.252

- Bloodhound.Exploit.252 at Norton Symantec

Bloodhound.Exploit.252 is a heuristic detection for files that exploit the Microsoft Excel Record Pointer
Corruption Remote Code Execution Vulnerability (BID 35215).
...

Troj/Agent-KFO

- Troj/Agent-KFO at Sophos

...

Troj/Agent-KFP

- Troj/Agent-KFP at Sophos

...

Troj/Dloadr-COO

- Troj/Dloadr-COO at Sophos

...

Troj/Agent-KFM

- Troj/Agent-KFM at Sophos

...

Troj/Dloadr-COM

- Troj/Dloadr-COM at Sophos

...

Troj/Dloadr-CON

- Troj/Dloadr-CON at Sophos

...

Troj/FakeAle-OF

- Troj/FakeAle-OF at Sophos

...

Troj/MDrop-CBS

- Troj/MDrop-CBS at Sophos

...

Troj/PDFJs-BO

- Troj/PDFJs-BO at Sophos

...

Troj/SWF-H

- Troj/SWF-H at Sophos

...

W32.Troresba

- W32.Troresba at Norton Symantec

...

Packed.Generic.236

- Packed.Generic.236 at Norton Symantec

...

W32.SillyFDC.BBY

- W32.SillyFDC.BBY at Norton Symantec

W32.SillyFDC.BBY is a worm that spreads by copying itself to removable drives.
...

Bloodhound.Exploit.256

Suspicious.S.Gen

Suspicious.S.Bifrose

Suspicious.S.Zlob

Troj/Agent-KGB

- Troj/Agent-KGB at Sophos

...

Troj/Bckdr-QVP

- Troj/Bckdr-QVP at Sophos

...

Troj/Inject-HR

- Troj/Inject-HR at Sophos

...

Troj/Rbot-GXX

- Troj/Rbot-GXX at Sophos

...

W32/VBTriv-Gen

Troj/BHO-MJ

- Troj/BHO-MJ at Sophos

...

Troj/BHO-MK

- Troj/BHO-MK at Sophos

...

Troj/DwnLdr-HTK

- Troj/DwnLdr-HTK at Sophos

Troj/DwnLdr-HTK is a downloader Trojan for the Windows platform.
...

Troj/PWS-BBU

- Troj/PWS-BBU at Sophos

...

0 writebacks [06/19/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090617

W32.SillyFDC.BBW

- W32.SillyFDC.BBW at Norton Symantec

W32.SillyFDC.BBW is a worm that spreads by copying itself to removable drives.
...

Suspicious.S.Vundo.3

- Suspicious.S.Vundo.3 at Norton Symantec

Suspicious.S.Vundo.3 is a detection technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.
...

Trojan.Amoevae

- Trojan.Amoevae at Norton Symantec

Trojan.Amoevae is a Trojan horse that exploits the Microsoft DirectX DirectShow QuickTime Video Remote Code
Execution Vulnerability (BID 35139) to execute arbitrary code and download files on to the compromised
computer....

VBS.Mutafrog!inf

- VBS.Mutafrog!inf at Norton Symantec

VBS.Mutafrog!inf is a detection for files infected with code that infects files and drops more malware on to
the compromised computer.
...

W32.Grenail.E!inf

- W32.Grenail.E!inf at Norton Symantec

W32.Grenail.E!inf is a detection for files infected to execute other malicious files during execution.
...

W32.Fujacks.CA

- W32.Fujacks.CA at Norton Symantec

W32.Fujacks.CA is a virus that infects executable files and spreads through network shares.
...

W32.Ackantta.C@mm

- W32.Ackantta.C@mm at Norton Symantec

W32.Ackantta.C@mm is a mass-mailing worm that spreads through file-sharing programs and sends spam email that
contains links to malicious files.
...

Packed.Generic.235

- Packed.Generic.235 at Norton Symantec

Packed.Generic.235 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.226

- Packed.Generic.226 at Norton Symantec

Packed.Generic.226 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

TROJ_PIDIEF.RR

- TROJ_PIDIEF.RR at Trend Micro

Trend Micro has flagged this Trojan as noteworthy due to the increased potential for damage, propagation, or
both, that it possesses. Specifically, it exploits multiple vulnerabilities in Adobe Acrobat and Adobe Reader
to perform malicious routines. This Trojan arrives as attachment to email messages spammed by another malware
or a m...

TROJ_ILOMO.FO

- TROJ_ILOMO.FO at Trend Micro

...

OSX_RSPLUG.E

- OSX_RSPLUG.E at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious websites. The said websites
encourage users to download software needed to play the video on the said site.It arrives as .DMG file, which
is a MAC OS X mountable disk image file. It contains a .PKG file which contains component files. When executed,
it displa...

TROJ_DROPPER.NXA

- TROJ_DROPPER.NXA at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious Web sites.It drops and executes
malicious file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
...

TROJ_DLOADR.API

- TROJ_DLOADR.API at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious Web sites.It downloads files,
which it then executes. As a result, malicious routines of the downloaded files are exhibited on the affected
system.It connects to possibly malicious Web sites.
...

JS_DLOADR.APO

- JS_DLOADR.APO at Trend Micro

This malicious JavaScript (JS) file may be hosted on a Web site and run when a user accesses the said Web site.
It adds an IFRAME tags to redirect users to a certain Web site. The said Web site is detected by Trend Micro
as TROJ_DLOADR.API. The said tag(s) are added to Web sites visited by a user after using several popular
search eng...

OSX_RSPLUG.C

- OSX_RSPLUG.C at Trend Micro

This Trojan may be downloaded unknowingly by a user when visiting malicious websites. The said websites
encourage users to download software needed to play the video on the said site.It arrives as .DMG file, which
is a MAC OS X mountable disk image file. It contains a .PKG file which contains component files. When executed,
it displa...

Troj/Agent-KFD

- Troj/Agent-KFD at Sophos

...

Troj/Dloadr-COF

- Troj/Dloadr-COF at Sophos

...

Troj/Dloadr-COG

- Troj/Dloadr-COG at Sophos

...

Troj/Dloadr-COH

- Troj/Dloadr-COH at Sophos

...

Troj/Dloadr-COI

- Troj/Dloadr-COI at Sophos

...

Troj/Dloadr-COJ

- Troj/Dloadr-COJ at Sophos

...

Troj/Dloadr-COK

- Troj/Dloadr-COK at Sophos

...

Troj/Dloadr-COL

- Troj/Dloadr-COL at Sophos

...

Troj/KillDisk-B

- Troj/KillDisk-B at Sophos

...

Troj/Renos-DA

- Troj/Renos-DA at Sophos

...

Bloodhound.PDF.15

- Bloodhound.PDF.15 at Norton Symantec

Bloodhound.PDF.15 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Bloodhound.Exploit.251

Bloodhound.Exploit.250

Bloodhound.Exploit.249

Bloodhound.Exploit.245

Bloodhound.Exploit.252

Troj/Agent-KFO

- Troj/Agent-KFO at Sophos

...

Troj/Agent-KFP

- Troj/Agent-KFP at Sophos

...

Troj/Dloadr-COO

- Troj/Dloadr-COO at Sophos

...

Troj/Agent-KFM

- Troj/Agent-KFM at Sophos

...

Troj/Dloadr-COM

- Troj/Dloadr-COM at Sophos

...

Troj/Dloadr-CON

- Troj/Dloadr-CON at Sophos

...

Troj/FakeAle-OF

- Troj/FakeAle-OF at Sophos

...

Troj/MDrop-CBS

- Troj/MDrop-CBS at Sophos

...

Troj/PDFJs-BO

- Troj/PDFJs-BO at Sophos

...

Troj/SWF-H

- Troj/SWF-H at Sophos

...

0 writebacks [06/18/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090616

W32.SillyFDC.BBW

- W32.SillyFDC.BBW at Norton Symantec

W32.SillyFDC.BBW is a worm that spreads by copying itself to removable drives.
...

Suspicious.S.Vundo.3

Trojan.Amoevae

VBS.Mutafrog!inf

- VBS.Mutafrog!inf at Norton Symantec

VBS.Mutafrog!inf is a detection for files infected with code that infects files and drops more malware on to
the compromised computer.
...

W32.Grenail.E!inf

- W32.Grenail.E!inf at Norton Symantec

W32.Grenail.E!inf is a detection for files infected to execute other malicious files during execution.
...

W32.Fujacks.CA

- W32.Fujacks.CA at Norton Symantec

W32.Fujacks.CA is a virus that infects executable files and spreads through network shares.
...

W32.Ackantta.C@mm

- W32.Ackantta.C@mm at Norton Symantec

W32.Ackantta.C@mm is a mass-mailing worm that spreads through file-sharing programs and sends spam email that
contains links to malicious files.
...

Packed.Generic.235

- Packed.Generic.235 at Norton Symantec

Packed.Generic.235 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.226

- Packed.Generic.226 at Norton Symantec

Packed.Generic.226 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

TROJ_PIDIEF.RR

TROJ_ILOMO.FO

- TROJ_ILOMO.FO at Trend Micro

...

OSX_RSPLUG.E

TROJ_DROPPER.NXA

TROJ_DLOADR.API

JS_DLOADR.APO

OSX_RSPLUG.C

Troj/Agent-KFD

- Troj/Agent-KFD at Sophos

...

Troj/Dloadr-COF

- Troj/Dloadr-COF at Sophos

...

Troj/Dloadr-COG

- Troj/Dloadr-COG at Sophos

...

Troj/Dloadr-COH

- Troj/Dloadr-COH at Sophos

...

Troj/Dloadr-COI

- Troj/Dloadr-COI at Sophos

...

Troj/Dloadr-COJ

- Troj/Dloadr-COJ at Sophos

...

Troj/Dloadr-COK

- Troj/Dloadr-COK at Sophos

...

Troj/Dloadr-COL

- Troj/Dloadr-COL at Sophos

...

Troj/KillDisk-B

- Troj/KillDisk-B at Sophos

...

Troj/Renos-DA

- Troj/Renos-DA at Sophos

...

0 writebacks [06/17/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090615

0 writebacks [06/16/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090614

0 writebacks [06/15/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090613

0 writebacks [06/14/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090612

0 writebacks [06/13/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090611

0 writebacks [06/12/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090610

0 writebacks [06/11/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090609

Virus:W32/Sality.AA

- Virus:W32/Sality.AA at F-Secure

...

Trojan.Ransomcrypt

- Trojan.Ransomcrypt at Norton Symantec

Trojan.Ransomcrypt is a Trojan horse that encrypts certain documents on the compromised computer. It then
issues a ransom demand.
...

X97M.Ecmetsys

- X97M.Ecmetsys at Norton Symantec

X97M.Ecmetsys is a macro virus that infects Microsoft Excel files.
...

XPDeluxeProtector

- XPDeluxeProtector at Panda

It is an adware program which deceives users and warns them of unexisting threats in their computers. In order
to eliminate them, they are enticed to purchase a certain program.
...

Troj/FakeAle-NV

- Troj/FakeAle-NV at Sophos

...

Troj/FakeAV-RY

- Troj/FakeAV-RY at Sophos

...

Troj/FakeVir-MW

- Troj/FakeVir-MW at Sophos

...

Troj/RKDrop-F

- Troj/RKDrop-F at Sophos

Troj/RKDrop-F is a Trojan for the windows platform. Troj/RKDrop-F drops
more malware to <SYSTEM>\sdra64.exe on the infected computer, detected as Mal/FakeAV-AX.
...

Troj/Zbot-GB

- Troj/Zbot-GB at Sophos

Troj/Zbot-GB is a Trojan for the Windows platform. Troj/Zbot-GB copies
itself to <SYSTEM>\msxmlra.exe. Troj/Zbot-GB enables remote access to the
infected computer....

Troj/RKDrop-E

- Troj/RKDrop-E at Sophos

...

Troj/Skaw-A

- Troj/Skaw-A at Sophos

Troj/Skaw-A is a Trojan for the Windows platform. Troj/Skaw-A includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Skaw-A copies itself to <User>\Application Data\wks.exe. The
following re...

W32/Autorun-AJF

- W32/Autorun-AJF at Sophos

...

Troj/PDFEx-AT

- Troj/PDFEx-AT at Sophos

Troj/PDFEx-AT is a PDF that contains malicious JavaScript
...

0 writebacks [06/10/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090608

Bloodhound.PDF.13

- Bloodhound.PDF.13 at Norton Symantec

Bloodhound.PDF.13 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.233

- Packed.Generic.233 at Norton Symantec

Packed.Generic.233 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Mal/Bifrose-T

- Mal/Bifrose-T at Sophos

...

Mal/EncPk-HG

- Mal/EncPk-HG at Sophos

...

Mal/PWS-U

- Mal/PWS-U at Sophos

...

Mal/PWS-Z

- Mal/PWS-Z at Sophos

...

Troj/Agent-JQQ

- Troj/Agent-JQQ at Sophos

...

Troj/Agent-JQX

- Troj/Agent-JQX at Sophos

...

Troj/Iframe-BX

- Troj/Iframe-BX at Sophos

Troj/Iframe-BX is a malicious JavaScript that loads other bad webpages.
...

Troj/VB-EDF

- Troj/VB-EDF at Sophos

...

W32/Tiotua-BA

- W32/Tiotua-BA at Sophos

...

Mal/Zbot-M

- Mal/Zbot-M at Sophos

...

Virus:W32/Sality.AA

- Virus:W32/Sality.AA at F-Secure

...

Trojan.Ransomcrypt

- Trojan.Ransomcrypt at Norton Symantec

Trojan.Ransomcrypt is a Trojan horse that encrypts certain documents on the compromised computer. It then
issues a ransom demand.
...

X97M.Ecmetsys

- X97M.Ecmetsys at Norton Symantec

X97M.Ecmetsys is a macro virus that infects Microsoft Excel files.
...

XPDeluxeProtector

Troj/FakeAle-NV

- Troj/FakeAle-NV at Sophos

...

Troj/FakeAV-RY

- Troj/FakeAV-RY at Sophos

...

Troj/FakeVir-MW

- Troj/FakeVir-MW at Sophos

...

Troj/RKDrop-F

- Troj/RKDrop-F at Sophos

Troj/RKDrop-F is a Trojan for the windows platform. Troj/RKDrop-F drops
more malware to <SYSTEM>\sdra64.exe on the infected computer, detected as Mal/FakeAV-AX.
...

Troj/Zbot-GB

- Troj/Zbot-GB at Sophos

Troj/Zbot-GB is a Trojan for the Windows platform. Troj/Zbot-GB copies
itself to <SYSTEM>\msxmlra.exe. Troj/Zbot-GB enables remote access to the
infected computer....

Troj/RKDrop-E

- Troj/RKDrop-E at Sophos

...

Troj/Skaw-A

W32/Autorun-AJF

- W32/Autorun-AJF at Sophos

...

Troj/PDFEx-AT

- Troj/PDFEx-AT at Sophos

Troj/PDFEx-AT is a PDF that contains malicious JavaScript
...

0 writebacks [06/09/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090607

Troj/Banker-ESR

- Troj/Banker-ESR at Sophos

...

Troj/Banker-ESS

- Troj/Banker-ESS at Sophos

...

Troj/Banker-EST

- Troj/Banker-EST at Sophos

...

Troj/Banker-ESU

- Troj/Banker-ESU at Sophos

...

Troj/Bckdr-QVD

- Troj/Bckdr-QVD at Sophos

...

Troj/FakeAV-SU

- Troj/FakeAV-SU at Sophos

...

Troj/Dldr-AG

- Troj/Dldr-AG at Sophos

...

W32/Autorun-AEE

- W32/Autorun-AEE at Sophos

...

Troj/Agent-JNJ

- Troj/Agent-JNJ at Sophos

...

Troj/Dldr-AF

- Troj/Dldr-AF at Sophos

...

Bloodhound.PDF.13

- Bloodhound.PDF.13 at Norton Symantec

Bloodhound.PDF.13 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.233

- Packed.Generic.233 at Norton Symantec

Packed.Generic.233 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Mal/Bifrose-T

- Mal/Bifrose-T at Sophos

...

Mal/EncPk-HG

- Mal/EncPk-HG at Sophos

...

Mal/PWS-U

- Mal/PWS-U at Sophos

...

Mal/PWS-Z

- Mal/PWS-Z at Sophos

...

Troj/Agent-JQQ

- Troj/Agent-JQQ at Sophos

...

Troj/Agent-JQX

- Troj/Agent-JQX at Sophos

...

Troj/Iframe-BX

- Troj/Iframe-BX at Sophos

Troj/Iframe-BX is a malicious JavaScript that loads other bad webpages.
...

Troj/VB-EDF

- Troj/VB-EDF at Sophos

...

W32/Tiotua-BA

- W32/Tiotua-BA at Sophos

...

Mal/Zbot-M

- Mal/Zbot-M at Sophos

...

0 writebacks [06/08/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090606

Troj/Agent-JKU

- Troj/Agent-JKU at Sophos

Troj/Agent-JKU is a Trojan for the Windows platform. When Troj/Agent-JKU is
installed the following files are created: <Program Files>\MicPhone\antit.dll
<Program Files>\MicPhone\antit.exe The following registry entry is created
to...

W32/AutoRun-AEC

- W32/AutoRun-AEC at Sophos

...

Troj/PDFJs-AH

- Troj/PDFJs-AH at Sophos

...

Troj/PDFJs-AM

- Troj/PDFJs-AM at Sophos

...

W32/Autorun-ACO

- W32/Autorun-ACO at Sophos

...

Mal/Clicker-A

- Mal/Clicker-A at Sophos

...

Troj/FakeAle-NA

- Troj/FakeAle-NA at Sophos

...

Troj/FakeAV-SS

- Troj/FakeAV-SS at Sophos

...

Troj/Feedel-F

- Troj/Feedel-F at Sophos

...

Troj/Banker-ESR

- Troj/Banker-ESR at Sophos

...

Troj/Banker-ESS

- Troj/Banker-ESS at Sophos

...

Troj/Banker-EST

- Troj/Banker-EST at Sophos

...

Troj/Banker-ESU

- Troj/Banker-ESU at Sophos

...

Troj/Bckdr-QVD

- Troj/Bckdr-QVD at Sophos

...

Troj/FakeAV-SU

- Troj/FakeAV-SU at Sophos

...

Troj/Dldr-AG

- Troj/Dldr-AG at Sophos

...

W32/Autorun-AEE

- W32/Autorun-AEE at Sophos

...

Troj/Agent-JNJ

- Troj/Agent-JNJ at Sophos

...

Troj/Dldr-AF

- Troj/Dldr-AF at Sophos

...

0 writebacks [06/07/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090605

W32.Mibling

- W32.Mibling at Norton Symantec

W32.Mibling is a worm that spreads through instant messaging clients and opens a back door on the compromised
computer....

Mal/RootKit-M

- Mal/RootKit-M at Sophos

...

Mal/ShlBack-A

- Mal/ShlBack-A at Sophos

...

Mal/Vanti-A

- Mal/Vanti-A at Sophos

...

Mal/Zombam-A

- Mal/Zombam-A at Sophos

...

Troj/Agent-JGS

- Troj/Agent-JGS at Sophos

...

Troj/Agent-JGX

- Troj/Agent-JGX at Sophos

...

Troj/Agent-JJR

- Troj/Agent-JJR at Sophos

...

Troj/Banker-ESC

- Troj/Banker-ESC at Sophos

...

Troj/Agent-JKU

W32/AutoRun-AEC

- W32/AutoRun-AEC at Sophos

...

Troj/PDFJs-AH

- Troj/PDFJs-AH at Sophos

...

Troj/PDFJs-AM

- Troj/PDFJs-AM at Sophos

...

W32/Autorun-ACO

- W32/Autorun-ACO at Sophos

...

Mal/Clicker-A

- Mal/Clicker-A at Sophos

...

Troj/FakeAle-NA

- Troj/FakeAle-NA at Sophos

...

Troj/FakeAV-SS

- Troj/FakeAV-SS at Sophos

...

Troj/Feedel-F

- Troj/Feedel-F at Sophos

...

0 writebacks [06/06/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090604

Boot.Chan

- Boot.Chan at Norton Symantec

Boot.Chan is a generic detection for a Master Boot Record that has been altered by a malicious program.
...

USBcillin

- USBcillin at Norton Symantec

BehaviorUSBcillin is a potentially unwanted application that makes changes to the Windows Registry.
...

TROJ_BRANVINE.D

- TROJ_BRANVINE.D at Trend Micro

This Trojan arrives as attachment to email messages spammed by another malware or a malicious user.It may be
downloaded unknowingly by a user when visiting malicious Web sites.It connects to a possibly malicious URL. It
saves the downloaded files using certain file names. It then executes the downloaded files. As a result,
malicious ...

TROJ_FAKEAV.BIM

- TROJ_FAKEAV.BIM at Trend Micro

This Trojan may be downloaded from certain remote sites.It also downloads a file from a certain URL and
renames it when stored in the affected system. It saves the downloaded files as TROJ_YEKTEL.AA. It then
executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the
affected system.It ...

Sinowal.WHZ

- Sinowal.WHZ at Panda

It is designed to steal user's confidential information, such as passwords related to different web services
or banking entities. It reaches the computer attached to an email message that passes itself off as a
notification sent by the UPS company.
...

Mal/Joleee-B

- Mal/Joleee-B at Sophos

...

Mal/Pukish-B

- Mal/Pukish-B at Sophos

...

Troj/Agent-JDA

- Troj/Agent-JDA at Sophos

...

Troj/Agent-JDO

- Troj/Agent-JDO at Sophos

...

Troj/Agent-JEG

- Troj/Agent-JEG at Sophos

...

Troj/Agent-KCI

- Troj/Agent-KCI at Sophos

...

Troj/Agent-KCY

- Troj/Agent-KCY at Sophos

...

Troj/Bckdr-QTU

- Troj/Bckdr-QTU at Sophos

...

Troj/Bckdr-QVC

- Troj/Bckdr-QVC at Sophos

...

Troj/DwnLdr-HSI

- Troj/DwnLdr-HSI at Sophos

...

W32.Mibling

- W32.Mibling at Norton Symantec

W32.Mibling is a worm that spreads through instant messaging clients and opens a back door on the compromised
computer....

Mal/RootKit-M

- Mal/RootKit-M at Sophos

...

Mal/ShlBack-A

- Mal/ShlBack-A at Sophos

...

Mal/Vanti-A

- Mal/Vanti-A at Sophos

...

Mal/Zombam-A

- Mal/Zombam-A at Sophos

...

Troj/Agent-JGS

- Troj/Agent-JGS at Sophos

...

Troj/Agent-JGX

- Troj/Agent-JGX at Sophos

...

Troj/Agent-JJR

- Troj/Agent-JJR at Sophos

...

Troj/Banker-ESC

- Troj/Banker-ESC at Sophos

...

0 writebacks [06/05/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090603

W32.Sfcpatched!inf

- W32.Sfcpatched!inf at Norton Symantec

W32.Sfcpatched!inf is a generic detection for copies of %System%sfc.dll that have been modified by a threat.
...

Mal/Dial-Z

- Mal/Dial-Z at Sophos

...

Mal/EncPk-IL

- Mal/EncPk-IL at Sophos

...

Mal/EncPk-IM

- Mal/EncPk-IM at Sophos

...

Mal/EncPk-IN

- Mal/EncPk-IN at Sophos

...

Mal/IRCBot-K

- Mal/IRCBot-K at Sophos

...

Mal/MassMail-A

- Mal/MassMail-A at Sophos

...

Mal/PrnDial-E

- Mal/PrnDial-E at Sophos

...

Mal/Xorer-B

- Mal/Xorer-B at Sophos

...

Troj/Agent-KCL

- Troj/Agent-KCL at Sophos

...

Troj/Agent-KCN

- Troj/Agent-KCN at Sophos

...

Boot.Chan

- Boot.Chan at Norton Symantec

Boot.Chan is a generic detection for a Master Boot Record that has been altered by a malicious program.
...

USBcillin

- USBcillin at Norton Symantec

BehaviorUSBcillin is a potentially unwanted application that makes changes to the Windows Registry.
...

TROJ_BRANVINE.D

TROJ_FAKEAV.BIM

Sinowal.WHZ

Mal/Joleee-B

- Mal/Joleee-B at Sophos

...

Mal/Pukish-B

- Mal/Pukish-B at Sophos

...

Troj/Agent-JDA

- Troj/Agent-JDA at Sophos

...

Troj/Agent-JDO

- Troj/Agent-JDO at Sophos

...

Troj/Agent-JEG

- Troj/Agent-JEG at Sophos

...

Troj/Agent-KCI

- Troj/Agent-KCI at Sophos

...

Troj/Agent-KCY

- Troj/Agent-KCY at Sophos

...

Troj/Bckdr-QTU

- Troj/Bckdr-QTU at Sophos

...

Troj/Bckdr-QVC

- Troj/Bckdr-QVC at Sophos

...

Troj/DwnLdr-HSI

- Troj/DwnLdr-HSI at Sophos

...

0 writebacks [06/04/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090602

W32.Neeris.C

- W32.Neeris.C at Norton Symantec

W32.Neeris.C is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote
Code Execution Vulnerability (BID 31874) and through removable drives. It also opens a back door on the
compromised computer.
...

Unvirex

- Unvirex at Norton Symantec

BehaviorUnvirex is a misleading application that may give exaggerated reports of threats on the computer.
...

Trojan.Hanambot

- Trojan.Hanambot at Norton Symantec

Trojan.Hanambot is a Trojan horse that steals financial information and opens a back door on the compromised
computer....

AntivirusDoktor

- AntivirusDoktor at Panda

It is an adware program in German which deceives users and warns them of unexisting threats in their computers.
In order to eliminate them, they are enticed to purchase a certain program.
...

Mal/Cinmus-A

- Mal/Cinmus-A at Sophos

...

Mal/DelpDldr-K

- Mal/DelpDldr-K at Sophos

...

Mal/Dorf-T

- Mal/Dorf-T at Sophos

...

Mal/DwnLdr-A

- Mal/DwnLdr-A at Sophos

...

Mal/KME-A

- Mal/KME-A at Sophos

...

Mal/PrnDial-D

- Mal/PrnDial-D at Sophos

...

Troj/Agent-KBS

- Troj/Agent-KBS at Sophos

...

Troj/FakeAv-SG

- Troj/FakeAv-SG at Sophos

...

Troj/IfrRef-Gen

- Troj/IfrRef-Gen at Sophos

...

Troj/PWS-BBA

- Troj/PWS-BBA at Sophos

...

W32.Sfcpatched!inf

- W32.Sfcpatched!inf at Norton Symantec

W32.Sfcpatched!inf is a generic detection for copies of %System%sfc.dll that have been modified by a threat.
...

Mal/Dial-Z

- Mal/Dial-Z at Sophos

...

Mal/EncPk-IL

- Mal/EncPk-IL at Sophos

...

Mal/EncPk-IM

- Mal/EncPk-IM at Sophos

...

Mal/EncPk-IN

- Mal/EncPk-IN at Sophos

...

Mal/IRCBot-K

- Mal/IRCBot-K at Sophos

...

Mal/MassMail-A

- Mal/MassMail-A at Sophos

...

Mal/PrnDial-E

- Mal/PrnDial-E at Sophos

...

Mal/Xorer-B

- Mal/Xorer-B at Sophos

...

Troj/Agent-KCL

- Troj/Agent-KCL at Sophos

...

Troj/Agent-KCN

- Troj/Agent-KCN at Sophos

...

0 writebacks [06/03/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090601

Packed.Generic.228

- Packed.Generic.228 at Norton Symantec

Packed.Generic.228 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

AntivirusDoktor2009

- AntivirusDoktor2009 at Norton Symantec

BehaviorAntivirusDoktor2009 is a misleading application that may give exaggerated reports of threats on the
computer....

Bloodhound.Exploit.240

- Bloodhound.Exploit.240 at Norton Symantec

Bloodhound.Exploit.240 is a heuristic detection for files attempting to exploit the Microsoft PowerPoint Notes
Container Heap Memory Corruption Remote Code Execution Vulnerability (BID 34840).
...

Bloodhound.Exploit.239

- Bloodhound.Exploit.239 at Norton Symantec

Bloodhound.Exploit.239 is a heuristic detection for files attempting to exploit the Microsoft PowerPoint
Invalid Record Type Remote Code Execution Vulnerability (BID 34879).
...

TROJ_DLOAD.TID

- TROJ_DLOAD.TID at Trend Micro

This Trojan may be downloaded from a remote site(s). It may be downloaded unknowingly by a user when visiting
malicious Web site(s).It accesses Web sites to download TROJ_COGNAC.J. It saves the downloaded Trojan in the
current user's Temporary folder.It then executes the downloaded file(s). As a result, malicious routines of
the down...

Mal/Behav-338

- Mal/Behav-338 at Sophos

...

Mal/DelpDldr-J

- Mal/DelpDldr-J at Sophos

...

Mal/DelpDrp-A

- Mal/DelpDrp-A at Sophos

...

Mal/Dloadr-L

- Mal/Dloadr-L at Sophos

...

Mal/FakeDam-A

- Mal/FakeDam-A at Sophos

...

Mal/Rootkit-L

- Mal/Rootkit-L at Sophos

...

Troj/Agent-KBI

- Troj/Agent-KBI at Sophos

...

Troj/Agent-KBJ

- Troj/Agent-KBJ at Sophos

...

Troj/Agent-KBK

- Troj/Agent-KBK at Sophos

...

Troj/Agent-KBL

- Troj/Agent-KBL at Sophos

...

W32.Neeris.C

Unvirex

- Unvirex at Norton Symantec

BehaviorUnvirex is a misleading application that may give exaggerated reports of threats on the computer.
...

Trojan.Hanambot

- Trojan.Hanambot at Norton Symantec

Trojan.Hanambot is a Trojan horse that steals financial information and opens a back door on the compromised
computer....

AntivirusDoktor

Mal/Cinmus-A

- Mal/Cinmus-A at Sophos

...

Mal/DelpDldr-K

- Mal/DelpDldr-K at Sophos

...

Mal/Dorf-T

- Mal/Dorf-T at Sophos

...

Mal/DwnLdr-A

- Mal/DwnLdr-A at Sophos

...

Mal/KME-A

- Mal/KME-A at Sophos

...

Mal/PrnDial-D

- Mal/PrnDial-D at Sophos

...

Troj/Agent-KBS

- Troj/Agent-KBS at Sophos

...

Troj/FakeAv-SG

- Troj/FakeAv-SG at Sophos

...

Troj/IfrRef-Gen

- Troj/IfrRef-Gen at Sophos

...

Troj/PWS-BBA

- Troj/PWS-BBA at Sophos

...

0 writebacks [06/02/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090531

Troj/Agent-KAW

- Troj/Agent-KAW at Sophos

...

Troj/Agent-KAX

- Troj/Agent-KAX at Sophos

...

Troj/Dloadr-CNH

- Troj/Dloadr-CNH at Sophos

...

Mal/FakeAV-AX

- Mal/FakeAV-AX at Sophos

...

Troj/Bancos-BFR

- Troj/Bancos-BFR at Sophos

Troj/Bancos-BFR is a Trojan for the Windows platform. Troj/Bancos-BFR
includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Bancos copies itself to <Windows>\ballon.exe.
...

Troj/Dloadr-CNG

- Troj/Dloadr-CNG at Sophos

Troj/Dloadr-CNG is a Trojan for the Windows platform. When Troj/Dloadr-CNG
is installed the following files are created: <System>\drivers\iofilter.sys
<System>\version.dll <System>\inf\layout.inf where
version32.d...

Troj/Lineag-CK

- Troj/Lineag-CK at Sophos

Troj/Lineag-CK is a Trojan for the Windows platform. When Troj/Lineag-CK is
installed the following files are created: <Current Folder>\35097del.bat
<System>\ro.dll The file ro.dll is also detected as Troj/Lineag-CK.
...

Troj/Nebule-Gen

- Troj/Nebule-Gen at Sophos

Troj/Nebule-Gen is a family of Trojans for the Windows platform.Members of Troj/Nebule-Gen may gather details
relating to dialup services and send collected information to a remote site via HTTP. The Trojans may inject
code into other processes in an attempt to remain hidden.
...

Troj/SwfDldr-H

- Troj/SwfDldr-H at Sophos

...

W32/AutoRun-AIR

- W32/AutoRun-AIR at Sophos

W32/AutoRun-AIR is a worm for the Windows platform. W32/AutoRun-AIR
includes functionality to access the internet and communicate with a remote server via HTTP.
When W32/AutoRun-AIR is installed the following files are created: <User>\My
Documents\...

Packed.Generic.228

- Packed.Generic.228 at Norton Symantec

Packed.Generic.228 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

AntivirusDoktor2009

- AntivirusDoktor2009 at Norton Symantec

BehaviorAntivirusDoktor2009 is a misleading application that may give exaggerated reports of threats on the
computer....