MWBLOG.ORG

Virus Malware and Threat News for 20090830

Troj/Agent-KZN

- Troj/Agent-KZN at Sophos

...

Troj/Inject-JB

- Troj/Inject-JB at Sophos

...

Troj/PWS-BDL

- Troj/PWS-BDL at Sophos

...

Troj/Inject-HX

- Troj/Inject-HX at Sophos

...

Troj/Punad-F

- Troj/Punad-F at Sophos

...

W32/Tufik-Fam

- W32/Tufik-Fam at Sophos

W32/Tufik-Fam is family of a appending viruses for the Windows platform.Members of W32/Tufik-Fam infect EXE
files and can spread to drives F: to Z:.Members of W32/Tufik-Fam typically make contact with a preconfigured
internet site to report successful infection.
...

Troj/Agent-KZM

- Troj/Agent-KZM at Sophos

...

Troj/Bifrose-YK

- Troj/Bifrose-YK at Sophos

...

Troj/Bifrose-YL

- Troj/Bifrose-YL at Sophos

...

Troj/Bifrose-YM

- Troj/Bifrose-YM at Sophos

...

TotalSecurity

- TotalSecurity at Norton Symantec

BehaviorTotalSecurity is a misleading application that may give exaggerated reports of threats on the computer.
...

Troj/Dropr-BX

- Troj/Dropr-BX at Sophos

...

Troj/PWS-BDR

- Troj/PWS-BDR at Sophos

...

Mal/Dbot-C

- Mal/Dbot-C at Sophos

...

Troj/Agent-KZP

- Troj/Agent-KZP at Sophos

...

Troj/Banker-ETY

- Troj/Banker-ETY at Sophos

...

Troj/FakeAV-ZD

- Troj/FakeAV-ZD at Sophos

...

Troj/Agent-KZO

- Troj/Agent-KZO at Sophos

...

Troj/Inject-JC

- Troj/Inject-JC at Sophos

...

Troj/Inject-JD

- Troj/Inject-JD at Sophos

...

Troj/Inject-JF

- Troj/Inject-JF at Sophos

...

0 writebacks [08/31/2009 06:33] [] permanent link

Virus Malware and Threat News for 20090829

TROJ_SPAYKE.C

- TROJ_SPAYKE.C at Trend Micro

This Trojan is an open-source application that can be downloaded from a certain website.It is capable of
intercepting Skype traffic by patching a call in certain APIs.This Trojan is intended as a proof-of-concept
(POC) program but its code, which is now freely available, can be modified so that the information obtained
from the Skyp...

Mal/Dloadr-P

- Mal/Dloadr-P at Sophos

...

Mal/IRCbot-M

- Mal/IRCbot-M at Sophos

...

Mal/PCClient-Q

- Mal/PCClient-Q at Sophos

...

Mal/Prospy-A

- Mal/Prospy-A at Sophos

...

Troj/Mdrop-CFB

- Troj/Mdrop-CFB at Sophos

...

Troj/Pav-Gen

- Troj/Pav-Gen at Sophos

Troj/Pav-Gen is a fake anti-virus program.
...

Troj/PHPBot-A

- Troj/PHPBot-A at Sophos

Troj/PHPBot-A is a PHP based backdoor Trojan.
...

Troj/Ringhome-A

- Troj/Ringhome-A at Sophos

Troj/Ringhome-A is a malicious Perl script that is found on compromised Linux computers.
...

Troj/Worsyn-A

- Troj/Worsyn-A at Sophos

Troj/Worsyn-A is a Perl based backdoor Trojan.
...

Troj/Agent-KZI

- Troj/Agent-KZI at Sophos

...

Troj/Agent-KZN

- Troj/Agent-KZN at Sophos

...

Troj/Inject-JB

- Troj/Inject-JB at Sophos

...

Troj/PWS-BDL

- Troj/PWS-BDL at Sophos

...

Troj/Inject-HX

- Troj/Inject-HX at Sophos

...

Troj/Punad-F

- Troj/Punad-F at Sophos

...

W32/Tufik-Fam

Troj/Agent-KZM

- Troj/Agent-KZM at Sophos

...

Troj/Bifrose-YK

- Troj/Bifrose-YK at Sophos

...

Troj/Bifrose-YL

- Troj/Bifrose-YL at Sophos

...

Troj/Bifrose-YM

- Troj/Bifrose-YM at Sophos

...

0 writebacks [08/30/2009 07:38] [] permanent link

Virus Malware and Threat News for 20090828

W32.Nitomeivo

- W32.Nitomeivo at Norton Symantec

W32.Nitomeivo is a virus that infects executable files and may overwrite files on the compromised computer.
...

Troj/Dwnldr-HVY

- Troj/Dwnldr-HVY at Sophos

...

Troj/SdBot-DOV

- Troj/SdBot-DOV at Sophos

...

Troj/SdBot-DOY

- Troj/SdBot-DOY at Sophos

...

W32/AutoIt-GD

- W32/AutoIt-GD at Sophos

...

W32/Autorun-AQD

- W32/Autorun-AQD at Sophos

...

Troj/Agent-KZB

- Troj/Agent-KZB at Sophos

...

Troj/ExpJS-D

- Troj/ExpJS-D at Sophos

...

Troj/FakeAv-YW

- Troj/FakeAv-YW at Sophos

...

Troj/Inject-IW

- Troj/Inject-IW at Sophos

...

Troj/Lineag-GM

- Troj/Lineag-GM at Sophos

...

TROJ_SPAYKE.C

Mal/Dloadr-P

- Mal/Dloadr-P at Sophos

...

Mal/IRCbot-M

- Mal/IRCbot-M at Sophos

...

Mal/PCClient-Q

- Mal/PCClient-Q at Sophos

...

Mal/Prospy-A

- Mal/Prospy-A at Sophos

...

Troj/Mdrop-CFB

- Troj/Mdrop-CFB at Sophos

...

Troj/Pav-Gen

- Troj/Pav-Gen at Sophos

Troj/Pav-Gen is a fake anti-virus program.
...

Troj/PHPBot-A

- Troj/PHPBot-A at Sophos

Troj/PHPBot-A is a PHP based backdoor Trojan.
...

Troj/Ringhome-A

- Troj/Ringhome-A at Sophos

Troj/Ringhome-A is a malicious Perl script that is found on compromised Linux computers.
...

Troj/Worsyn-A

- Troj/Worsyn-A at Sophos

Troj/Worsyn-A is a Perl based backdoor Trojan.
...

Troj/Agent-KZI

- Troj/Agent-KZI at Sophos

...

0 writebacks [08/29/2009 00:48] [] permanent link

Virus Malware and Threat News for 20090826

Bloodhound.Exploit.243

- Bloodhound.Exploit.243 at Norton Symantec

Bloodhound.Exploit.243 is a heuristic detection for files attempting to exploit the Autonomy KeyView Module
Excel Document Processing Buffer Overflow Vulnerability (BID 36042).
...

Mal/Banker-K

- Mal/Banker-K at Sophos

...

Mal/Behav-345

- Mal/Behav-345 at Sophos

...

Mal/DelfInj-B

- Mal/DelfInj-B at Sophos

...

Mal/Poem-B

- Mal/Poem-B at Sophos

...

Mal/VB-AT

- Mal/VB-AT at Sophos

...

Troj/ExpPPT-G

- Troj/ExpPPT-G at Sophos

...

Troj/FakeAV-YQ

- Troj/FakeAV-YQ at Sophos

...

Troj/PDrop-A

- Troj/PDrop-A at Sophos

Troj/PDrop-A is a dropper for the windows platform. When run the Trojan
will attempt to drop a randomly named component from the <Temp> folder and execute it.
...

Troj/Rootkit-GT

- Troj/Rootkit-GT at Sophos

...

VBS/Joint-A

- VBS/Joint-A at Sophos

VBS/Joint-A is a Visual Basic Script worm. VBS/Joint-A copies itself to
fixed and remote drives.
...

W32.Nitomeivo

- W32.Nitomeivo at Norton Symantec

W32.Nitomeivo is a virus that infects executable files and may overwrite files on the compromised computer.
...

Troj/Dwnldr-HVY

- Troj/Dwnldr-HVY at Sophos

...

Troj/SdBot-DOV

- Troj/SdBot-DOV at Sophos

...

Troj/SdBot-DOY

- Troj/SdBot-DOY at Sophos

...

W32/AutoIt-GD

- W32/AutoIt-GD at Sophos

...

W32/Autorun-AQD

- W32/Autorun-AQD at Sophos

...

Troj/Agent-KZB

- Troj/Agent-KZB at Sophos

...

Troj/ExpJS-D

- Troj/ExpJS-D at Sophos

...

Troj/FakeAv-YW

- Troj/FakeAv-YW at Sophos

...

Troj/Inject-IW

- Troj/Inject-IW at Sophos

...

Troj/Lineag-GM

- Troj/Lineag-GM at Sophos

...

0 writebacks [08/27/2009 23:10] [] permanent link

Virus Malware and Threat News for 20090825

Trojan:W32/Daonol.gen!C

- Trojan:W32/Daonol.gen!C at F-Secure

...

Bloodhound.Exploit.269

- Bloodhound.Exploit.269 at Norton Symantec

Bloodhound.Exploit.269 is a heuristic detection for files attempting to exploit the Microsoft Visual Studio
ATL 'VariantClear()' Remote Code Execution Vulnerability (BID 35832).
...

Mal/Behav-337

- Mal/Behav-337 at Sophos

...

Mal/Behav-343

- Mal/Behav-343 at Sophos

...

Mal/Behav-344

- Mal/Behav-344 at Sophos

...

Mal/EncPk-JX

- Mal/EncPk-JX at Sophos

...

Mal/Mdrop-M

- Mal/Mdrop-M at Sophos

...

Mal/OnlineG-D

- Mal/OnlineG-D at Sophos

...

Troj/Agent-KWC

- Troj/Agent-KWC at Sophos

...

Troj/Agent-KYG

- Troj/Agent-KYG at Sophos

...

Bloodhound.Exploit.243

Mal/Banker-K

- Mal/Banker-K at Sophos

...

Mal/Behav-345

- Mal/Behav-345 at Sophos

...

Mal/DelfInj-B

- Mal/DelfInj-B at Sophos

...

Mal/Poem-B

- Mal/Poem-B at Sophos

...

Mal/VB-AT

- Mal/VB-AT at Sophos

...

Troj/ExpPPT-G

- Troj/ExpPPT-G at Sophos

...

Troj/FakeAV-YQ

- Troj/FakeAV-YQ at Sophos

...

Troj/PDrop-A

- Troj/PDrop-A at Sophos

Troj/PDrop-A is a dropper for the windows platform. When run the Trojan
will attempt to drop a randomly named component from the <Temp> folder and execute it.
...

Troj/Rootkit-GT

- Troj/Rootkit-GT at Sophos

...

VBS/Joint-A

- VBS/Joint-A at Sophos

VBS/Joint-A is a Visual Basic Script worm. VBS/Joint-A copies itself to
fixed and remote drives.
...

0 writebacks [08/26/2009 22:27] [] permanent link

Virus Malware and Threat News for 20090824

Worm:W32/Autorun

- Worm:W32/Autorun at F-Secure

...

Packed.Generic.248

- Packed.Generic.248 at Norton Symantec

Packed.Generic.248 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

VBS.Runauto.G

- VBS.Runauto.G at Norton Symantec

VBS.Runauto.G is a worm that spreads through removable drives and network shares. The worm also opens a back
door on the compromised computer.
...

JS.Frienren

- JS.Frienren at Norton Symantec

JS.Frienren is a worm that spreads through the Renren social networking Web site.
...

Packed.Generic.245

- Packed.Generic.245 at Norton Symantec

Packed.Generic.245 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.244

- Packed.Generic.244 at Norton Symantec

Packed.Generic.244 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Mal/EncPk-JW

- Mal/EncPk-JW at Sophos

...

Mal/TinyDL-Z

- Mal/TinyDL-Z at Sophos

...

Troj/BHO-NN

- Troj/BHO-NN at Sophos

...

Troj/FakeAV-YJ

- Troj/FakeAV-YJ at Sophos

...

Troj/Poison-BC

- Troj/Poison-BC at Sophos

...

Troj/StartP-CD

- Troj/StartP-CD at Sophos

...

Troj/TDSS-AO

- Troj/TDSS-AO at Sophos

...

W32/Nanpy-P

- W32/Nanpy-P at Sophos

W32/Nanpy-P is a worm for the Windows platform. When run, W32/Nanpy-P
copies itself to the system folder as mmsvc32.exe. <System>\mmsvc32.exe
The worm adds the following Registry entry to run at startup:
HKLM\SOFTWARE\Microso...

Mal/Dloadr-N

- Mal/Dloadr-N at Sophos

Mal/Dloadr-N is a family of Trojans for the Windows platform. When run,
members of Mal/Dloadr-N attempt to connect to a remote web server in order to download and execute further
malicious content....

Troj/Agent-KXJ

- Troj/Agent-KXJ at Sophos

...

Trojan:W32/Daonol.gen!C

- Trojan:W32/Daonol.gen!C at F-Secure

...

Bloodhound.Exploit.269

Mal/Behav-337

- Mal/Behav-337 at Sophos

...

Mal/Behav-343

- Mal/Behav-343 at Sophos

...

Mal/Behav-344

- Mal/Behav-344 at Sophos

...

Mal/EncPk-JX

- Mal/EncPk-JX at Sophos

...

Mal/Mdrop-M

- Mal/Mdrop-M at Sophos

...

Mal/OnlineG-D

- Mal/OnlineG-D at Sophos

...

Troj/Agent-KWC

- Troj/Agent-KWC at Sophos

...

Troj/Agent-KYG

- Troj/Agent-KYG at Sophos

...

0 writebacks [08/25/2009 21:50] [] permanent link

Virus Malware and Threat News for 20090823

Troj/Fakevir-OH

- Troj/Fakevir-OH at Sophos

...

Troj/Agent-KXO

- Troj/Agent-KXO at Sophos

...

Troj/VB-EGN

- Troj/VB-EGN at Sophos

...

Troj/Agent-KVF

- Troj/Agent-KVF at Sophos

...

Troj/Alure-C

- Troj/Alure-C at Sophos

...

Troj/DwnLdr-HVT

- Troj/DwnLdr-HVT at Sophos

...

Troj/Zapchas-EM

- Troj/Zapchas-EM at Sophos

...

Worm:W32/Autorun

- Worm:W32/Autorun at F-Secure

...

Packed.Generic.248

- Packed.Generic.248 at Norton Symantec

Packed.Generic.248 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

VBS.Runauto.G

- VBS.Runauto.G at Norton Symantec

VBS.Runauto.G is a worm that spreads through removable drives and network shares. The worm also opens a back
door on the compromised computer.
...

JS.Frienren

- JS.Frienren at Norton Symantec

JS.Frienren is a worm that spreads through the Renren social networking Web site.
...

Packed.Generic.245

- Packed.Generic.245 at Norton Symantec

Packed.Generic.245 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Packed.Generic.244

- Packed.Generic.244 at Norton Symantec

Packed.Generic.244 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Mal/EncPk-JW

- Mal/EncPk-JW at Sophos

...

Mal/TinyDL-Z

- Mal/TinyDL-Z at Sophos

...

Troj/BHO-NN

- Troj/BHO-NN at Sophos

...

Troj/FakeAV-YJ

- Troj/FakeAV-YJ at Sophos

...

Troj/Poison-BC

- Troj/Poison-BC at Sophos

...

Troj/StartP-CD

- Troj/StartP-CD at Sophos

...

Troj/TDSS-AO

- Troj/TDSS-AO at Sophos

...

W32/Nanpy-P

Mal/Dloadr-N

Troj/Agent-KXJ

- Troj/Agent-KXJ at Sophos

...

0 writebacks [08/24/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090822

Packed.Generic.247

- Packed.Generic.247 at Norton Symantec

Packed.Generic.247 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Troj/Backdr-AP

- Troj/Backdr-AP at Sophos

...

Troj/FakeAV-YG

- Troj/FakeAV-YG at Sophos

...

Troj/FakeAV-YH

- Troj/FakeAV-YH at Sophos

...

Troj/Agent-KXN

- Troj/Agent-KXN at Sophos

...

Troj/DwnLdr-HVR

- Troj/DwnLdr-HVR at Sophos

Troj/DwnLdr-HVR tries to download and install other malware. When run,
Troj/DwnLdr-HVR displays message "Seu email ja foi Recadastrado!", and drops self component (name like "a47384.
dll" - random) into system folder and runs it.
...

Troj/DwnLdr-HVS

- Troj/DwnLdr-HVS at Sophos

Troj/DwnLdr-HVS is a Trojan for the Windows platform. In order to run
automatically when Windows starts up Troj/DwnLdr-HVS copies itself to the file "Wsetup_wm.exe" in
the Program Files folder and creates the following registry entry:
HKLM\SOFTWARE\Micros...

Troj/Vwealr-Gen

- Troj/Vwealr-Gen at Sophos

...

Mal/FakeAv-BB

- Mal/FakeAv-BB at Sophos

...

Troj/BHO-NM

- Troj/BHO-NM at Sophos

...

Troj/Bifros-B

- Troj/Bifros-B at Sophos

...

Troj/Fakevir-OH

- Troj/Fakevir-OH at Sophos

...

Troj/Agent-KXO

- Troj/Agent-KXO at Sophos

...

Troj/VB-EGN

- Troj/VB-EGN at Sophos

...

Troj/Agent-KVF

- Troj/Agent-KVF at Sophos

...

Troj/Alure-C

- Troj/Alure-C at Sophos

...

Troj/DwnLdr-HVT

- Troj/DwnLdr-HVT at Sophos

...

Troj/Zapchas-EM

- Troj/Zapchas-EM at Sophos

...

0 writebacks [08/23/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090821

Trojan.Fakeavalert!Gen

- Trojan.Fakeavalert!Gen at Norton Symantec

Trojan.Fakeavalert!Gen is a generic detection for the Trojan.Fakeavalert family of Trojans.
...

W32.Induc.A!dr

- W32.Induc.A!dr at Norton Symantec

W32.Induc.A!dr is a detection for programs that install Delphi-compiled applications infected with W32.Induc.A.
...

PE_INDUC.A

- PE_INDUC.A at Trend Micro

This file infector may arrive in a system as a compromised file compiled using an infected Borland Delphi
Compiler.Upon execution, it checks the Delphi Installation on the system by checking the existence of a
certain registry key. It also gets information on the location of the Delphi installation folder from the said
registry key. ...

TROJ_DLOADR.ZZD

- TROJ_DLOADR.ZZD at Trend Micro

This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting
malicious Web site(s).It accesses a certain website to download an RSS feed. It saves the downloaded file in
the current user's Temporary folder using a certain file name. However, the said site is currently
inaccessible. The downloa...

Mal/Busky-A

- Mal/Busky-A at Sophos

...

Mal/Pigeo-C

- Mal/Pigeo-C at Sophos

...

Troj/Agent-KWX

- Troj/Agent-KWX at Sophos

...

Troj/Agent-KXK

- Troj/Agent-KXK at Sophos

...

Troj/Agent-KXM

- Troj/Agent-KXM at Sophos

...

Troj/Crot-B

- Troj/Crot-B at Sophos

...

Troj/FakeAV-YE

- Troj/FakeAV-YE at Sophos

...

Troj/Inject-IU

- Troj/Inject-IU at Sophos

...

Troj/Redosdru-A

- Troj/Redosdru-A at Sophos

...

Packed.Generic.247

- Packed.Generic.247 at Norton Symantec

Packed.Generic.247 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Troj/Backdr-AP

- Troj/Backdr-AP at Sophos

...

Troj/FakeAV-YG

- Troj/FakeAV-YG at Sophos

...

Troj/FakeAV-YH

- Troj/FakeAV-YH at Sophos

...

Troj/Agent-KXN

- Troj/Agent-KXN at Sophos

...

Troj/DwnLdr-HVR

Troj/DwnLdr-HVS

Troj/Vwealr-Gen

- Troj/Vwealr-Gen at Sophos

...

Mal/FakeAv-BB

- Mal/FakeAv-BB at Sophos

...

Troj/BHO-NM

- Troj/BHO-NM at Sophos

...

Troj/Bifros-B

- Troj/Bifros-B at Sophos

...

0 writebacks [08/22/2009 21:51] [] permanent link

Virus Malware and Threat News for 20090820

Mal/Banload-J

- Mal/Banload-J at Sophos

...

Troj/Agent-KUW

- Troj/Agent-KUW at Sophos

...

Troj/Bancos-BGC

- Troj/Bancos-BGC at Sophos

...

Troj/Bckdr-QXT

- Troj/Bckdr-QXT at Sophos

...

Troj/Dloadr-CSO

- Troj/Dloadr-CSO at Sophos

...

Troj/VB-EGL

- Troj/VB-EGL at Sophos

...

W32/Autorun-API

- W32/Autorun-API at Sophos

...

W32/Induc-Dam

- W32/Induc-Dam at Sophos

W32/Induc-Dam are corrupt copies of W32/Induc-A.
...

W32/IRCBot-AEZ

- W32/IRCBot-AEZ at Sophos

W32/IRCBot-AEZ is a worm with IRC backdoor functionality for the Windows platform.
W32/IRCBot-AEZ runs continuously in the background, providing a backdoor server which allows a remote
intruder to gain access and control over the computer via IRC channels.
&#...

W32/Kolab-B

- W32/Kolab-B at Sophos

...

Trojan.Fakeavalert!Gen

- Trojan.Fakeavalert!Gen at Norton Symantec

Trojan.Fakeavalert!Gen is a generic detection for the Trojan.Fakeavalert family of Trojans.
...

W32.Induc.A!dr

- W32.Induc.A!dr at Norton Symantec

W32.Induc.A!dr is a detection for programs that install Delphi-compiled applications infected with W32.Induc.A.
...

PE_INDUC.A

TROJ_DLOADR.ZZD

Mal/Busky-A

- Mal/Busky-A at Sophos

...

Mal/Pigeo-C

- Mal/Pigeo-C at Sophos

...

Troj/Agent-KWX

- Troj/Agent-KWX at Sophos

...

Troj/Agent-KXK

- Troj/Agent-KXK at Sophos

...

Troj/Agent-KXM

- Troj/Agent-KXM at Sophos

...

Troj/Crot-B

- Troj/Crot-B at Sophos

...

Troj/FakeAV-YE

- Troj/FakeAV-YE at Sophos

...

Troj/Inject-IU

- Troj/Inject-IU at Sophos

...

Troj/Redosdru-A

- Troj/Redosdru-A at Sophos

...

0 writebacks [08/21/2009 21:45] [] permanent link

Virus Malware and Threat News for 20090819

W32.Induc.A!dcu

- W32.Induc.A!dcu at Norton Symantec

W32.Induc.A!dcu is a detection for a malicious Delphi library file that is created by W32.Induc.A.
...

W32.Induc.A!pas

- W32.Induc.A!pas at Norton Symantec

W32.Induc.A!pas is a detection for a malicious Pascal (Delphi) source file, which is temporarily created by
W32.Induc.A....

W32.Induc.A

- W32.Induc.A at Norton Symantec

W32.Induc.A is a virus that adds itself to the Delphi compilation process so that all files compiled with
Delphi will also be infected.
...

Adware.DoubleD

- Adware.DoubleD at Norton Symantec

BehaviorAdware.DoubleD is an adware program that displays out-of-context advertisements.
...

Mal/Poison-C

- Mal/Poison-C at Sophos

...

Mal/VB-AS

- Mal/VB-AS at Sophos

...

Troj/BanBGA-Gen

- Troj/BanBGA-Gen at Sophos

...

Troj/Dialer-GZ

- Troj/Dialer-GZ at Sophos

...

Troj/Dload-GR

- Troj/Dload-GR at Sophos

...

Troj/FakeAv-XU

- Troj/FakeAv-XU at Sophos

...

Troj/FakeAv-XV

- Troj/FakeAv-XV at Sophos

...

Troj/PDFJs-CN

- Troj/PDFJs-CN at Sophos

...

Troj/Rootkit-GP

- Troj/Rootkit-GP at Sophos

...

Troj/Agent-KWR

- Troj/Agent-KWR at Sophos

...

Mal/Banload-J

- Mal/Banload-J at Sophos

...

Troj/Agent-KUW

- Troj/Agent-KUW at Sophos

...

Troj/Bancos-BGC

- Troj/Bancos-BGC at Sophos

...

Troj/Bckdr-QXT

- Troj/Bckdr-QXT at Sophos

...

Troj/Dloadr-CSO

- Troj/Dloadr-CSO at Sophos

...

Troj/VB-EGL

- Troj/VB-EGL at Sophos

...

W32/Autorun-API

- W32/Autorun-API at Sophos

...

W32/Induc-Dam

- W32/Induc-Dam at Sophos

W32/Induc-Dam are corrupt copies of W32/Induc-A.
...

W32/IRCBot-AEZ

W32/Kolab-B

- W32/Kolab-B at Sophos

...

0 writebacks [08/20/2009 21:45] [] permanent link

Virus Malware and Threat News for 20090818

Trojan:W32/Fixer

- Trojan:W32/Fixer at F-Secure

...

RegDefense

- RegDefense at Norton Symantec

BehaviorRegDefense is a misleading application that may give exaggerated reports of errors on the computer.
...

W32.SillyFDC.BCU

- W32.SillyFDC.BCU at Norton Symantec

W32.SillyFDC.BCU is a worm that spreads by copying itself to removable and mapped drives.
...

WindoFix

- WindoFix at Norton Symantec

BehaviorWindoFix is a misleading application that may give exaggerated reports of threats on the computer.
...

Exp/OWCRef-G

- Exp/OWCRef-G at Sophos

Exp/OWCRef-G is an exploit writen in Javascript that attempts to trigger a remote code execution
vulnerability in Office Web Component ActiveX component to download and run a malicious executable file.
See MS09-043 for more details.
...

Mal/Magania-A

- Mal/Magania-A at Sophos

...

Mal/Midgar-A

- Mal/Midgar-A at Sophos

...

Troj/Agent-KWE

- Troj/Agent-KWE at Sophos

...

Troj/Agent-KWF

- Troj/Agent-KWF at Sophos

...

Troj/Buzus-AV

- Troj/Buzus-AV at Sophos

...

Troj/Clomp-J

- Troj/Clomp-J at Sophos

...

Troj/Dloadr-CSF

- Troj/Dloadr-CSF at Sophos

...

Troj/Dloadr-CSH

- Troj/Dloadr-CSH at Sophos

Troj/Dloadr-CSH is a Trojan for the Windows platform. Troj/Dloadr-CSH
includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Dloadr-CSH changes settings for Microsoft Internet Explorer, including search settings, by modifying
values u...

Troj/Dloadr-CSI

- Troj/Dloadr-CSI at Sophos

...

W32.Induc.A!dcu

- W32.Induc.A!dcu at Norton Symantec

W32.Induc.A!dcu is a detection for a malicious Delphi library file that is created by W32.Induc.A.
...

W32.Induc.A!pas

- W32.Induc.A!pas at Norton Symantec

W32.Induc.A!pas is a detection for a malicious Pascal (Delphi) source file, which is temporarily created by
W32.Induc.A....

W32.Induc.A

- W32.Induc.A at Norton Symantec

W32.Induc.A is a virus that adds itself to the Delphi compilation process so that all files compiled with
Delphi will also be infected.
...

Adware.DoubleD

- Adware.DoubleD at Norton Symantec

BehaviorAdware.DoubleD is an adware program that displays out-of-context advertisements.
...

Mal/Poison-C

- Mal/Poison-C at Sophos

...

Mal/VB-AS

- Mal/VB-AS at Sophos

...

Troj/BanBGA-Gen

- Troj/BanBGA-Gen at Sophos

...

Troj/Dialer-GZ

- Troj/Dialer-GZ at Sophos

...

Troj/Dload-GR

- Troj/Dload-GR at Sophos

...

Troj/FakeAv-XU

- Troj/FakeAv-XU at Sophos

...

Troj/FakeAv-XV

- Troj/FakeAv-XV at Sophos

...

Troj/PDFJs-CN

- Troj/PDFJs-CN at Sophos

...

Troj/Rootkit-GP

- Troj/Rootkit-GP at Sophos

...

Troj/Agent-KWR

- Troj/Agent-KWR at Sophos

...

0 writebacks [08/19/2009 21:48] [] permanent link

Virus Malware and Threat News for 20090817

Bloodhound.Exploit.267

- Bloodhound.Exploit.267 at Norton Symantec

Bloodhound.Exploit.267 is a heuristic detection for files attempting to exploit the Microsoft Remote Desktop
Connection ActiveX Control Heap Based Buffer Overflow Vulnerability (BID 35973).
...

Bloodhound.PDF.16

- Bloodhound.PDF.16 at Norton Symantec

Bloodhound.PDF.16 is a generic detection of potentially malicious PDF files, which may exploit a vulnerability
in Adobe Acrobat in order to perform further malicious actions.
...

ACM_UNEXPLODE.C

- ACM_UNEXPLODE.C at Trend Micro

This malicious AutoCad Macro file may be dropped by other malware. It may arrive bundled with malware packages
as a malware component.It drops and executes a certain .REG file. The said file contains default firewall
settings that may allow this malware to reset the system settings and allow its full execution.Once loaded,
this malwa...

Troj/Agent-KVQ

- Troj/Agent-KVQ at Sophos

...

Troj/Agent-KVR

- Troj/Agent-KVR at Sophos

...

Troj/Agent-KVS

- Troj/Agent-KVS at Sophos

...

Troj/Agent-KVT

- Troj/Agent-KVT at Sophos

...

Troj/Backdr-AO

- Troj/Backdr-AO at Sophos

Troj/Backdr-AO is a Trojan for the Windows platform. Troj/Backdr-AO runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When first run Troj/Backdr-AO copies itself
to <...

Troj/Dloadr-CSE

- Troj/Dloadr-CSE at Sophos

...

Troj/FakeAV-XK

- Troj/FakeAV-XK at Sophos

...

Mal/Badsrc-D

- Mal/Badsrc-D at Sophos

Mal/Badsrc-D is a malicious web page, often a compromised page, that loads a script from a
malicious website.
...

Troj/Agent-KVP

- Troj/Agent-KVP at Sophos

...

Troj/Dloadr-CSD

- Troj/Dloadr-CSD at Sophos

Troj/Dloadr-CSD is a Trojan for the Windows platform. When Troj/Dloadr-CSD
is installed the following files are created: <SYSTEM>\afmain0.dll
<WINDOWS>\AhnRpta.exe Troj/Dloadr-CSD creates the Registry entries
under ...

Trojan:W32/Fixer

- Trojan:W32/Fixer at F-Secure

...

RegDefense

- RegDefense at Norton Symantec

BehaviorRegDefense is a misleading application that may give exaggerated reports of errors on the computer.
...

W32.SillyFDC.BCU

- W32.SillyFDC.BCU at Norton Symantec

W32.SillyFDC.BCU is a worm that spreads by copying itself to removable and mapped drives.
...

WindoFix

- WindoFix at Norton Symantec

BehaviorWindoFix is a misleading application that may give exaggerated reports of threats on the computer.
...

Exp/OWCRef-G

Mal/Magania-A

- Mal/Magania-A at Sophos

...

Mal/Midgar-A

- Mal/Midgar-A at Sophos

...

Troj/Agent-KWE

- Troj/Agent-KWE at Sophos

...

Troj/Agent-KWF

- Troj/Agent-KWF at Sophos

...

Troj/Buzus-AV

- Troj/Buzus-AV at Sophos

...

Troj/Clomp-J

- Troj/Clomp-J at Sophos

...

Troj/Dloadr-CSF

- Troj/Dloadr-CSF at Sophos

...

Troj/Dloadr-CSH

Troj/Dloadr-CSI

- Troj/Dloadr-CSI at Sophos

...

0 writebacks [08/18/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090816

Downloader.Sninfs.B

- Downloader.Sninfs.B at Norton Symantec

Downloader.Sninfs.B is a Trojan horse that may download other files onto the compromised computer.
...

Troj/Agent-KVH

- Troj/Agent-KVH at Sophos

...

Troj/Agent-KVI

- Troj/Agent-KVI at Sophos

...

Troj/Agent-KVK

- Troj/Agent-KVK at Sophos

...

Troj/Bckdr-QXP

- Troj/Bckdr-QXP at Sophos

...

Troj/Dropr-BN

- Troj/Dropr-BN at Sophos

...

Troj/DwnLdr-HVJ

- Troj/DwnLdr-HVJ at Sophos

...

Troj/Inject-IO

- Troj/Inject-IO at Sophos

...

Troj/Inject-IP

- Troj/Inject-IP at Sophos

...

Troj/TDSS-AN

- Troj/TDSS-AN at Sophos

...

Troj/Agent-KVJ

- Troj/Agent-KVJ at Sophos

...

Bloodhound.Exploit.267

Bloodhound.PDF.16

ACM_UNEXPLODE.C

Troj/Agent-KVQ

- Troj/Agent-KVQ at Sophos

...

Troj/Agent-KVR

- Troj/Agent-KVR at Sophos

...

Troj/Agent-KVS

- Troj/Agent-KVS at Sophos

...

Troj/Agent-KVT

- Troj/Agent-KVT at Sophos

...

Troj/Backdr-AO

Troj/Dloadr-CSE

- Troj/Dloadr-CSE at Sophos

...

Troj/FakeAV-XK

- Troj/FakeAV-XK at Sophos

...

Mal/Badsrc-D

- Mal/Badsrc-D at Sophos

Mal/Badsrc-D is a malicious web page, often a compromised page, that loads a script from a
malicious website.
...

Troj/Agent-KVP

- Troj/Agent-KVP at Sophos

...

Troj/Dloadr-CSD

0 writebacks [08/17/2009 21:46] [] permanent link

Virus Malware and Threat News for 20090815

Troj/Dloadr-CSC

- Troj/Dloadr-CSC at Sophos

...

Troj/FakeAle-PD

- Troj/FakeAle-PD at Sophos

...

Troj/FakeAV-XI

- Troj/FakeAV-XI at Sophos

...

Troj/Farfli-Gen

- Troj/Farfli-Gen at Sophos

...

Troj/Buzus-AT

- Troj/Buzus-AT at Sophos

...

W32/Yahlov-I

- W32/Yahlov-I at Sophos

W32/Yahlov-I is a worm for the Windows platform. W32/Yahlov-I speads by
copying itself to network shares and removable drives. It is intended to copy itself using a random filename,
adding an autorun.inf file in an attempt to run itself when the drive is loaded. When
run, W32/...

Troj/Bckdr-QXO

- Troj/Bckdr-QXO at Sophos

...

Mal/Mallard-A

- Mal/Mallard-A at Sophos

Files detected as Mal/Mallard-A tend to drop rootkit files detected as Troj/Rootkit-GL.
...

Troj/Agent-KVG

- Troj/Agent-KVG at Sophos

...

Troj/Delf-FDE

- Troj/Delf-FDE at Sophos

...

Downloader.Sninfs.B

- Downloader.Sninfs.B at Norton Symantec

Downloader.Sninfs.B is a Trojan horse that may download other files onto the compromised computer.
...

Troj/Agent-KVH

- Troj/Agent-KVH at Sophos

...

Troj/Agent-KVI

- Troj/Agent-KVI at Sophos

...

Troj/Agent-KVK

- Troj/Agent-KVK at Sophos

...

Troj/Bckdr-QXP

- Troj/Bckdr-QXP at Sophos

...

Troj/Dropr-BN

- Troj/Dropr-BN at Sophos

...

Troj/DwnLdr-HVJ

- Troj/DwnLdr-HVJ at Sophos

...

Troj/Inject-IO

- Troj/Inject-IO at Sophos

...

Troj/Inject-IP

- Troj/Inject-IP at Sophos

...

Troj/TDSS-AN

- Troj/TDSS-AN at Sophos

...

Troj/Agent-KVJ

- Troj/Agent-KVJ at Sophos

...

0 writebacks [08/16/2009 21:47] [] permanent link

Virus Malware and Threat News for 20090814

Downloader.Sninfs

- Downloader.Sninfs at Norton Symantec

Downloader.Sninfs is a Trojan horse that may download files on to the compromised computer.
...

TROJ_PIDIEF.ADQ

- TROJ_PIDIEF.ADQ at Trend Micro

Trend Micro has flagged this Trojan as noteworthy due to the increased potential for damage, propagation, or
both, that it possesses. Specifically, its capability to exploit a particular vulnerability in a software.It
is a specially crafted .PDF file that exploits a vulnerability in Adobe Reader version 9.1.2 and Flash Player
9 and 1...

Mal/Bckdr-C

- Mal/Bckdr-C at Sophos

...

Mal/FakeAv-BA

- Mal/FakeAv-BA at Sophos

...

Mal/Hupig-I

- Mal/Hupig-I at Sophos

...

Troj/Backdr-AN

- Troj/Backdr-AN at Sophos

...

Troj/Clicker-FL

- Troj/Clicker-FL at Sophos

...

Troj/Dloadr-CRY

- Troj/Dloadr-CRY at Sophos

...

Troj/Dloadr-CRZ

- Troj/Dloadr-CRZ at Sophos

...

Troj/Dloadr-CSA

- Troj/Dloadr-CSA at Sophos

...

Troj/FakeAv-XH

- Troj/FakeAv-XH at Sophos

Troj/FakeAv-XH is a Trojan for the Windows platform. Troj/FakeAv-XH copies
itself to <SYSTEM>\winupdate.exe and sets the following registry entry to run on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run winupdate.exe
...

Troj/JSRedir-X

- Troj/JSRedir-X at Sophos

...

Troj/Dloadr-CSC

- Troj/Dloadr-CSC at Sophos

...

Troj/FakeAle-PD

- Troj/FakeAle-PD at Sophos

...

Troj/FakeAV-XI

- Troj/FakeAV-XI at Sophos

...

Troj/Farfli-Gen

- Troj/Farfli-Gen at Sophos

...

Troj/Buzus-AT

- Troj/Buzus-AT at Sophos

...

W32/Yahlov-I

Troj/Bckdr-QXO

- Troj/Bckdr-QXO at Sophos

...

Mal/Mallard-A

- Mal/Mallard-A at Sophos

Files detected as Mal/Mallard-A tend to drop rootkit files detected as Troj/Rootkit-GL.
...

Troj/Agent-KVG

- Troj/Agent-KVG at Sophos

...

Troj/Delf-FDE

- Troj/Delf-FDE at Sophos

...

0 writebacks [08/15/2009 21:45] [] permanent link

Virus Malware and Threat News for 20090813

W32.Screentief

- W32.Screentief at Norton Symantec

W32.Screentief is a worm that spreads by copying itself to removable drives. It also captures screenshots and
attempts to send them to a remote attacker.
...

W32.Trats.B!inf

- W32.Trats.B!inf at Norton Symantec

W32.Trats.B!inf is a detection for files that are infected by the W32.Trats.B.
...

W32.Trats.B

- W32.Trats.B at Norton Symantec

W32.Trats.B is a worm that spreads by copying itself to removable drives and by sending instant messages
containing links to copies of itself. It also infects executable files and attempts to download files on to
the compromised computer.
...

Mal/Behav-330

- Mal/Behav-330 at Sophos

...

Mal/BHO-U

- Mal/BHO-U at Sophos

...

Troj/Agent-KUX

- Troj/Agent-KUX at Sophos

...

Troj/Agent-KUY

- Troj/Agent-KUY at Sophos

...

Troj/Agent-KUZ

- Troj/Agent-KUZ at Sophos

...

Troj/Delf-FDC

- Troj/Delf-FDC at Sophos

...

Troj/GCurd-A

- Troj/GCurd-A at Sophos

...

Troj/Haxdoor-DR

- Troj/Haxdoor-DR at Sophos

...

Troj/NTFSKit-B

- Troj/NTFSKit-B at Sophos

...

Troj/Pidief-C

- Troj/Pidief-C at Sophos

...

Downloader.Sninfs

- Downloader.Sninfs at Norton Symantec

Downloader.Sninfs is a Trojan horse that may download files on to the compromised computer.
...

TROJ_PIDIEF.ADQ

Mal/Bckdr-C

- Mal/Bckdr-C at Sophos

...

Mal/FakeAv-BA

- Mal/FakeAv-BA at Sophos

...

Mal/Hupig-I

- Mal/Hupig-I at Sophos

...

Troj/Backdr-AN

- Troj/Backdr-AN at Sophos

...

Troj/Clicker-FL

- Troj/Clicker-FL at Sophos

...

Troj/Dloadr-CRY

- Troj/Dloadr-CRY at Sophos

...

Troj/Dloadr-CRZ

- Troj/Dloadr-CRZ at Sophos

...

Troj/Dloadr-CSA

- Troj/Dloadr-CSA at Sophos

...

Troj/FakeAv-XH

Troj/JSRedir-X

- Troj/JSRedir-X at Sophos

...

0 writebacks [08/14/2009 21:46] [] permanent link

Virus Malware and Threat News for 20090812

Other:HTML/Fraud

- Other:HTML/Fraud at F-Secure

...

Trojan-PSW:W32/Magania

- Trojan-PSW:W32/Magania at F-Secure

...

W32.Stiraut

- W32.Stiraut at Norton Symantec

W32.Stiraut is a worm that spreads through removable drives. It also opens a back door on the compromised
computer and sends messages to randomly selected users of a social networking service.
...

OSX_JAHLAV.D

- OSX_JAHLAV.D at Trend Micro

...

UNIX_DNSCHAN.AA

- UNIX_DNSCHAN.AA at Trend Micro

...

Troj/Agent-KUP

- Troj/Agent-KUP at Sophos

Troj/Agent-KUP is a Trojan for the Windows platform. When first run
Troj/Agent-KUP copies itself to: <Root>\Winlogon.jpg
<Windows>\Systems.exe and creates the file <Temp>\~dfbb2f.tmp.
The following reg...

Troj/FakeAV-XD

- Troj/FakeAV-XD at Sophos

...

W32/Autorun-AOQ

- W32/Autorun-AOQ at Sophos

...

W32/Autorun-AOS

- W32/Autorun-AOS at Sophos

...

W32/Sdbot-DOW

- W32/Sdbot-DOW at Sophos

W32/Sdbot-DOW is a worm for the Windows platform. W32/Sdbot-DOW runs
continuously in the background, providing a backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels. When W32/Sdbot-DOW is installed the
following files ar...

Troj/BancDl-C

- Troj/BancDl-C at Sophos

...

Troj/FakeAV-XC

- Troj/FakeAV-XC at Sophos

...

Troj/PWS-BCW

- Troj/PWS-BCW at Sophos

...

W32/SillyFDC-DP

- W32/SillyFDC-DP at Sophos

...

Mal/ObfJS-CE

- Mal/ObfJS-CE at Sophos

Mal/ObfJS-CE is a malicious JavaScript embedded in a web page.
...

W32.Screentief

- W32.Screentief at Norton Symantec

W32.Screentief is a worm that spreads by copying itself to removable drives. It also captures screenshots and
attempts to send them to a remote attacker.
...

W32.Trats.B!inf

- W32.Trats.B!inf at Norton Symantec

W32.Trats.B!inf is a detection for files that are infected by the W32.Trats.B.
...

W32.Trats.B

Mal/Behav-330

- Mal/Behav-330 at Sophos

...

Mal/BHO-U

- Mal/BHO-U at Sophos

...

Troj/Agent-KUX

- Troj/Agent-KUX at Sophos

...

Troj/Agent-KUY

- Troj/Agent-KUY at Sophos

...

Troj/Agent-KUZ

- Troj/Agent-KUZ at Sophos

...

Troj/Delf-FDC

- Troj/Delf-FDC at Sophos

...

Troj/GCurd-A

- Troj/GCurd-A at Sophos

...

Troj/Haxdoor-DR

- Troj/Haxdoor-DR at Sophos

...

Troj/NTFSKit-B

- Troj/NTFSKit-B at Sophos

...

Troj/Pidief-C

- Troj/Pidief-C at Sophos

...

0 writebacks [08/13/2009 21:42] [] permanent link

Virus Malware and Threat News for 20090811

Hacktool.PStorRevealer

- Hacktool.PStorRevealer at Norton Symantec

BehaviorHacktool.PStorRevealer is a hack tool that gathers passwords from stored in various applications.
...

W32.SillyFDC.BCT

- W32.SillyFDC.BCT at Norton Symantec

W32.SillyFDC.BCT is a worm that spreads by copying itself to removable drives. It may also download files on
to the compromised computer.
...

Troj/Bancos-BFY

- Troj/Bancos-BFY at Sophos

...

Troj/BHO-ND

- Troj/BHO-ND at Sophos

...

Troj/Bkdor-Gen

- Troj/Bkdor-Gen at Sophos

...

Troj/Drop-DG

- Troj/Drop-DG at Sophos

...

Troj/Keylog-LP

- Troj/Keylog-LP at Sophos

...

Troj/Koobdwn-A

- Troj/Koobdwn-A at Sophos

Troj/Koobdwn-A is a Trojan for the Windows platform. Troj/Koobdwn-A is
posted on Twitter with a shortened url and uses one of the following messages: "Holy
shit! Are you really in this video? <URL> OMFG!!!" "Nice! Your ass looks great on this video!
<URL>...

Troj/Tibia-H

- Troj/Tibia-H at Sophos

...

W32/Autorun-AOM

- W32/Autorun-AOM at Sophos

...

Mal/EncPk-JQ

- Mal/EncPk-JQ at Sophos

...

Mal/PWS-AC

- Mal/PWS-AC at Sophos

...

Other:HTML/Fraud

- Other:HTML/Fraud at F-Secure

...

Trojan-PSW:W32/Magania

- Trojan-PSW:W32/Magania at F-Secure

...

W32.Stiraut

OSX_JAHLAV.D

- OSX_JAHLAV.D at Trend Micro

...

UNIX_DNSCHAN.AA

- UNIX_DNSCHAN.AA at Trend Micro

...

Troj/Agent-KUP

Troj/FakeAV-XD

- Troj/FakeAV-XD at Sophos

...

W32/Autorun-AOQ

- W32/Autorun-AOQ at Sophos

...

W32/Autorun-AOS

- W32/Autorun-AOS at Sophos

...

W32/Sdbot-DOW

Troj/BancDl-C

- Troj/BancDl-C at Sophos

...

Troj/FakeAV-XC

- Troj/FakeAV-XC at Sophos

...

Troj/PWS-BCW

- Troj/PWS-BCW at Sophos

...

W32/SillyFDC-DP

- W32/SillyFDC-DP at Sophos

...

Mal/ObfJS-CE

- Mal/ObfJS-CE at Sophos

Mal/ObfJS-CE is a malicious JavaScript embedded in a web page.
...

0 writebacks [08/12/2009 21:46] [] permanent link

Virus Malware and Threat News for 20090810

W32.Feberr

- W32.Feberr at Norton Symantec

W32.Feberr is a file infector that may attempt to spread by copying itself to removable drives and shared
folders....

W32.SillyFDC.BCS

- W32.SillyFDC.BCS at Norton Symantec

W32.SillyFDC.BCS is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BCR

- W32.SillyFDC.BCR at Norton Symantec

W32.SillyFDC.BCR is a worm that spreads by copying itself to removable drives.
...

Mal/Hupig-H

- Mal/Hupig-H at Sophos

...

Troj/Agent-KUA

- Troj/Agent-KUA at Sophos

...

Troj/Agent-KUB

- Troj/Agent-KUB at Sophos

...

Troj/Agent-KUC

- Troj/Agent-KUC at Sophos

...

Troj/Dloadr-CRO

- Troj/Dloadr-CRO at Sophos

...

Troj/Dloadr-CRP

- Troj/Dloadr-CRP at Sophos

...

Troj/FakeAV-WZ

- Troj/FakeAV-WZ at Sophos

...

Troj/Agent-KTV

- Troj/Agent-KTV at Sophos

...

Troj/Agent-KTW

- Troj/Agent-KTW at Sophos

...

Hacktool.PStorRevealer

- Hacktool.PStorRevealer at Norton Symantec

BehaviorHacktool.PStorRevealer is a hack tool that gathers passwords from stored in various applications.
...

W32.SillyFDC.BCT

- W32.SillyFDC.BCT at Norton Symantec

W32.SillyFDC.BCT is a worm that spreads by copying itself to removable drives. It may also download files on
to the compromised computer.
...

Troj/Bancos-BFY

- Troj/Bancos-BFY at Sophos

...

Troj/BHO-ND

- Troj/BHO-ND at Sophos

...

Troj/Bkdor-Gen

- Troj/Bkdor-Gen at Sophos

...

Troj/Drop-DG

- Troj/Drop-DG at Sophos

...

Troj/Keylog-LP

- Troj/Keylog-LP at Sophos

...

Troj/Koobdwn-A

Troj/Tibia-H

- Troj/Tibia-H at Sophos

...

W32/Autorun-AOM

- W32/Autorun-AOM at Sophos

...

Mal/EncPk-JQ

- Mal/EncPk-JQ at Sophos

...

Mal/PWS-AC

- Mal/PWS-AC at Sophos

...

0 writebacks [08/11/2009 21:51] [] permanent link

Virus Malware and Threat News for 20090809

Troj/Banker-ETR

- Troj/Banker-ETR at Sophos

...

Troj/Inject-IN

- Troj/Inject-IN at Sophos

...

Troj/FakeAV-WY

- Troj/FakeAV-WY at Sophos

...

W32.Feberr

- W32.Feberr at Norton Symantec

W32.Feberr is a file infector that may attempt to spread by copying itself to removable drives and shared
folders....

W32.SillyFDC.BCS

- W32.SillyFDC.BCS at Norton Symantec

W32.SillyFDC.BCS is a worm that spreads by copying itself to removable drives.
...

W32.SillyFDC.BCR

- W32.SillyFDC.BCR at Norton Symantec

W32.SillyFDC.BCR is a worm that spreads by copying itself to removable drives.
...

Mal/Hupig-H

- Mal/Hupig-H at Sophos

...

Troj/Agent-KUA

- Troj/Agent-KUA at Sophos

...

Troj/Agent-KUB

- Troj/Agent-KUB at Sophos

...

Troj/Agent-KUC

- Troj/Agent-KUC at Sophos

...

Troj/Dloadr-CRO

- Troj/Dloadr-CRO at Sophos

...

Troj/Dloadr-CRP

- Troj/Dloadr-CRP at Sophos

...

Troj/FakeAV-WZ

- Troj/FakeAV-WZ at Sophos

...

Troj/Agent-KTV

- Troj/Agent-KTV at Sophos

...

Troj/Agent-KTW

- Troj/Agent-KTW at Sophos

...

0 writebacks [08/10/2009 21:44] [] permanent link

Virus Malware and Threat News for 20090808

W32.Koobface.D

- W32.Koobface.D at Norton Symantec

W32.Koobface.D is a worm that spreads through social networking sites. It also sends confidential information
to a remote location.
...

WORM_KOOBFACE.V

- WORM_KOOBFACE.V at Trend Micro

This worm may be downloaded from remote sites by other malware.It may be downloaded from certain remote sites.
It may be installed manually by the user when accessing malicious links posted in social networking sites. It
attempts to access several URLs to send system information via HTTP POST. It may also send an HTTP POST
request to...

Mal/Behav-323

- Mal/Behav-323 at Sophos

...

Troj/Agent-KTP

- Troj/Agent-KTP at Sophos

...

Troj/Agent-KTQ

- Troj/Agent-KTQ at Sophos

...

Troj/Agent-KTR

- Troj/Agent-KTR at Sophos

...

Troj/Agent-KTS

- Troj/Agent-KTS at Sophos

...

Troj/Feedel-J

- Troj/Feedel-J at Sophos

...

Troj/NestObj-A

- Troj/NestObj-A at Sophos

Troj/NestObj-A is a malicious web page designed to exploit a vulnerability in Internet Explorer 6.
...

Troj/Zbot-GZ

- Troj/Zbot-GZ at Sophos

...

Troj/Agent-KSG

- Troj/Agent-KSG at Sophos

...

Troj/Agent-KTO

- Troj/Agent-KTO at Sophos

...

Troj/Banker-ETR

- Troj/Banker-ETR at Sophos

...

Troj/Inject-IN

- Troj/Inject-IN at Sophos

...

Troj/FakeAV-WY

- Troj/FakeAV-WY at Sophos

...

0 writebacks [08/09/2009 21:49] [] permanent link

Virus Malware and Threat News for 20090807

SecurityRisk.Malconfig

- SecurityRisk.Malconfig at Norton Symantec

BehaviorSecurityRisk.Malconfig is a detection for parameters contained within configuration files that are
used to initialize malicious applications.
...

W32.SillyFDC.BCQ

- W32.SillyFDC.BCQ at Norton Symantec

W32.SillyFDC.BCQ is a worm that spreads by copying itself to removable drives. It may also spread through file
sharing programs....

Packed.Generic.243

- Packed.Generic.243 at Norton Symantec

Packed.Generic.243 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Troj/BanBot-C

- Troj/BanBot-C at Sophos

Troj/BanBot-C is an adware related Trojan for the Windows platform.
Troj/BanBot-C runs continuously in the background, periodically downloading configuration data from a remote
server. Troj/BanBot-C displays advertising banners when the browser is active.
...

Troj/Dloadr-CRH

- Troj/Dloadr-CRH at Sophos

...

Troj/Dloadr-CRI

- Troj/Dloadr-CRI at Sophos

Troj/Dloadr-CRI is a downloader Trojan for the Windows platform. When
first run the following files are created: <System>\sdra64.exe
<System>\lowsec\user.ds.lll <System>\lowsec\local.ds The
following registry entr...

W32/Autorun-ANW

- W32/Autorun-ANW at Sophos

W32/Autorun-ANW is a worm for the Windows platform. When W32/Autorun-ANW is
installed it creates the file <System>\csrcs.exe. The following registry entry is
created to run csrcs.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polici...

Mal/Dloadr-M

- Mal/Dloadr-M at Sophos

...

Troj/Agent-KTH

- Troj/Agent-KTH at Sophos

...

Troj/Formador-D

- Troj/Formador-D at Sophos

...

Troj/Rootkit-GK

- Troj/Rootkit-GK at Sophos

...

Troj/Trot-C

- Troj/Trot-C at Sophos

Troj/Trot-C is a Trojan for the Windows platform. Troj/Trot-C includes
functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Trot-C copies itself to <System>\servises.exe and creates the file
<System>\_id.dat. ...

Troj/Vbinder-A

- Troj/Vbinder-A at Sophos

Troj/Vbinder-A injects malicious code into active processes. Malware
authors can use a utility application to create a new instance of Troj/Vbinder-A to inject their code.
...

W32.Koobface.D

- W32.Koobface.D at Norton Symantec

W32.Koobface.D is a worm that spreads through social networking sites. It also sends confidential information
to a remote location.
...

WORM_KOOBFACE.V

Mal/Behav-323

- Mal/Behav-323 at Sophos

...

Troj/Agent-KTP

- Troj/Agent-KTP at Sophos

...

Troj/Agent-KTQ

- Troj/Agent-KTQ at Sophos

...

Troj/Agent-KTR

- Troj/Agent-KTR at Sophos

...

Troj/Agent-KTS

- Troj/Agent-KTS at Sophos

...

Troj/Feedel-J

- Troj/Feedel-J at Sophos

...

Troj/NestObj-A

- Troj/NestObj-A at Sophos

Troj/NestObj-A is a malicious web page designed to exploit a vulnerability in Internet Explorer 6.
...

Troj/Zbot-GZ

- Troj/Zbot-GZ at Sophos

...

Troj/Agent-KSG

- Troj/Agent-KSG at Sophos

...

Troj/Agent-KTO

- Troj/Agent-KTO at Sophos

...

0 writebacks [08/08/2009 21:48] [] permanent link

Virus Malware and Threat News for 20090806

Backdoor.Regdor

- Backdoor.Regdor at Norton Symantec

Backdoor.Regdor is a Trojan horse that opens a back door on the compromised computer.
...

Troj/Dloadr-CRF

- Troj/Dloadr-CRF at Sophos

...

Troj/Agent-KTC

- Troj/Agent-KTC at Sophos

...

Troj/Agent-KTD

- Troj/Agent-KTD at Sophos

...

Troj/Agent-KTE

- Troj/Agent-KTE at Sophos

...

Troj/ASPAce-B

- Troj/ASPAce-B at Sophos

...

Troj/Bdoor-AWI

- Troj/Bdoor-AWI at Sophos

...

Troj/PDFJS-CJ

- Troj/PDFJS-CJ at Sophos

...

Mal/Vbinder-C

- Mal/Vbinder-C at Sophos

...

Troj/Agent-KTB

- Troj/Agent-KTB at Sophos

...

Troj/Buzus-AR

- Troj/Buzus-AR at Sophos

...

SecurityRisk.Malconfig

- SecurityRisk.Malconfig at Norton Symantec

BehaviorSecurityRisk.Malconfig is a detection for parameters contained within configuration files that are
used to initialize malicious applications.
...

W32.SillyFDC.BCQ

- W32.SillyFDC.BCQ at Norton Symantec

W32.SillyFDC.BCQ is a worm that spreads by copying itself to removable drives. It may also spread through file
sharing programs....

Packed.Generic.243

- Packed.Generic.243 at Norton Symantec

Packed.Generic.243 is a heuristic detection for files that may have been obfuscated or encrypted in order to
conceal them from antivirus software.
...

Troj/BanBot-C

Troj/Dloadr-CRH

- Troj/Dloadr-CRH at Sophos

...

Troj/Dloadr-CRI

W32/Autorun-ANW

Mal/Dloadr-M

- Mal/Dloadr-M at Sophos

...

Troj/Agent-KTH

- Troj/Agent-KTH at Sophos

...

Troj/Formador-D

- Troj/Formador-D at Sophos

...

Troj/Rootkit-GK

- Troj/Rootkit-GK at Sophos

...

Troj/Trot-C

Troj/Vbinder-A

0 writebacks [08/07/2009 21:49] [] permanent link

Virus Malware and Threat News for 20090805

Mal/VBdrop-C

- Mal/VBdrop-C at Sophos

...

Troj/Agent-KSX

- Troj/Agent-KSX at Sophos

...

Troj/Damewar-D

- Troj/Damewar-D at Sophos

...

Troj/Dropr-BK

- Troj/Dropr-BK at Sophos

...

Troj/Dropr-BL

- Troj/Dropr-BL at Sophos

...

Troj/FakeAV-WV

- Troj/FakeAV-WV at Sophos

...

Troj/Trafog-A

- Troj/Trafog-A at Sophos

...

Mal/Scribble-B

- Mal/Scribble-B at Sophos

Mal/Scribble-B is a polymorphic fast-infecting executable file virus for the Windows platform.
Mal/Scribble-B attempts to open an IRC backdoor in order to receive commands from a remote
user....

Troj/Agent-KRJ

- Troj/Agent-KRJ at Sophos

...

Backdoor.Regdor

- Backdoor.Regdor at Norton Symantec

Backdoor.Regdor is a Trojan horse that opens a back door on the compromised computer.
...

Troj/Dloadr-CRF

- Troj/Dloadr-CRF at Sophos

...

Troj/Agent-KTC

- Troj/Agent-KTC at Sophos

...

Troj/Agent-KTD

- Troj/Agent-KTD at Sophos

...

Troj/Agent-KTE

- Troj/Agent-KTE at Sophos

...

Troj/ASPAce-B

- Troj/ASPAce-B at Sophos

...

Troj/Bdoor-AWI

- Troj/Bdoor-AWI at Sophos

...

Troj/PDFJS-CJ

- Troj/PDFJS-CJ at Sophos

...

Mal/Vbinder-C

- Mal/Vbinder-C at Sophos

...

Troj/Agent-KTB

- Troj/Agent-KTB at Sophos

...

Troj/Buzus-AR

- Troj/Buzus-AR at Sophos

...

0 writebacks [08/06/2009 21:48] [] permanent link

Virus Malware and Threat News for 20090804

Backdoor:W32/Pushbot.gen!A

- Backdoor:W32/Pushbot.gen!A at F-Secure

...

HTML_REDIR.ECT

- HTML_REDIR.ECT at Trend Micro

This is the Trend Micro detection for HTML pages and compromised Web sites that contain malicious scripts.It
may be downloaded from certain remote site(s). It may be downloaded unknowingly by a user when visiting
malicious Web site(s).Once an unsuspecting user visits an affected webpage, this malicious HTML file attempts
to access se...

Troj/Agent-KSO

- Troj/Agent-KSO at Sophos

...

Troj/Agent-KSP

- Troj/Agent-KSP at Sophos

...

Troj/Agent-KSQ

- Troj/Agent-KSQ at Sophos

...

Troj/Agent-KSR

- Troj/Agent-KSR at Sophos

...

Troj/Agent-KSS

- Troj/Agent-KSS at Sophos

...

Troj/Agent-KST

- Troj/Agent-KST at Sophos

...

Troj/Agent-KSU

- Troj/Agent-KSU at Sophos

...

Troj/AutoIt-FN

- Troj/AutoIt-FN at Sophos

...

Troj/Dloadr-CQY

- Troj/Dloadr-CQY at Sophos

...

W32/VB-ASG

- W32/VB-ASG at Sophos

W32/VB-ASG is a worm for the Windows platform. When first run W32/VB-ASG
copies itself to: <User>\Hwnd\svhost.exe <Root>\Hwnd\svhost.exe
and creates the file: <Root>\test.txt
W32...

Mal/VBdrop-C

- Mal/VBdrop-C at Sophos

...

Troj/Agent-KSX

- Troj/Agent-KSX at Sophos

...

Troj/Damewar-D

- Troj/Damewar-D at Sophos

...

Troj/Dropr-BK

- Troj/Dropr-BK at Sophos

...

Troj/Dropr-BL

- Troj/Dropr-BL at Sophos

...

Troj/FakeAV-WV

- Troj/FakeAV-WV at Sophos

...

Troj/Trafog-A

- Troj/Trafog-A at Sophos

...

Mal/Scribble-B

Troj/Agent-KRJ

- Troj/Agent-KRJ at Sophos

...

0 writebacks [08/05/2009 21:51] [] permanent link

Virus Malware and Threat News for 20090803

Bloodhound.Exploit.266

- Bloodhound.Exploit.266 at Norton Symantec

Bloodhound.Exploit.266 is a heuristic detection for files attempting to exploit the Adobe Acrobat, Reader, and
Flash Player Remote Code Execution Vulnerability (BID 35759).
...

Troj/Agent-KSK

- Troj/Agent-KSK at Sophos

...

Troj/Dloadr-CQW

- Troj/Dloadr-CQW at Sophos

...

Troj/Dloadr-CQX

- Troj/Dloadr-CQX at Sophos

...

Mal/Iframe-F

- Mal/Iframe-F at Sophos

Mal/Iframe-F is a small or hidden iframe within a web page that attempts to run malicious software.
It is often used by attackers as the first stage of a larger web based malware attack.
At the time of writing Mal/Iframe-F is still one of the most commonly seen threats on web pages that have been
co...

Mal/VB-F

- Mal/VB-F at Sophos

...

W32/Autorun-ANK

- W32/Autorun-ANK at Sophos

W32/Autorun-ANK is a worm for the Windows platform. When W32/Autorun-ANK is
installed the following files are created: <System>\autorun.ini
<System>\setting.ini <System>\SSVICHOSST.exe <Windows>\SSVICHOSST.exe
...

Troj/PDFEx-BO

- Troj/PDFEx-BO at Sophos

...

Troj/PicEx-A

- Troj/PicEx-A at Sophos

...

Troj/SWFExp-M

- Troj/SWFExp-M at Sophos

...

Troj/SWFExp-N

- Troj/SWFExp-N at Sophos

Troj/SWFExp-N is a malicious SWF file related to the CVE-2009-1862 vulnerability.
...

Backdoor:W32/Pushbot.gen!A

- Backdoor:W32/Pushbot.gen!A at F-Secure

...

HTML_REDIR.ECT

Troj/Agent-KSO

- Troj/Agent-KSO at Sophos

...

Troj/Agent-KSP

- Troj/Agent-KSP at Sophos

...

Troj/Agent-KSQ

- Troj/Agent-KSQ at Sophos

...

Troj/Agent-KSR

- Troj/Agent-KSR at Sophos

...

Troj/Agent-KSS

- Troj/Agent-KSS at Sophos

...

Troj/Agent-KST

- Troj/Agent-KST at Sophos

...

Troj/Agent-KSU

- Troj/Agent-KSU at Sophos

...

Troj/AutoIt-FN

- Troj/AutoIt-FN at Sophos

...

Troj/Dloadr-CQY

- Troj/Dloadr-CQY at Sophos

...

W32/VB-ASG

0 writebacks [08/04/2009 21:46] [] permanent link

Virus Malware and Threat News for 20090802

Troj/Zbot-GY

- Troj/Zbot-GY at Sophos

...

W32/Sdbot-DOU

- W32/Sdbot-DOU at Sophos

...

Troj/Agent-KSJ

- Troj/Agent-KSJ at Sophos

...

Troj/Banhost-AJ

- Troj/Banhost-AJ at Sophos

...

Troj/FakeAV-WS

- Troj/FakeAV-WS at Sophos

...

Troj/VB-EFZ

- Troj/VB-EFZ at Sophos

...

Troj/VB-EGA

- Troj/VB-EGA at Sophos

...

Troj/Dloadr-CQS

- Troj/Dloadr-CQS at Sophos

...

Troj/FakeAle-PA

- Troj/FakeAle-PA at Sophos

...

Bloodhound.Exploit.266

Troj/Agent-KSK

- Troj/Agent-KSK at Sophos

...

Troj/Dloadr-CQW

- Troj/Dloadr-CQW at Sophos

...

Troj/Dloadr-CQX

- Troj/Dloadr-CQX at Sophos

...

Mal/Iframe-F

Mal/VB-F

- Mal/VB-F at Sophos

...

W32/Autorun-ANK

Troj/PDFEx-BO

- Troj/PDFEx-BO at Sophos

...

Troj/PicEx-A

- Troj/PicEx-A at Sophos

...

Troj/SWFExp-M

- Troj/SWFExp-M at Sophos

...

Troj/SWFExp-N

- Troj/SWFExp-N at Sophos

Troj/SWFExp-N is a malicious SWF file related to the CVE-2009-1862 vulnerability.
...

0 writebacks [08/03/2009 21:41] [] permanent link

Virus Malware and Threat News for 20090801

Troj/Agent-KSH

- Troj/Agent-KSH at Sophos

...

Troj/Agent-KSI

- Troj/Agent-KSI at Sophos

...

Troj/FakeAle-OZ

- Troj/FakeAle-OZ at Sophos

...

W32/Autorun-ANI

- W32/Autorun-ANI at Sophos

...

W32/AutoRun-ANJ

- W32/AutoRun-ANJ at Sophos

...

Mal/Crot-A

- Mal/Crot-A at Sophos

...

Troj/Delf-FDA

- Troj/Delf-FDA at Sophos

Troj/Delf-FDA is a Trojan for the Windows platform. Troj/Delf-FDA copies
itself to <Program Files>\system321.exe and attempts to create a service called "Windows_vxd20091" to
run it automatically.
...

Troj/VB-EFY

- Troj/VB-EFY at Sophos

...

Troj/Agent-KSE

- Troj/Agent-KSE at Sophos

...

Troj/Agent-KSF

- Troj/Agent-KSF at Sophos

...