Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virus alerts for week of 3/7/05

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Mar 07, 2005 7:51 pm    Post subject: Virus alerts for week of 3/7/05 Reply with quote

3/7: Sumon-A an IM and P2P Worm
W32/Sumom-A is an instant messenger and P2P worm.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,dhg8,9n6p,9s3s,a9gz
------------------------------------------------------------
5. 3/7: Fatso-A Worm Arrives Via IM
TrendLabs has declared a Medium Risk alert to control the spread of Worm_Fatso.A, which
is currently spreading in Korea and the United States.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,jrd0,bs3k,9s3s,a9gz
------------------------------------------------------------
6. 3/7: Sdbot-AUK a New Sdbot Worm Variant
Worm_Sdbot.AUK is a variant of the Worm_Sdbot family and mainly propagates through
network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,2b7c,ejxb,9s3s,a9gz
------------------------------------------------------------
7. 3/7: Kobot-L Worm Uses Open Shares
W32.Kobot.L is a worm that spreads through open network shares and remotely exploitable
vulnerabilities.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,elwz,jd2z,9s3s,a9gz
------------------------------------------------------------
8. 3/7: Kelvir-A Worm Spreads Via IM
Some security vendors have issued alerts for Worm_Kelvir.A, a memory-resident worm
spreads copies of itself via MSN Messenger, a popular instant messaging application.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,h2cc,c95i,9s3s,a9gz
------------------------------------------------------------
9. 3/7: Serflog-A Worm Uses File Sharing
W32.Serflog.A is a worm that spreads through file-sharing networks and MSN Messenger.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,f0xv,2eq0,9s3s,a9gz
------------------------------------------------------------
10. 3/7: Crog Worm Written in MSVB
W32/Crog.worm is written in MSVB and packed with MEW.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,eegb,an5k,9s3s,a9gz
------------------------------------------------------------
11. 3/7: Kelvir-C Worm Targets IM Contacts
Some security vendors have issued alerts for W32/Kelvir-C, an instant messaging worm that
spreads by sending a message through Windows Messenger to all of an infected user's
contacts.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,7ds7,ezav,9s3s,a9gz
------------------------------------------------------------
12. 3/7: Forbot-ER Worm Contains Backdoor Functions
W32/Forbot-ER is a network worm that attempts to spread via network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,16k4,g2aa,9s3s,a9gz
------------------------------------------------------------
13. 3/7: Kelvir-B an Instant Messaging Worm
Several vendors have issued alerts for W32/Kelvir-B, an instant messenging worm.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,a0bo,9hqy,9s3s,a9gz
------------------------------------------------------------
14. 3/7: Rbot-WX Worm Uses Weak Passwords to Spread
W32/Rbot-WX is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,angk,c32v,9s3s,a9gz
------------------------------------------------------------
15. 3/7: Forbot-EP Worm Targets Remote Shares
W32/Forbot-EP is a worm that attempts to spread to remote network shares and computers
vulnerable to common exploits.
http://nl.internet.com/ct.html?rtr=on&s=1,1ftv,1,lfzl,mceo,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Mar 07, 2005 8:45 pm    Post subject: Reply with quote

Three new worms threaten instant messaging users,
while the cyber-war between virus authors continues -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, March 7, 2005 - Virus creators are continuing to demonstrate their
interest in instant messaging as a rapid means of spreading malicious code.
PandaLabs has detected the appearance of three new worms -Kelvir.B, Kelvir.C
and Fatso.A- programmed to spread via MSN Messenger.

The new Kelvir worms reach computer in messages with texts like: omg this is
funny! (Kelvir.B) or lol! see it! u'll like it (Kelvir.C), which include a
link to an Internet address. If the user clicks on this link, files
containing the code of these worms will be downloaded and installed on the
computer. These then send new messages to the contacts in MSN Messenger. At
the same time, they download variants of the Gaobot or Sdbot Trojans from
another web address. These Trojans allow a hacker to gain remote control of
the affected computer through IRC chat channels. It is important to mention
that all of the web pages from which the Kelvir worms or the Sdbot or Gaobot
Trojans are downloaded have already been blocked, preventing them from
continuing to spread. However, Panda Software's international tech support
network detected, up until then, that Kelvir.B and Kelvir.C had spread
widely to users' computers worldwide.

The Fatso.A worm sends messages containing links to a page from which a file
containing a copy of its code is downloaded and run. When it gets into a
computer, it sends itself to all the contacts in MSN Messenger and downloads
other files to the system root directory. These files can have names like
Annoying crazy frog getting killed.pif, Crazy frog gets killed by train!.pif
or Fat Elvis! lol.pif. This worm is also capable of spreading through P2P
applications like KaZaA. To do this, it creates copies of itself in the
shared directories used by these programs.

Fatso.A also ends the processes of various security programs running in
memory, leaving the computer vulnerable to other possible attacks.

What's more, Fatso.A continues with the cyber-war between virus authors that
started with the appearance of the Assiral.A worm, which showed a text
attacking the Bropia worms. In response, Fatso.A creates a file called
Message to n00b LARISSA.txt on affected systems, which contains an
unfriendly message to the Assiral author and signed by someone called
Skydevil.

Luis Corrons, head of PandaLabs, warns: "It is probable that new worms that
spread via MSN Messenger will appear over the next few hours, and therefore,
it is highly recommendable to take precautions with messages received
through this application. The situation is getting more dangerous for users
of instant messaging applications. As well as these new malicious code, the
20 variants of the Bropia worm and the two variants of the Stang worm
detected over the last few days also use this means to spread. What's more,"
he adds, "cyber-criminals are showing a growing interest in instant
messaging and there is a tendency to launch blended threats. The two new
Kelvir worms, for example, not only aim to spread as widely as possible but
also try to install other malware on computers. These could be used to carry
out all kinds of actions, such as online fraud using confidential data
stolen from affected computers."

Due to the possibility of receiving malicious code through instant messaging
applications, Panda Software advises users to have reliable, updated
anti-malware installed, and to be wary of all messages received, regardless
of the source. Panda Software clients already have the updates available to
detect and disinfect these new worms and the other malicious code that use
instant messaging to spread.

Panda Software's clients can already access the updates for installing the
new TruPrevent(tm) Technologies along with their antivirus protection,
providing a preventive layer of protection against new malicious code. For
users with a different antivirus program installed, Panda TruPrevent(tm)
Personal is the perfect solution, as it is both compatible with and
complements these products, providing a second layer of preventive
protection that acts while the new virus is still being studied and the
corresponding update is incorporated into traditional antivirus programs,
decreasing the risk of infection. More information about TruPrevent(tm)
Technologies at: http://www.pandasoftware.com/truprevent

In addition, users can scan their computers online for free with Panda
ActiveScan available at http://www.pandasoftware.com

For further information about the Kelvir, Fatso, Assiral, Bropia and Stang
worms visit Panda Software's Virus Encyclopedia at
http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

"Common sense is genius dressed in its working clothes."
Ralph Waldo Emerson (1803 - 1882); US philosopher, poet.

- Weekly report on viruses and intruders -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 6, 2005 - Today's report will focus on two worms -Bagle.BN and
Mytob.A-, and two Trojans -Mitglieder.BO and Tofger.AT-.

In order to infect as many computers as possible, the Bagle.BN and
Mitglieder.BO work hand in glove. Mitglieder.BO reaches computers as a file
attached to an email message, called price.zip or price2.zip, among others.
If the user runs this file, the Trojan activates and tries to connect to an
Internet address, from which it downloads the Bagle.BN worm to the computer.
When Bagle.BN has been installed on the computer, it sends Mitglieder.BO to
the addresses it finds in a file called EML.EXE, which is also downloaded
from the Internet. To do this, the worm uses its own SMTP engine.

Mitglieder.BO ends the processes belonging to various antivirus and security
applications and overwrites the Windows hosts file to prevent users from
connecting to certain web pages.

Bagle.BN opens TCP port 80 and listens for a remote connection to be
established. When this happens, it allows remote access to the infected
computer, allowing actions that compromise confidential user information or
impede the tasks carried out.

The second worm in today's report is Mytob.A, which spreads via email in a
message with variable characteristics and via the Internet. In this case, it
attacks random IP addresses, in which it will try to exploit the LSASS
vulnerability.

Mytob connects to an IRC server and waits for remote control commands, which
it will carry out on the affected computer. What's more, it deletes the
variants of other worms like Netsky, Sobig, Bagle and Blaster.

The next malicious code is the Tofger.AT Trojan, which is downloaded to the
PC when users access certain web pages, which use different exploits -like
LoadImage, ByteVerify and MhtRedir.gen- to download malware to computers.
This Trojan installs itself as a Browser Helper Object (BHO), so that it is
run whenever Internet Explorer is opened.

Tofger.AT tracks the actions carried out by users and the passwords used to
access web pages through secure HTTPS connections, which are usually used to
log on to secure systems like online banking. What's more, whenever it
detects certain names in the URL, it tries to capture the passwords for the
following banks: cajamadrid, bpinet, millenniumbcp, hsbc, barclays,
lloydstsb, halifax, autorize, bankofamerica; bancodevalencia, cajamar,
portal.ccm, bancaja, caixagalicia, caixapenedes, ebankinter, caixasabadell,
bes, banif, millenniumbcp, totta, bancomais, montepiogeral, bpinet, patagon,
lacaixa, citibank, bbvanet, banesto, e-trade and unicaja. When it has
captured this information, Tofger.AT sends it to a server.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

"As is a tale, so is life: not how long it is,
but how good it is, is what matters."
Lucius Annaeus Seneca (2 BC - 65 AD); Roman philosopher.

- Top Ten viruses most frequently detected
by Panda ActiveScan in February -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 4, 2005 - According to the data gathered by Panda ActiveScan,
the free online antivirus solution, in February, Downloader.GK was the
malicious code responsible for most attacks on users' computers for the
ninth month running. It is also worth noting the prominence of the
Downloader family -with four of the top ten places- and the dominance of
Trojans in general.

Over the past month, Downloader.GK has caused just over 4.5 percent of
incidents, a significant drop with respect to the figure in January, which
was around 8.5 percent. Close up in second place came Mhtredir.gen (4.03%),
a generic detection for a family of Trojans, followed by the Shinwow.E
Trojan (3.48%), and the only two worms that appear in the ranking: Netsky.P
(3.27%) and Sdbot.ftp (3.04%).

The remaining five places in the Panda ActiveScan Top Ten for February are
occupied by the Trojans Zpachast.D, Downloader.LP, Downloader.ALQ, Qhost.gen
and WmvDownloader.A-, with frequency ratings ranging from 1.52 to 2.17
percent.

The following points stand out from the data collected by Panda ActiveScan
in February:

- Strong presence of the Downloader family of Trojans.
The GK variant of Downloader tops the February ranking, which also includes
three other members of the same family. This prominence could be largely due
to the numerous malicious actions that Downloader Trojans can take, such as
downloading other malware (adware, spyware, etc.) onto compromised systems,
making them especially useful for their creators who are therefore busy
generating new variants. In fact, this month's ranking includes two
relatively new variants: WmvDownloader.A and Downloader.ALQ, which first
appeared in mid-January and early February respectively.

- Trojan dominance.
Eight of the ten malicious code in the ranking are Trojans, as opposed to
six in January. This shows a continuation of the trend that started in June
2004, when Trojans began to take over from worms as the most frequently
detected infectors. The overriding presence of Trojans in the Panda
ActiveScan Top Ten reflects the intense activity of cyber-crooks, seeking
financial gain by exploiting the fact that Trojans can be used to steal
confidential data which can then be used fraudulently.

- Additional threats.
As was the case in January, several of the most prominent Trojans in
February download and run other types of malware, such as spyware, on users'
computers. The main consequence of spyware on PCs is the gathering of
information, including confidential details. If these effects are cause for
concern in home computers, in corporate environments they can result in
serious financial losses, given the time taken by IT staff to resolve the
problem and regain control of the system and the loss of productivity of
employees trying to work their way through the annoying distractions that
these programs create (redirecting websites, pop-ups, etc). More serious
still, the theft of confidential information, including passwords, means
that administrators need to keep a constant watch over each and every
computer to prevent this kind of attack.

To help as many users as possible keep their systems virus free, Panda
Software offers Panda ActiveScan, which now also detects spyware, free of
charge at http://www.pandasoftware.com. Webmasters who would like to include
ActiveScan on their websites can get the HTML code, free of charges, at
http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and
Spanish that gives immediate warning of the emergence of potentially
dangerous malicious code. To receive Virus Alerts just visit Panda
Software's website (http://www.pandasoftware.com) and complete the
corresponding form in the Virus Alerts section.

For more information about these and other malicious code, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia.

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Mar 07, 2005 10:06 pm    Post subject: Reply with quote

Trend Micro customer,

As of March 7, 2005, 3:05 AM (GMT - 08:00), TrendLabs has declared a Medium Risk
Virus Alert to control the spread of WORM_KELVIR.B and WORM_FATSO.A. TrendLabs
has received numerous infection reports indicating that this malware is
spreading in Korea and the United States of America.

WORM_KELVIR.B:
This new worm is very similar to WORM_KELVIR.A, in that it also propagates via
MSN messenger. It attempts to send the following instant message to all online
MSN messenger contacts of an affected user:

"http://home.ea<BLOCKED>link.net/gallery10/omg.pif lol! see it! u'll like it"

When the user clicks the given URL, this worm downloads a copy of itself, named
OMG.PIF, from the given URL. When this downloaded copy is executesd, it
downloads another malware file from the Internet, which Trend Micro detects as
WORM_SDBOT.AUI.


WORM_FATSO.A

This memory-resident worm arrives on a system via MSN messenger, a popular
instant messaging application. It spreads copies of itself to all online MSN
messenger contacts of an affected system by sending an instant message
conataining a link, which when clicked, downloads a copy of this worm into the
recipient's system. This worm also has the ability to propagate via eMule, a
known peer-to-peer (P2P) file sharing application.

This worm is capable of redirecting infected users to a certain Web site, which
as of this writing, is already not available. It does this whenever the user
accesses Web sites that are associated with antivirus and security companies.

It may also terminate certain running processes, and disallow them from
executing while this worm resides in the memory.


TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 154
Official Pattern Release 2.476.00
Damage Cleanup Template 550


For more information on WORM_KELVIR.B and WORM_FATSO.A, you can visit our Web
site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KELVIR.B
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FATSO.A

You can modify subscription settings for Trend Micro newsletters at:

http://www.trendmicro.com/subscriptions/default.asp
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Mar 08, 2005 3:30 pm    Post subject: Reply with quote

there really picking up!!!

3/8: Serflog-A Worm Lowers Security Settings
W32.Serflog.A is a worm that spreads through file-sharing networks and MSN Messenger.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,e17y,6i6d,9s3s,a9gz
------------------------------------------------------------
7. 3/8: SymbOS.Dampig-A Disables Symbian Devices
Some security vendors have issued alerts for SymbOS.Dampig.A, a Symbian Trojan horse that
disables applications and installs several variants of SymbOS.Cabir worm on Symbian
series 60 devices.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,3doc,849u,9s3s,a9gz
------------------------------------------------------------
8. 3/8: PWSteal.Botuk a Password-Stealing Trojan
PWSteal.Botuk is a password stealing Trojan horse program that steals information entered
into forms on certain financial Web sites.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,emze,lcnp,9s3s,a9gz
------------------------------------------------------------
9. 3/8: Bropia-G an IM Worm
W32/Bropia-G is an Instant Messenger worm for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,43f0,gpzx,9s3s,a9gz
------------------------------------------------------------
10. 3/8: Sober-O Worm Multi-Lingual
Sober.O is a worm that spreads via e-mail, in a message written in English or German.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,61ci,9g2i,9s3s,a9gz
------------------------------------------------------------
11. 3/8: Serflog-B Worm Uses File Sharing
W32.Serflog.B is a worm that spreads through file-sharing networks and MSN Messenger.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,dif2,d3dy,9s3s,a9gz
------------------------------------------------------------
12. 3/8: Trojan.StartPage-J Changes IE Settings
Trojan.StartPage.J is a Trojan horse program that attempts to modify settings in Internet
Explorer.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,dp66,d8gn,9s3s,a9gz
------------------------------------------------------------
13. 3/8: Kelvir-F Worm Spreads Via IM
W32/Kelvir.worm.f spreads via MSN Messenger.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,bw0c,5jfg,9s3s,a9gz
------------------------------------------------------------
14. 3/8: SymbOS/Commwarrior-B a .SIS FIle
SymbOS/Commwarrior.b!sys is a malicious .SIS file targeting Nokia series 60 based
devices.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,9kgr,gxkn,9s3s,a9gz
------------------------------------------------------------
15. 3/8: SymbOS/Commwarrior-A Hits Nokia
Some security vendors have issued alerts for SymbOS/Commwarrior.a!sys, a malicious .SIS
file targeting Nokia series 60 based devices.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,8j14,l3yj,9s3s,a9gz
------------------------------------------------------------
16. 3/8: Tibick-C a P2P Worm
W32/Tibick-C is a P2P worm.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,g9j,f2gp,9s3s,a9gz
------------------------------------------------------------
17. 3/8: Kelvir-D an IM Worm
W32/Kelvir-D is an instant messenging worm that spreads by sending a message through
Windows Messenger to all of an infected user's contacts.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,if6z,c8tq,9s3s,a9gz
------------------------------------------------------------
18. 3/8: Sober-L a Mass-Mailing Worm
Some security vendors have issued alerts for W32/Sober-L, a mass-mailing worm for the
Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1fyn,1,l7el,eri0,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Mar 08, 2005 3:37 pm    Post subject: Reply with quote

IM USERS: FATSO, KELVIR NOT YOUR BUDDIES
The worms use MSN Messenger to spread. Don't use it in the
enterprise? You could still be at risk.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1065250,00.html?track=NL-102&ad=506067

SOBER-L HAS A 'LOCK' ON COMPUTERS
A new variant imposes itself in memory and rewrites registry keys.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1065327,00.html?track=NL-102&ad=506067
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Mar 09, 2005 4:24 pm    Post subject: Reply with quote

3/9: Bagle.BG Worm Emails Itself Out
Worm_Bagle.BG propagates via email messages.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,dw7q,9epn,9s3s,a9gz
------------------------------------------------------------
5. 3/9: Trojan.Lodmedud Downloads Files
Trojan.Lodmedud is a Trojan horse program that downloads and executes files from the
Internet.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,icg5,gelm,9s3s,a9gz
------------------------------------------------------------
6. 3/9: Ranky-T Trojan Uses System as Proxy
Backdoor.Ranky.T is a Trojan horse program that allows a compromised computer to be used
as a covert proxy.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,cm2s,l316,9s3s,a9gz
------------------------------------------------------------
7. 3/9: Agobot-QT Worm Connects to IRC Channel
W32/Agobot-QT is a worm with backdoor Trojan functionality.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,btyu,j85z,9s3s,a9gz
------------------------------------------------------------
8. 3/9: Forbot-AB Worm Uses Network Shares
Worm_Forbot.AB spreads through network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,b8gj,feco,9s3s,a9gz
------------------------------------------------------------
9. 3/9: Backdoor.Zins-B is a Keylogger
Backdoor.Zins.B is a back door Trojan horse program with keylogging functions that steals
Internet banking details from certain Internet Banking Web sites.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,zgg,8a0,9s3s,a9gz
------------------------------------------------------------
10. 3/9: Backdoor.Solufina Acts As Proxy
Backdoor.Solufina is a Trojan horse program that acts as a proxy server.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,ch0i,lohc,9s3s,a9gz
------------------------------------------------------------
11. 3/9: Myfip-T Worm Steals System Files
W32.Myfip.T is a network-aware worm that steals files from a compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,4amc,ic9o,9s3s,a9gz
------------------------------------------------------------
12. 3/9: Domwis-H Worm Gives Hackers Access
W32/Domwis-H is a network worm that contains IRC backdoor Trojan functionality and allows
a malicious user remote access to the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,7l0l,i9hi,9s3s,a9gz
------------------------------------------------------------
13. 3/9: Rbot-XE Worm Has Backdoor Ability
W32/Rbot-XE is a network worm with a backdoor functionality for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,c145,eyd7,9s3s,a9gz
------------------------------------------------------------
14. 3/9: Radbot-A a Multi-Component Worm
W32/Radbot-A is a multi-component worm that drops files detected as W32/Rbot-VN and
Troj/Istbar-AH.
http://nl.internet.com/ct.html?rtr=on&s=1,1g26,1,dp0d,9imy,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Mar 10, 2005 1:14 pm    Post subject: Reply with quote

VIRUS ALERTS:

During the last week, Secunia issued 3 MEDIUM RISK virus alerts.
Please refer to the grouped virus profile below for more information:

SOBER.L - MEDIUM RISK Virus Alert - 2005-03-08 00:55 GMT+1
http://secunia.com/virus_information/16027/sober.l/

FATSO.A - MEDIUM RISK Virus Alert - 2005-03-07 16:46 GMT+1
http://secunia.com/virus_information/15999/fatso.a/

Kelvir.b - MEDIUM RISK Virus Alert - 2005-03-07 15:04 GMT+1
http://secunia.com/virus_information/15994/kelvir.b/
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Mar 10, 2005 3:48 pm    Post subject: Reply with quote

1. 3/10: Bancos-AS a Password-Stealing Trojan
Troj/Bancos-AS is a password stealing Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,9fme,m5p5,9s3s,a9gz
------------------------------------------------------------
2. 3/10: Elitper-C Worm Arrives Via P2P Programs
Worm_Elitper.C may arrive via certain popular peer-to-peer (P2P) applications.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,i3ca,j22t,9s3s,a9gz
------------------------------------------------------------
3. 3/10: Backdoor.Staprew Lets Attackers In
Backdoor.Staprew is a back door server program that allows a remote attacker to have
unauthorized access to the compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,6aw3,jtow,9s3s,a9gz
------------------------------------------------------------
4. 3/10: Kelvir-E Drops Spybot Worm Variant
W32.Kelvir.E is a worm that drops a variant of W32.Spybot.Worm and spreads through MSN
Messenger and by exploiting vulnerabilities.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,2xiy,9wfo,9s3s,a9gz
------------------------------------------------------------
5. 3/10: Backdoor.Haiyangweng Displays Chinese Screen
Backdoor.Haiyangweng is a back door Trojan horse that allows a remote attacker to control
a compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,82ri,aok6,9s3s,a9gz
------------------------------------------------------------
6. 3/10: Tabela-B Trojan Steals Email Addresses
Trojan.Tabela.B is a Trojan horse program that steals email addresses from a compromised
computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,9dva,62uz,9s3s,a9gz
------------------------------------------------------------
7. 3/10: Toxbot Worm Opens IRC Back Door
W32.Toxbot is a worm that opens an IRC back door on the compromised computer and spreads
by exploiting vulnerabilities.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,577n,e7xq,9s3s,a9gz
------------------------------------------------------------
8. 3/10: Sumon-B an IM and P2P Worm
W32/Sumom-B is an instant messenger and P2P worm.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,62e9,6qyv,9s3s,a9gz
------------------------------------------------------------
9. 3/10: Rbot-XI Worm Spreads to Poorly Protected Shares
W32/Rbot-XI a network worm with backdoor functionality for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1g6y,1,7ag,4zuf,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Fri Mar 11, 2005 4:30 pm    Post subject: Reply with quote

3/11: Trojan.Flush-B Modifies DNS Settings
Trojan.Flush.B is a Trojan horse program that modifies DNS settings on the compromised
computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1gar,1,kbkw,fdhn,9s3s,a9gz
------------------------------------------------------------
6. 3/11: Toxbot-B Worm Exploits Flaws
W32.Toxbot.B is a worm that opens an IRC back door on the compromised computer and
spreads by exploiting vulnerabilities.
http://nl.internet.com/ct.html?rtr=on&s=1,1gar,1,j6ec,8w39,9s3s,a9gz
------------------------------------------------------------
7. 3/11: Ruzes-A Trojan Grabs Email Addresses
Ruzes.A is a Trojan that collects e-mail addresses on the affected computer and sends
them to an IP address.
http://nl.internet.com/ct.html?rtr=on&s=1,1gar,1,eh68,3pv,9s3s,a9gz
------------------------------------------------------------
8. 3/11: Rbot-XM Worm Hits Remote Shares
W32/Rbot-XM is a worm which attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,1gar,1,joq7,5ei4,9s3s,a9gz
------------------------------------------------------------
9. 3/11; Agobot-QU Worm Links to IRC Server
W32/Agobot-QU is a network worm with IRC backdoor functionality.
http://nl.internet.com/ct.html?rtr=on&s=1,1gar,1,kilf,iile,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group