Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virus alerts for week of 11/8/04

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sun Nov 07, 2004 11:13 pm    Post subject: Virus alerts for week of 11/8/04 Reply with quote

"Since thou are not sure of a minute,
throw not away an hour."
Benjamin Franklin (1706-1790); US scientist and politician.

- Weekly report on viruses and intruders -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, November 7, 2004 - This week's report on viruses and intruders will
focus on the Bagz.H and Mitglieder.AY worms and the Citifraud.A Trojan.

Bagz.H spreads via e-mail. To do this it looks for email addresses in the
files with a DBX, HTM, TBB, TBI or TXT extension on the affected computer.
However, it does not send itself out to all the addresses it finds, as it
avoids addresses with texts strings like abuse, admin. or administrator@,
among others.

The email messages carrying Bagz.H do not have a fixed format, as the
subject, message text and file name can vary. If the user runs the
attachment, Bagz.H will install itself as a service called Xuy v palto.
What's more, this worm modifies the Windows hosts file, preventing certain
Internet addresses from being accessed.

Bagz.H also deletes the entries in the Windows Registry that belong to
certain antivirus and security applications and creates new entries that
allow it to activate whenever the computer is started up.

Mitglieder.AY is a malicious code that is closely related to Bagle.BC and
Bagle.BE (detected a few days ago), as it takes advantage of the effects of
these worms to get into computers directly from the Internet. Mitglieder.AY
uses the backdoor created by both variants of Bagle in TCP port 81.
Mitglieder.AY scans for IP addresses in which the TCP port 81 is open. If it
finds this port open, it copies itself to those computers as a file called
winshost.exe.

From then on, Mitglieder.AY ends the processes in memory belonging to
different applications. What's more, every six hours, it attempts to
download the file zoo.jpg from certain web addresses. If successful, this
file is saved on the affected computer under the name File.exe. When this
file is run, it downloads other malware to the affected computer.

We are going to finish today's report with a Trojan called Citifraud.A,
which is actually a file written in HTML that exploits a known vulnerability
in Microsoft Internet Explorer. It contains a link pretend to access the
website of a well-known bank. However, this address actually accesses a
false website that imitates the original page. By doing this, it tries to
steal account details entered by the user, allowing the hacker to access the
bank account.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/.

Additional information

- Port/Communication port: Point through which a computer transfers
information (inbound/outbound) via TCP/IP.

- Vulnerability: Flaws or security holes in a program or IT system, and
often used by viruses as a means of infection.

More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Nov 08, 2004 3:55 pm    Post subject: Reply with quote

11/8: Mydoom-AG Uses Zero Day Attack
W32/Mydoom.ag@MM makes use of a zero day attack targeting a Microsoft Internet Explorer
IFRAME buffer overflow vulnerability.
http://nl.internet.com/ct.html?rtr=on&s=1,17wb,1,ih15,948q,9s3s,a9gz
------------------------------------------------------------
4. 11/8: Bofra-A Worm Arrives Via Email
W32/Bofra-A is a Worm for the Windows platform that arrives via email.
http://nl.internet.com/ct.html?rtr=on&s=1,17wb,1,hn4e,1l57,9s3s,a9gz
------------------------------------------------------------
5. 11/8: VBS.Midfin an Encryped Worm
VBS.Midfin@mm is an encrypted VBScript mass-mailing worm.
http://nl.internet.com/ct.html?rtr=on&s=1,17wb,1,a9e2,ato5,9s3s,a9gz
------------------------------------------------------------
6. 11/8: IRC.Bifrut Trojan Lets Attacker In
Backdoor.IRC.Bifrut is a Trojan horse program that opens a backdoor and allows a remote
attacker to control the compromised system through IRC and FTP channels.
http://nl.internet.com/ct.html?rtr=on&s=1,17wb,1,7s3u,t2i,9s3s,a9gz
------------------------------------------------------------
7. 11/8: Gaobot-BQJ a Network-Aware Worm
W32.Gaobot.BQJ is a network-aware worm that opens a backdoor and can be controlled
through IRC channels.
http://nl.internet.com/ct.html?rtr=on&s=1,17wb,1,bckt,a8h,9s3s,a9gz
------------------------------------------------------------
8. 11/8: Bancban-AC Trojan Steals Passwords
Troj/Bancban-AC is a password-stealing Trojan targeted at customers of certain Brazilian
banks.
http://nl.internet.com/ct.html?rtr=on&s=1,17wb,1,bfkk,7dr5,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Nov 09, 2004 10:12 am    Post subject: Reply with quote

MORE MYDOOMS ON THE MOVE | SearchSecurity.com

Two new auto-execute variants are circulating that take advantage of
the Windows iFrame flaw.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1024128,00.html?track=NL-102&ad=496443

MORE INFO:

Rash of Mydoom varients surfaced in September.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1005371,00.html?track=NL-102&ad=496443

XP SP2 protects against some Mydoom varients.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci998875,00.html?track=NL-102&ad=496443
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Nov 09, 2004 5:41 pm    Post subject: Reply with quote

slow day for viruses. but my norton updated 3 times today?

11/9: StartPa-Do Trojan Attacks IE
Troj/StartPa-DO is a browser hijacking Trojan.
http://nl.internet.com/ct.html?rtr=on&s=1,17z6,1,4zyz,hw20,9s3s,a9gz
------------------------------------------------------------
4. 11/9: Mydoom-AH Worm Exploits IE Flaw
W32.Mydoom.AH@mm is a mass-mailing worm that exploits the Microsoft Internet Explorer
Malformed IFRAME Remote Buffer Overflow Vulnerability (BID 11515).
http://nl.internet.com/ct.html?rtr=on&s=1,17z6,1,789e,59u7,9s3s,a9gz
------------------------------------------------------------

11/9: Mydoom-AI a Mass-Mailing Worm
W32.Mydoom.AI@mm is a mass-mailing worm that exploits the Microsoft Internet Explorer
Malformed IFRAME Remote Buffer Overflow Vulnerability (BID 11515).
http://nl.internet.com/ct.html?rtr=on&s=1,17z6,1,f8fh,c3xl,9s3s,a9gz
------------------------------------------------------------
6. 11/9: Rbot-PG Worm also a Trojan
W32/Rbot-PG is a network worm and backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,17z6,1,2i7h,m2vc,9s3s,a9gz
------------------------------------------------------------
7. 11/9: Bofra-B Worm Offers Webcam View
W32/Bofra-B is a Worm for the Windows platform that arrives via email.
http://nl.internet.com/ct.html?rtr=on&s=1,17z6,1,3gh8,fym3,9s3s,a9gz
------------------------------------------------------------
8. 11/9: Forbot-CF Worm Attacks Files
W32/Forbot-CF is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,17z6,1,lk8u,8uux,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Nov 10, 2004 6:23 pm    Post subject: Reply with quote

New MyDoom Variant Aims at IE Hole
New variant of the virus takes advantage of Iframe vulnerability in IE.
- Microsoft Plugs ISA Vulnerability
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,f4ia,1sjt,9s3s,a9gz
------------------------------------------------------------
4. Suspect Charged in Connection to MS Windows Leak
The U.S. Attorney's Office arrested a man suspected of selling Windows 2000 and NT source
code.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,g1zq,i7bl,9s3s,a9gz
------------------------------------------------------------
5. 11/10: Mydoom-AF Worm Opens Port
Mydoom.AF is a worm that opens the port 6667 and attempts to connect to several IRC
servers.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,i6wb,38wm,9s3s,a9gz
------------------------------------------------------------
6. 11/10: Mydoom-AE Worm Links to Servers
Mydoom.AE is a worm that opens the port 6667 and attempts to connect to several IRC
servers.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,etlw,ggn9,9s3s,a9gz
------------------------------------------------------------

7. 11/10: Theug-B Worm Spreads Via Files
Theug.B is a worm that does not have direct destructive effects.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,6ffx,hcvb,9s3s,a9gz
------------------------------------------------------------
8. 11/10: Gavir-A Worm Runs Trojan
Gavir.A is a worm that downloads and runs the Trojan Legmir.BM in the affected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,3rwb,eqju,9s3s,a9gz
------------------------------------------------------------
9. 11/10: IFRAME.BoF Trojan Uses IE Flaw
IFRAME.BoF is an exploit for a buffer overrun vulnerability that occurs in Internet
Explorer v6.0 running on Windows XP/2000 computers.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,2ry4,1jt5,9s3s,a9gz
------------------------------------------------------------
10. 11/10: Rbot-PH Worm Allows Access
W32/Rbot-PH is a worm that attempts to spread to remote network shares and contains
backdoor Trojan functionality, allowing unauthorized remote access to the infected
computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,lvgi,70rb,9s3s,a9gz
------------------------------------------------------------
11. 11/10: Orpheus-A Worm Opens Backdoor
W32.Orpheus.A is a network-aware worm that opens a backdoor on the infected host.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,cmdf,c4ad,9s3s,a9gz
------------------------------------------------------------
12. 11/10: Rbot-PJ Worm Also a Trojan
W32/Rbot-PJ is a network worm that attempts to spread via network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,1835,1,46he,dmb2,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Nov 11, 2004 4:43 pm    Post subject: Reply with quote

New MyDoom Worm Has No File, Just a URL, Exploits I.E. Hole
Filed under:

* Serious Stuff

ó Aunty @ 9:31 am

The newest version of MyDoom does not even have a file attached to it, making it look even less suspect, and less worm- or virus-like.

Instead, it exploits one of the more recently discovered holes in Internet Explorer, through which clicking on a URL can cause a file to be downloaded to the unsuspecting userís computer. Once downloaded to the userís machine, the file executes, harvests email addresses, and starts spewing spam from the userís computer.

The MyDoom email spam is sometimes appearing to come from PayPal, bearing a message which says ďCongratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is A866DEC0, and your item will be shipped within three business days.
http://www.aunty-spam.com/archives/2004/11/10/new-mydoom-worm-has-no-file-just-a-url-exploits-ie-hole
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Nov 11, 2004 5:31 pm    Post subject: Reply with quote

4. 11/11: Mydoom-AJ Worm Exploits IE Flaw
W32.Mydoom.AJ@mm is a mass-mailing worm that exploits Microsoft Internet Explorer
Malformed IFRAME Remote Buffer Overflow Vulnerability (BID 11515).
http://nl.internet.com/ct.html?rtr=on&s=1,186s,1,6ya8,a0um,9s3s,a9gz
------------------------------------------------------------
5. 11/11: Masteq-H Trojan Runs Silently
Troj/Mastseq-H is a backdoor Trojan that runs continuously in the background providing
various services to a remote intruder.
http://nl.internet.com/ct.html?rtr=on&s=1,186s,1,m5i,bigg,9s3s,a9gz
------------------------------------------------------------

6. 11/11: Trojan. Beagooz-D Steals Addresses
Trojan.Beagooz.D is a Trojan horse program that collects email addresses from the
infected computer and sends them to a remote server.
http://nl.internet.com/ct.html?rtr=on&s=1,186s,1,er8z,d309,9s3s,a9gz
------------------------------------------------------------
7. 11/11: Delf-HA Trojan Sends Spam
Troj_Delf.HA uses affected machines as a platform to send out spam messages to mobile
phones via SMS.
http://nl.internet.com/ct.html?rtr=on&s=1,186s,1,5pd4,9o8f,9s3s,a9gz
------------------------------------------------------------
8. 11/11: Moo-B a Downloader Trojan
Trojan.Moo.B is a downloader Trojan that exploits Microsoft Internet Explorer Malformed
IFRAME Remote Buffer Overflow Vulnerability (as described in Bugtraq ID 11515).
http://nl.internet.com/ct.html?rtr=on&s=1,186s,1,4bze,lplb,9s3s,a9gz
------------------------------------------------------------
9. 11/11: Bofra-E Worm Uses SMTP Engine
W32/Bofra-E is a mass-mailing worm for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,186s,1,c7td,b39m,9s3s,a9gz
------------------------------------------------------------
10. 11/11: Krepper-L Downloads Components
Troj/Krepper-L is Trojan that attempts to download further components through Internet
Explorer address space.
http://nl.internet.com/ct.html?rtr=on&s=1,186s,1,m3zk,2dqr,9s3s,a9gz
------------------------------------------------------------
11. 11/11: Bofra-D a Mass-Mailing Worm
W32/Bofra-D is a mass-mailing Worm for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,186s,1,i68i,atht,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Fri Nov 12, 2004 12:12 pm    Post subject: Reply with quote

New MyDoom/Bofra Worm Variants on the Loose
New worms have been released to the unsuspecting public, and at
least one of them, at first glance, looks like a phishing attempt, as
the sample message text below shows:

--------------------------
Congratulations! PayPal has successfully charged $175 to your credit
card. Your order tracking number is A866DEC0, and your item will be
shipped within three business days.

To see details please click this link [a
href="http:// 192.168.0.12:1639/index.htm"] link.

DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This email is being sent by an
automated message system and the reply will not be received.

Thank you for using PayPal.
--------------------------

Some vendors label the new worms as variations of MyDoom; others have
chosen to name them Bofra variants. Regardless of the name, the worms
open a Web server on port 1639, connects to various IRC servers,
gathers email addresses from the infected user's system, then proceeds
to email messages to people in hopes that they'll click the link and
infect themselves.

In order to protect against infection make sure you antivirus
signatures are up to date.
http://www.windowsitpro.com/article/articleid/44462/44462.html
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Fri Nov 12, 2004 1:28 pm    Post subject: Reply with quote

11/12: Cran.A Exploits Windows Flaw
The W32/Cran.worm.a spreads by exploiting a Microsoft Windows vulnerability [MS04-011
vulnerability (CAN-2003-0533)].
http://nl.internet.com/ct.html?rtr=on&s=1,189l,1,hapw,lus8,9s3s,a9gz
------------------------------------------------------------
4. 11/12: Bofra-G a Mass-Mailing Worm
W32/Bofra-G is a mass-mailing worm for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,189l,1,lfmv,exjh,9s3s,a9gz
------------------------------------------------------------
5. 11/12: Scard Worm Attacks Via NetBIOS
W32.Scard is a worm with backdoor functionality that uses a NetBIOS attack to spread to
systems that have weak passwords.
http://nl.internet.com/ct.html?rtr=on&s=1,189l,1,7xiw,ld6r,9s3s,a9gz

6. 11/12: Trojan.Minuka Sends Messages
Trojan.Minuka is a Trojan horse that sends Short Message Service (SMS) messages to mobile
phone users.
http://nl.internet.com/ct.html?rtr=on&s=1,189l,1,xvg,2fji,9s3s,a9gz
------------------------------------------------------------
7. 11/12: Banker-FA Trojan Steals Passwords
Troj/Banker-FA is a password-stealing Trojan aimed at customers of a Brazilian bank.
http://nl.internet.com/ct.html?rtr=on&s=1,189l,1,fxg,15sa,9s3s,a9gz
------------------------------------------------------------
8. 11/12: Forbot-CI an IRC Trojan and Worm
W32/Forbot-CI is an IRC backdoor Trojan and network worm for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,189l,1,dfjw,6x78,9s3s,a9gz
------------------------------------------------------------
9. 11/12: Rbot-PS a Windows Worm, Trojan
W32/Rbot-PS is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,189l,1,goz5,8gtb,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Fri Nov 12, 2004 8:16 pm    Post subject: Reply with quote

Security Watch: IE Hole Lets New Mydoom In
ARTICLE DATE: 11.09.04
By Larry J. Seltzer

The Watch

We had one of those dreaded "zero-day attacks" this week - A new vulnerability that hasn't been patched and a published exploit for it. The vulnerability is a buffer overflow in Internet Explorer and the exploit is in Mydoom.ag, a new mail worm.

It's not the doomsday scenario that zero-day attacks are often thought to be. The worm isn't a big deal in the wild and Windows XP Service Pack 2 is not vulnerable, but it's probably a harbinger of attacks to come. We also have more details on the vulnerability itself in Security Alerts and Updates.
http://www.pcmag.com/print_article2/0,2533,a=138903,00.asp
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sat Nov 13, 2004 3:36 pm    Post subject: Reply with quote

Weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, November 12 2004 - This week's report on viruses and intruders looks
at the IFRAME.BoF exploit, as well as the Mydoom.AE, Mydoom.AF and Gavir.A
worms.

IFRAME.BoF is an exploit for a buffer overrun vulnerability that occurs in
Internet Explorer v6.0 and allows an attacker to remotely execute arbitrary
code on the vulnerable computer. This vulnerability is rated as extremely
critical.

The exploit can be included in a malicious web page or in an email message
in HTML format, which contain executable code. This executable code is
automatically run when a buffer overflow occurs. The executable code can be
of any kind, which means that any kind of malicious action can be taken on
affected computers.

As no patch is yet available to resolve the problem, it is advisable to keep
antivirus software as up-to-date as possible. It is also a good idea to
disable 'Active Scripting' in the browser and change the configuration of
the email client so that messages are viewed as plain text.

In fact, the new AE and AF variants of the well-known Mydoom already use the
IFRAME.BoF exploit. Both worms -which are similar to each other- spread via
email in messages that they generate themselves. To do this they create an
HTTP server in communications port 1639.

The messages that Mydoom.AE and Mydoom.AF send include a link to files that
contain the IFRAME.BoF exploit in other computers. If the user that receives
the email clicks directly on the link and the computer is vulnerable to the
exploit, the worms will be downloaded and run automatically on the computer.

Mydoom.AE and Mydoom.AF also try to establish connection with a large number
of IRC servers via port 6667.

Finally, Gavir.A is a worm with the exclusive aim of downloading a variant
of the Legmir family of Trojans. Gavir.A spreads across shared network
resources, creating copies of itself in IPC$ and ADMIN$ resources that it
accesses.

Gavir.A also generates a script in a temporary folder in order to delete
itself once it has been run.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Exploit: This can be a technique or a program that takes advantage of a
vulnerability or security hole in a certain communication protocol,
operating system, or other IT utility or application.

- Script: The term script refers to files or sections of code written in
programming languages like Visual Basic Script (VBScript), JavaScript, etc.

More technical definitions at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group