 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
 Posted: Mon Aug 16, 2004 11:47 am Post subject: Virus alerts for week of 8/16/04 |
 |
|
The other security news witch used to be combined with the virus alerts can now be found here:
http://spywarewarrior.com/viewtopic.php?t=4833
===============================================
8/16: Mydoom-R An 'Amber Alert'
Panda Software has issued an Amber Alert for Mydoom.R, a worm that opens several
ports
and listens to them.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,d87e,2z9c,9s3s,a9gz
------------------------------------------------------------
6. 8/16: Worm_Ratos.A a 'Yellow Alert'
Trend Micro has issued a Yellow Alert for Worm_Ratos.A, which is spreading via
email, and
is reporting receiving several alerts from Japan, Korea, China and the USA.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,2ml7,mds7,9s3s,a9gz
------------------------------------------------------------
7. 8/16: Backdoor.Nemog Uses Computer as Proxy
Backdoor.Nemog is a Backdoor Trojan horse that allows an infected computer to be
used as
an email relay and HTTP proxy.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,fm9t,5d1a,9s3s,a9gz
------------------------------------------------------------
8. 8/16: Mydoom-Q Downloads Executable File
W32.Mydoom.Q@mm is a mass-mailing worm that downloads an executable file and
uses its own
SMTP engine to send itself to the email addresses that it finds on the infected
computer.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,cy6b,eo7g,9s3s,a9gz
------------------------------------------------------------
9. 8/16: Mydoom-S Harvests Email Addresses
W32/MyDoom-S is a mass-mailing worm that harvests email addresses from your hard
drive.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,970b,4efg,9s3s,a9gz
------------------------------------------------------------
10. 8/16: Apribot-C Connects to IRC Server
W32/Apribot-C is an IRC backdoor with spreading capability.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,4ax2,76lw,9s3s,a9gz
------------------------------------------------------------
11. 8/16: Troj/Bdoor-CHR a Backdoor Trojan
Troj/Bdoor-CHR is a backdoor Trojan.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,99bb,1sun,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Last edited by wawadave on Mon Aug 16, 2004 12:12 pm; edited 1 time in total |
|
| Back to top |
|
 |
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Mon Aug 16, 2004 2:04 pm Post subject: |
|
|
Dear Trend Micro customer,
As of Aug 16, 2004 12:10 AM (GMT -7:00), TrendLabs has declared a Medium Risk
Virus Alert to control the spread of WORM_RATOS.A. TrendLabs has received
several infection reports indicating that this malware is spreading in Japan,
Korea and the United States.
This worm spreads via email with the following details:
------
Subject: photos
Message body: LOL! )))
Attachment: photos_arc.exe
------
Upon execution, it drops a copy of itself as the following files:
• %Windows%\RASOR38A.DLL
• %System%\WINPSD.EXE
(Note: %System% refers to the Windows system folder, which is usually
C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows 2000
and NT, and C:\Windows\System32 on Windows XP. Note: The Windows system folder
is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on
Windows 2000 and NT, and C:\Windows\System32 on Windows XP.)
It downloads copies of a backdoor component file from several URLs and saves it
as WINVPN32.EXE in the Windows folder.
This worm usually arrives UPX-compressed and runs on Windows 95, 98, ME, NT,
2000, and XP.
TrendLabs will be releasing the following EPS deliverables:
TMCM Outbreak Prevention Policy 126 (available)
Official Pattern Release 1.957.00 (available)
Damage Cleanup Template 394 (to be released)
Network Virus Pattern 10136 (to be released)
TrendLabs is currently working to provide a more in-depth analysis of this
malware. You can visit our Web site for more updates on WORM_RATOS.A:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RATOS.A
Contact av_query@support.trendmicro.com for inquiries and to report infections
in your region.
----------------------------------------------o0o----
CRITICAL PRODUCT UPDATE!
New Pattern File Numbering Format upgrade for Trend Micro products is REQUIRED
by July 2004. Click www.trendmicro.com/npf for details!
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Tue Aug 17, 2004 5:20 pm Post subject: |
|
|
8/17: Mydoom-T Copies Itself in Emails
Win32/MyDoom.T is a worm spreading via e-mail.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,cy1s,6pp0,9s3s,a9gz
------------------------------------------------------------
6. 8/17: Bagle-AJ Worm Uses SMTP Engine
Worm_Bagle.AJ, like earlier Bagle variants, is a memory-resident worm that
spreads via
email through its own Simple Mail Transfer Protocol (SMTP) engine.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,jztv,7uvt,9s3s,a9gz
------------------------------------------------------------
7. 8/17: Pogue Infects .COM Files
Pogue infects DOS executable .COM files.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,d0o3,el9l,9s3s,a9gz
------------------------------------------------------------
8. 8/17: Rbot-GF Worm has Trojan Abilities
W32/Rbot-GF is a worm that attempts to spread to remote network shares and has
backdoor
Trojan functionality allowing unauthorized access to an infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,59fi,5aoz,9s3s,a9gz
------------------------------------------------------------
9. 8/17: ProxDrop-A Trojan Installs Proxies
Troj/ProxDrop-A is used to drop and install proxy servers.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,mgi2,howj,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Wed Aug 18, 2004 3:20 pm Post subject: |
|
|
8/18: Spyware-BE Logs Keystrokes, URLs
Spyware-BE is a detection for a potentially unwanted program (PUP).
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,eyyt,4iwl,9s3s,a9gz
------------------------------------------------------------
6. 8/18: Dumaru-Q a Password-Stealing Worm
W32/Dumaru-Q is a password stealing worm that collects information from a user's
computer
and sends the collected information to a specific email address.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,jc6s,luiz,9s3s,a9gz
------------------------------------------------------------
7. 8/18: Agobot-ME Disables Security Apps
W32/Agobot-ME is an IRC backdoor Trojan and network worm that also terminates
and
disables various anti-virus and security related programs.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,8qlf,ixw2,9s3s,a9gz
------------------------------------------------------------
8. 8/18: Beagle-AP Worm Uses SMTP Engine
W32.Beagle.AP@mm is a mass-mailing worm that spreads via email, using its own
SMTP
engine.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,7vab,11dn,9s3s,a9gz
------------------------------------------------------------
9. 8/18: Winflux-B Trojan Steals Information
Troj/Winflux-B is backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,8yr1,brgg,9s3s,a9gz
------------------------------------------------------------
10. 8/18: Wort-A Worm Exploits LSASS Flaw
W32/Wort-A is a networm worm that exploits the LSASS (MS04-011) vulnerability.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,3er0,km9h,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Thu Aug 19, 2004 1:15 pm Post subject: |
|
|
8/19: T-Virus Mobile Phone Hoax Targets Game
T-Virus Mobile Phone Hoax is part of a marketing campaign targeting the release
of a new
console video game.
http://nl.internet.com/ct.html?rtr=on&s=1,12ne,1,8vyz,1koh,9s3s,a9gz
------------------------------------------------------------
4. 8/19: Trivial-818 a DOS Virus
Trivial.818 is a DOS virus that overwrites the first 818 bytes of .com and .exe
files,
preventing them from running correctly.
http://nl.internet.com/ct.html?rtr=on&s=1,12ne,1,6key,1o4s,9s3s,a9gz
------------------------------------------------------------
5. 8/19: Lovgate-W Worm Spreads Multiple Ways
W32/Lovgate-W is a worm with the backdoor functionality that spreads via email,
network
shares with weak passwords and filesharing networks.
http://nl.internet.com/ct.html?rtr=on&s=1,12ne,1,h4gi,az0w,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Thu Aug 19, 2004 2:23 pm Post subject: |
|
|
Attack Pierces Fully Patched XP Machines
By Dennis Fisher
August 19, 2004
Security researchers have identified a new version of the Download.Ject attack that is now being used on the Internet and can compromise fully patched Windows XP machines.
The new version of the attack just appeared Thursday afternoon, and while details are still sketchy, experts say its main purpose is to install a back door on compromised PCs. Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page.
The page is being hosted by a number of different sites, all of which share common "whois" information and appear to be deliberately serving the page, according to Thor Larholm, senior security researcher at PivX Solutions LLC, based in Newport Beach, Calif. The Trojan also will change the start page of the infected PC.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Fri Aug 20, 2004 11:59 am Post subject: |
|
|
8/20: Vundo Decrypts, Drops DLL File
Vundo is malware from the field.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,izpx,8ir4,9s3s,a9gz
------------------------------------------------------------
6. 8/20: Ainesey-C a Macro Virus
X97M.Ainesey.C is a Microsoft Excel macro virus that infects Microsoft Excel
workbooks
and lowers Internet Explorer security settings.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,jm81,kg6c,9s3s,a9gz
------------------------------------------------------------
7. 8/20: Delsha Trojan Ends Sharing
Trojan.Delsha is a Trojan horse program that disables the sharing permission of
network-shared folders.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,7eba,b21r,9s3s,a9gz
------------------------------------------------------------
8. 8/20: Rbot-GO Allows Unauthorized Access
W32/Rbot-GO is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,53d0,cfd8,9s3s,a9gz
------------------------------------------------------------
9. 8/20: Rbot-GS Exploits Vulnerabilities
W32/Rbot-GS spreads by exploiting vulnerabilities, network services with weak
passwords
and backdoors opened by other worms.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,dxj9,4ztn,9s3s,a9gz
------------------------------------------------------------
10. 8/20: Rbot-GP Spreads to Remote Shares
W32/Rbot-GP is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,1nz1,3qnw,9s3s,a9gz
------------------------------------------------------------
11. 8/20: Rbot-GR Has Trojan Abilities
W32/Rbot-GR is a worm with backdoor Trojan functionality.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,29nc,h1f9,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
