by: Marianna Schmudlach April 27, 2008 10:07 PM PDT
0 people like this thread
Staff pick
VIRUS \ Spyware ALERTS - April 28, 2008
by Marianna Schmudlach - 4/27/08 10:07 PM
Troj/Agent-GXF
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
Protection available since 28 April 2008
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentgxf.html?_log_from=rss
Total posts: 29 (Showing page 1 of 1)
Troj/Dloadr-BLD
by Marianna Schmudlach - 4/28/08 7:32 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbld.html
Troj/Poison-V
by Marianna Schmudlach - 4/28/08 7:33 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpoisonv.html
Troj/DwnLdc-Gen
by Marianna Schmudlach - 4/28/08 7:34 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/DwnLdc-Gen is a downloader Trojan for the Windows platform.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldcgen.html
Compete Toolbar
by Marianna Schmudlach - 4/28/08 7:35 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Adware or PUA
Type Adware
Affected operating systems Windows
Characteristics Installs itself in the registry
http://www.sophos.com/security/analyses/adware-and-puas/competetoolbar.html
Email-Worm:W32/Agent.EV
by Marianna Schmudlach - 4/28/08 7:37 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Type: Email-Worm
Category: Malware
Summary
Email-Worm.Win32.Agent.ev arrives on systems as an e-mail attachment and attempts to download additional components onto the system if executed.
http://www.f-secure.com/v-descs/email-worm_w32_agent_ev.shtml
Troj/Smalla-Gen
by Marianna Schmudlach - 4/28/08 7:39 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Smalla-Gen is a Trojan for the Windows platform.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojsmallagen.html
Troj/Inja-Gen
by Marianna Schmudlach - 4/28/08 7:41 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Inja-Gen is a Trojan for the Windows platform. Troj/Inja-Gen includes functionality to inject code into other processes.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojinjagen.html
W32/Bobandy-D
by Marianna Schmudlach - 4/28/08 7:42 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Aliases Worm.Win32.VB.cz
W32/MoonLight.worm virus
Category Viruses and Spyware
Type Worm
How it spreads Email messages
Email attachments
Network shares
Affected operating systems Windows
Characteristics Installs itself in the registry
http://www.sophos.com/security/analyses/viruses-and-spyware/w32bobandyd.html
Rock Phishers Up the Ante with More Digital Certificates
by Marianna Schmudlach - 4/28/08 8:35 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
April 28th, 2008 by JM Hipolito
Our friends from RSA have recently reported about the latest one-two punch employed by the infamous Rock Phish gang (also reported here and here ). Best known for their easy-to-use kits that yield professional looking phishing pages, Rock Phish now adds information-stealing malware dubbed as the Zeus Trojan in its arsenal.
This attack is reminiscent of the Bank of America phishing attack, which we reported several days ago, wherein users are prompted to install a digital certificate in order to access the banks online login page. Incidentally, the phishing page was also Rock Phish.
And apparently there were more: Trend Micro Advanced Threats Researcher Paul Ferguson and the TrendLabs Content Security team came across a couple of malicious certificates detected as TSPY_PAPRAS.AC and TSPY_PAPRAS.AD. These spyware each target the Comerica and Colonial banks, respectively.
More: http://blog.trendmicro.com/
Chinese hackers target CNN
by Marianna Schmudlach - 4/28/08 8:37 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Trojan attempts to cripple news site
Written by Shaun Nichols in California
vnunet.com, 28 Apr 2008
A newly discovered application is attacking news website CNN in what security experts suspect to be an act of information warfare.
The 'anticnn.exe' program displays a small Chinese flag in the corner of the screen. When the user clicks on the flag, a window appears with a progress bar and a picture of Mao Zedong.
A message displayed above the picture reads: 'It is a red flag action: using rational action to express your patriotism.'
The application then attempts to connect to the CNN website and flood it with HTTP GET requests.
More: http://www.vnunet.com/vnunet/news/2215324/chinese-hackers-target-cnn
W32/KillAv-EO
by Marianna Schmudlach - 4/28/08 8:41 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Aliases Trojan.Win32.KillAV.jr
Category Viruses and Spyware
Type Worm
W32/KillAv-EO is a worm for the Windows platform.
The following registry entry is created to run W32/KillAv-EO on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Svcs: Dnscache
<pathname of the worm executable>
The following registry entry is set:
HKCU\Software\Microsoft\Internet Explorer\InformationBar
FirstTime
0
http://www.sophos.com/security/analyses/viruses-and-spyware/w32killaveo.html?_log_from=rss
W32/Harulf-A
by Marianna Schmudlach - 4/28/08 8:42 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Virus
How it spreads Infected files
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32harulfa.html?_log_from=rss
W32/Cekar-F
by Marianna Schmudlach - 4/28/08 8:44 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Virus
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32cekarf.html?_log_from=rss
Troj/VBDrop-Gen
by Marianna Schmudlach - 4/28/08 8:46 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
Characteristics Drops more malware
http://www.sophos.com/security/analyses/viruses-and-spyware/trojvbdropgen.html?_log_from=rss
Troj/Torpig-BZ
by Marianna Schmudlach - 4/28/08 8:47 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Aliases Backdoor.Win32.Sinowal.br
Category Viruses and Spyware
Type Trojan
Troj/Torpig-BZ is a Trojan for the Windows platform.
When Troj/Torpig-BZ is installed it creates the following files:
<Temp>\2.tmp (empty file)
<Temp>\1.tmp (also detected as Troj/Torpig-BZ )
http://www.sophos.com/security/analyses/viruses-and-spyware/trojtorpigbz.html?_log_from=rss
Troj/Agent-GXG
by Marianna Schmudlach - 4/28/08 8:48 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Agent-GXG is a Trojan for the Windows platform.
When run Troj/Agent-GXG will copy itself to the <systemroot> folder and will delete the copy of itself from its original location on the file system.
Troj/Agent-GXG will then set registry entries under the key:
HKLM\SOFTWARE\Microsoft\active setup\Installed components\{43564368-4375-8601-4371-458454791235\
Troj/Agent-GXG will periodically start an instance of Internet Explorer and attempt to connect to a remote URL.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentgxg.html?_log_from=rss
Simvir
by Marianna Schmudlach - 4/28/08 8:49 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Virus
http://www.sophos.com/security/analyses/viruses-and-spyware/simvir.html?_log_from=rss
Mal/EncPk-DM
by Marianna Schmudlach - 4/28/08 8:51 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malencpkdm.html?_log_from=rss
Mal/Behav-208
by Marianna Schmudlach - 4/28/08 8:52 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Malicious Behavior
Mal/Behav-208 is a malicious program for the Windows platform.
Detection for members of Mal/Behav-208 is behavior based.
http://www.sophos.com/security/analyses/viruses-and-spyware/malbehav208.html?_log_from=rss
W32.Mandaph
by Marianna Schmudlach - 4/28/08 10:58 AM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Type: Worm
W32.Mandaph is a worm that spreads through mapped and fixed s drives and download additional malware.
Symantec Security Response is currently investigating this threat and will post more information as it becomes available.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-042816-0445-99
Troj/Dloadr-BLE
by Marianna Schmudlach - 4/28/08 3:04 PM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Dloadr-BLE is a downloader Trojan for the Windows platform.
Troj/Dloadr-BLE includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Dloadr-BLE is installed the following files are created:
<Temp>\DogKiller.sys (detected as Troj/NTRootK-DG)
<System>\systemInfomations.ini (a text file which may safely be deleted)
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrble.html
Mal/Zbot-C
by Marianna Schmudlach - 4/28/08 3:05 PM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/malzbotc.html
Mal/Mdrop-B
by Marianna Schmudlach - 4/28/08 3:06 PM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Malicious Behavior
Mal/Mdrop-B is a Trojan which drops more files and may attempt to terminate security related processes.
http://www.sophos.com/security/analyses/viruses-and-spyware/malmdropb.html
Mal/Behav-223
by Marianna Schmudlach - 4/28/08 3:07 PM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Malicious Behavior
Mal/Behav-223 is a family of malicious programs for the Windows platform.
Members of Mal/Behav-223 are typically internet banking Trojans.
Detection for members of Mal/Behav-223 is behavior based.
http://www.sophos.com/security/analyses/viruses-and-spyware/malbehav223.html
Sus/Mdrop-C
by Marianna Schmudlach - 4/28/08 3:09 PM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Suspicious behavior and files
Type Suspicious behavior
What's been detected Sus/Mdrop-C exhibits characteristics commonly, but not exclusively, found in malware.
Sus/Mdrop-C has characteristics common to Trojans which drop more files and may attempt to terminate security related processes.
http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susmdropc.html
Troj/NTRootK-DG
by Marianna Schmudlach - 4/28/08 3:16 PM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojntrootkdg.html?_log_from=rss
Troj/Mdrop-BSB
by Marianna Schmudlach - 4/28/08 6:20 PM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/Mdrop-BSB drops the file <Windows>\<Random number>.dll which is detected as Mal/LineDLL-B.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropbsb.html
Troj/CoreFloo-M
by Marianna Schmudlach - 4/28/08 6:21 PM
In Reply to: VIRUS \ Spyware ALERTS - April 28, 2008 by Marianna Schmudlach
Category Viruses and Spyware
Type Trojan
Troj/CoreFloo-M has the ability to spy upon a user's activity and steal passwords. The targeted passwords are likely to be banking related.
When Troj/CoreFloo-M is installed the following files are created:
<System>\SPOOLIS.dIl - detected as Troj/CoreFloo-M
<System>\atippaxp.dat - data file, can be safely deleted
<System>\dbnetlie.dat - data file, can be safely deleted
<System>\libbze.dat - data file, can be safely deleted
<System>\spoolis.dat - data file, can be safely deleted
The file SPOOLIS.dIl is registered as a COM object and shell extension, creating registry entries under:
HKCR\CLSID\<random_clsid>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\spoolis
http://www.sophos.com/security/analyses/viruses-and-spyware/trojcorefloom.html
Total posts: 29 (Showing page 1 of 1)
Unread
Read
Locked thread
Moderator
CNET Staff
Samsung Staff
Norton Authorized Support Team
AVG Staff
avast! Staff
Webroot Support Team
Acer Customer Experience Team
Windows Outreach Team
Dell Staff
Intel Staff
Question
Resolved question
General discussion
Tip
Alert or warning
Praise
RantYou are e-mailing the following post: Post Subject
You are reporting the following post: Post Subject
You are posting a reply to: Post Subject
Thank you, , your post has been submitted.
> Click here to view your post. > Manage your tracked discussions. > Track this discussion. CloseThank you, , your post has been submitted and will appear on our site shortly.
Close
Manage updates with the Download App
