Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virus alerts for week of 3/14/05

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Mar 14, 2005 5:36 pm    Post subject: Virus alerts for week of 3/14/05 Reply with quote

3/14: Capside-C Worm Deletes Files
The Capside-C worm deletes files off the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1gf9,1,j1qr,hv9i,9s3s,a9gz
------------------------------------------------------------
5. 3/14: Esalone-A Worm Changes Data
The Esalone-A worm modifies data on the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1gf9,1,b5z6,72zm,9s3s,a9gz
------------------------------------------------------------
6. 3/14: Dowcen-Gen Trojan a Downloader
The Dowcen-Gen Trojan comes from a family of downloaders.
http://nl.internet.com/ct.html?rtr=on&s=1,1gf9,1,jb55,cque,9s3s,a9gz
------------------------------------------------------------
7. 3/14: Rbot-XS Worm Stealing Information
The Rbot-XS worm is busily recording keystrokes and stealing information off infected
computers.
http://nl.internet.com/ct.html?rtr=on&s=1,1gf9,1,mbh8,avf5,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Mar 14, 2005 7:08 pm    Post subject: Reply with quote

"Wisdom lies neither in fixity nor in change,
but in the dialectic between the two."
Octavio Paz (1914); Mexican writer.

- Weekly report on viruses and intruders -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 13, 2005 - Four worms -the B and C variants of Kelvir, Fatso.A
and Sober.O-, and two Trojans -Ruzes.A and Downloader.BBN- will be described
in this week's report on viruses and intruders.

The first three worms -Kelvir.B, Kelvir.C and Fatso.A- in today's report are
designed to spread rapidly via the application MSN Messenger. These worms
reach computers in a message that includes a link to an Internet address. If
the user access this link, files containing the code of these worms will be
downloaded and installed on the computer.

Kelvir.B and Kelvir.C carry out various actions in the computers that they
infect, including the following:

- Send messages to the entries in the contacts in MSN Messenger.

- Download several variants of the Gaobot or Sdbot Trojans from a web page,
which allow a hacker to gain remote control of the affected computer through
IRC chat channels.

Fatso.A spreads through the instant messaging application MSN Messenger and
via peer-to-peer (P2P) file sharing programs. When it infects a computer, it
ends the processes belonging to various security tools, such as antivirus
programs and firewalls, leaving the computer vulnerable to other malware.
Fatso.A also modifies the system configuration so that it is automatically
copied to all the CD-ROMs recorded on the computer.

A curious detail about Fatso.A is that it continues the cyber-war between
virus authors that started with the appearance of the Assiral.A worm, and
which displayed a text attacking the Bropia worms. In response, Fatso.A
creates a file called "Message to n00b LARISSA.txt" on affected systems,
which contains an unfriendly message for the author of Assiral, signed by
someone called Skydevil.

The fourth worm in today's report is Sober.O, which spreads via email in a
message that can be written in German -if the extension of the mail domain
is one of the following: de (German), ch (Switzerland), at (Austria) or li
(Liechtenstein)-, or in English.

When it infects a computer, Sober.O looks for email addresses in files with
certain extensions. Then, Sober.O sends itself out using its own SMTP
engine. What's more, when it is run, Sober.O opens Notepad and displays a
text on screen.

The first of the two Trojans in today's report is Ruzes.A, which collects
email address from the files it finds on the affected computer with certain
extensions. Then, it sends these addresses to an Internet address.

Ruzes.A is being downloaded by Downloader.BBN, another Trojan that appeared
recently, which is very similar to the other variants in the family it
belongs to.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Mar 15, 2005 5:01 pm    Post subject: Reply with quote

the viruses are picking up speed!! batten down the hatches!!!

New Worm Throws 'Smachdown' on Users
Elitper-D, a worm new to the wild, is conning users by disguising itself as a screensaver
featuring two female stars of professional wrestling.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,1kag,h1ig,9s3s,a9gz

. 3/15: Trojan.Adwareloader Lowers Security
Trojan.Adwareloader is a Trojan horse program that lowers Windows security settings and
downloads adware and spyware.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,fod3,j7q,9s3s,a9gz
------------------------------------------------------------
6. 3/15: PWSteal.Secucent Trojan Collects Info
PWSteal.Secucent is a Trojan horse program that attempts to collect user information
using a fake Microsoft Security Center message.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,f155,htgz,9s3s,a9gz
------------------------------------------------------------
7. 3/15: Mytob-G Worm Gathers Addresses
W32.Mytob.G@mm is a mass-mailing worm that uses it own SMTP engine to send an email to
addresses that it gathers from the compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,gjyr,rmu,9s3s,a9gz
------------------------------------------------------------
8. 3/15: Mytob-F Worm Uses SMTP Engine
W32.Mytob.F@mm is a mass-mailing worm that uses it own SMTP engine to send an email to
addresses that it gathers from the Windows Address Book on the compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,2as7,7wpv,9s3s,a9gz
------------------------------------------------------------
9. 3/15: Kelvir-H Worm Drops Spybot Worm
W32.Kelvir.H is a worm that spreads through MSN Messenger and drops a variant of
W32.Spybot.Worm.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,d5cn,24qf,9s3s,a9gz
------------------------------------------------------------
10. 3/15: Elitper-D Worm Kills Processes
W32.Elitper.D@mm is a mass-mailing worm that also attempts to spread using file-sharing
networks.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,2opu,97cb,9s3s,a9gz
------------------------------------------------------------
11. 3/15: Kelvir-G Worm Spreads Via IM
W32.Kelvir.G is a worm that spreads through MSN Messenger and drops a variant of
W32.Spybot.Worm.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,76po,36vx,9s3s,a9gz
------------------------------------------------------------
12. 3/15: PWSteal.Reanet-B Trojan Grabs Info
PWSteal.Reanet.B is a Trojan horse program that displays a fake logon screen and attempts
to steal account information for several financial Web sites.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,iwj,as3x,9s3s,a9gz
------------------------------------------------------------
13. 3/15: Tobecho-A Worm Opens Ports
Tobecho.A is a worm that opens a port in the affected computer, and listens to it, acting
as a backdoor.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,hmgq,gcud,9s3s,a9gz
------------------------------------------------------------
14. 3/15: Rbot-XW a Network Worm, IRC Trojan
W32/Rbot-XW is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,8i0p,4v1w,9s3s,a9gz
------------------------------------------------------------
15. 3/15: Agobot-QV Worm Hooks to IRC Server
W32/Agobot-QV is a network worm with IRC backdoor functionality.
http://nl.internet.com/ct.html?rtr=on&s=1,1gjt,1,kp75,49d2,9s3s,a9gz
------------------------------------------------------------

*********************************************************************
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group