Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virus alerts for week of 8/16/04

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Aug 16, 2004 11:47 am    Post subject: Virus alerts for week of 8/16/04 Reply with quote

The other security news witch used to be combined with the virus alerts can now be found here:
http://spywarewarrior.com/viewtopic.php?t=4833
===============================================

8/16: Mydoom-R An 'Amber Alert'
Panda Software has issued an Amber Alert for Mydoom.R, a worm that opens several
ports
and listens to them.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,d87e,2z9c,9s3s,a9gz
------------------------------------------------------------
6. 8/16: Worm_Ratos.A a 'Yellow Alert'
Trend Micro has issued a Yellow Alert for Worm_Ratos.A, which is spreading via
email, and
is reporting receiving several alerts from Japan, Korea, China and the USA.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,2ml7,mds7,9s3s,a9gz
------------------------------------------------------------
7. 8/16: Backdoor.Nemog Uses Computer as Proxy
Backdoor.Nemog is a Backdoor Trojan horse that allows an infected computer to be
used as
an email relay and HTTP proxy.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,fm9t,5d1a,9s3s,a9gz
------------------------------------------------------------
8. 8/16: Mydoom-Q Downloads Executable File
W32.Mydoom.Q@mm is a mass-mailing worm that downloads an executable file and
uses its own
SMTP engine to send itself to the email addresses that it finds on the infected
computer.

http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,cy6b,eo7g,9s3s,a9gz
------------------------------------------------------------
9. 8/16: Mydoom-S Harvests Email Addresses
W32/MyDoom-S is a mass-mailing worm that harvests email addresses from your hard
drive.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,970b,4efg,9s3s,a9gz
------------------------------------------------------------
10. 8/16: Apribot-C Connects to IRC Server
W32/Apribot-C is an IRC backdoor with spreading capability.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,4ax2,76lw,9s3s,a9gz
------------------------------------------------------------
11. 8/16: Troj/Bdoor-CHR a Backdoor Trojan
Troj/Bdoor-CHR is a backdoor Trojan.
http://nl.internet.com/ct.html?rtr=on&s=1,12ck,1,99bb,1sun,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd


Last edited by wawadave on Mon Aug 16, 2004 12:12 pm; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Aug 16, 2004 12:06 pm    Post subject: Reply with quote

New Worm - Bagle.AM Menaces the Internet
http://www.net-security.org/virus_news.php?id=448
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Aug 16, 2004 12:10 pm    Post subject: Reply with quote

NEW BAGLE E-MAIL WORM SPREADS
Antivirus updates available, but experts say this variant may fool
some software.
http://www.net-security.org/news.php?id=5796

GAME VIRUS' BITES MOBILE PHONES
A mobile phone virus posing as a game is roaming file-sharing and
software download sites, say security experts.
http://www.net-security.org/news.php?id=5809
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Aug 16, 2004 2:04 pm    Post subject: Reply with quote

Dear Trend Micro customer,

As of Aug 16, 2004 12:10 AM (GMT -7:00), TrendLabs has declared a Medium Risk
Virus Alert to control the spread of WORM_RATOS.A. TrendLabs has received
several infection reports indicating that this malware is spreading in Japan,
Korea and the United States.

This worm spreads via email with the following details:

------
Subject: photos
Message body: LOL!Wink)))
Attachment: photos_arc.exe
------

Upon execution, it drops a copy of itself as the following files:

%Windows%\RASOR38A.DLL
%System%\WINPSD.EXE

(Note: %System% refers to the Windows system folder, which is usually
C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows 2000
and NT, and C:\Windows\System32 on Windows XP. Note: The Windows system folder
is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on
Windows 2000 and NT, and C:\Windows\System32 on Windows XP.)

It downloads copies of a backdoor component file from several URLs and saves it
as WINVPN32.EXE in the Windows folder.

This worm usually arrives UPX-compressed and runs on Windows 95, 98, ME, NT,
2000, and XP.


TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 126 (available)
Official Pattern Release 1.957.00 (available)
Damage Cleanup Template 394 (to be released)
Network Virus Pattern 10136 (to be released)


TrendLabs is currently working to provide a more in-depth analysis of this
malware. You can visit our Web site for more updates on WORM_RATOS.A:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RATOS.A

Contact av_query@support.trendmicro.com for inquiries and to report infections
in your region.


----------------------------------------------o0o----
CRITICAL PRODUCT UPDATE!
New Pattern File Numbering Format upgrade for Trend Micro products is REQUIRED
by July 2004. Click www.trendmicro.com/npf for details!
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Aug 16, 2004 2:15 pm    Post subject: Reply with quote

K police issue 'vicious' Trojan alert
======================================
Britain's top cybercrime fighters have joined up with the banking industry today
in warning of the latest attempt to defraud online banking customers.
http://www.it-analysis.com/article.php?id=12158&zz=60786a6512134
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Aug 17, 2004 5:20 pm    Post subject: Reply with quote

8/17: Mydoom-T Copies Itself in Emails
Win32/MyDoom.T is a worm spreading via e-mail.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,cy1s,6pp0,9s3s,a9gz
------------------------------------------------------------
6. 8/17: Bagle-AJ Worm Uses SMTP Engine
Worm_Bagle.AJ, like earlier Bagle variants, is a memory-resident worm that
spreads via
email through its own Simple Mail Transfer Protocol (SMTP) engine.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,jztv,7uvt,9s3s,a9gz
------------------------------------------------------------
7. 8/17: Pogue Infects .COM Files
Pogue infects DOS executable .COM files.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,d0o3,el9l,9s3s,a9gz
------------------------------------------------------------
8. 8/17: Rbot-GF Worm has Trojan Abilities
W32/Rbot-GF is a worm that attempts to spread to remote network shares and has
backdoor
Trojan functionality allowing unauthorized access to an infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,59fi,5aoz,9s3s,a9gz
------------------------------------------------------------
9. 8/17: ProxDrop-A Trojan Installs Proxies
Troj/ProxDrop-A is used to drop and install proxy servers.
http://nl.internet.com/ct.html?rtr=on&s=1,12gb,1,mgi2,howj,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Aug 18, 2004 7:36 am    Post subject: Reply with quote

MYDOOM-S POSES AS FUNNY PHOTOS | SearchSecurity.com

The latest member of the Mydoom family spreads through an e-mail
claiming to contain funny photos, antivirus firms reported Monday.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1000746,00.html?track=NL-20&ad=488503
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Aug 18, 2004 3:20 pm    Post subject: Reply with quote

8/18: Spyware-BE Logs Keystrokes, URLs
Spyware-BE is a detection for a potentially unwanted program (PUP).
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,eyyt,4iwl,9s3s,a9gz
------------------------------------------------------------
6. 8/18: Dumaru-Q a Password-Stealing Worm
W32/Dumaru-Q is a password stealing worm that collects information from a user's
computer
and sends the collected information to a specific email address.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,jc6s,luiz,9s3s,a9gz
------------------------------------------------------------
7. 8/18: Agobot-ME Disables Security Apps
W32/Agobot-ME is an IRC backdoor Trojan and network worm that also terminates
and
disables various anti-virus and security related programs.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,8qlf,ixw2,9s3s,a9gz
------------------------------------------------------------
8. 8/18: Beagle-AP Worm Uses SMTP Engine
W32.Beagle.AP@mm is a mass-mailing worm that spreads via email, using its own
SMTP
engine.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,7vab,11dn,9s3s,a9gz
------------------------------------------------------------
9. 8/18: Winflux-B Trojan Steals Information
Troj/Winflux-B is backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,8yr1,brgg,9s3s,a9gz
------------------------------------------------------------
10. 8/18: Wort-A Worm Exploits LSASS Flaw
W32/Wort-A is a networm worm that exploits the LSASS (MS04-011) vulnerability.
http://nl.internet.com/ct.html?rtr=on&s=1,12kr,1,3er0,km9h,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Aug 19, 2004 1:15 pm    Post subject: Reply with quote

8/19: T-Virus Mobile Phone Hoax Targets Game
T-Virus Mobile Phone Hoax is part of a marketing campaign targeting the release
of a new
console video game.
http://nl.internet.com/ct.html?rtr=on&s=1,12ne,1,8vyz,1koh,9s3s,a9gz
------------------------------------------------------------
4. 8/19: Trivial-818 a DOS Virus
Trivial.818 is a DOS virus that overwrites the first 818 bytes of .com and .exe
files,
preventing them from running correctly.
http://nl.internet.com/ct.html?rtr=on&s=1,12ne,1,6key,1o4s,9s3s,a9gz
------------------------------------------------------------
5. 8/19: Lovgate-W Worm Spreads Multiple Ways
W32/Lovgate-W is a worm with the backdoor functionality that spreads via email,
network
shares with weak passwords and filesharing networks.
http://nl.internet.com/ct.html?rtr=on&s=1,12ne,1,h4gi,az0w,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Aug 19, 2004 2:23 pm    Post subject: Reply with quote

Attack Pierces Fully Patched XP Machines
By Dennis Fisher
August 19, 2004


Security researchers have identified a new version of the Download.Ject attack that is now being used on the Internet and can compromise fully patched Windows XP machines.

The new version of the attack just appeared Thursday afternoon, and while details are still sketchy, experts say its main purpose is to install a back door on compromised PCs. Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page.

The page is being hosted by a number of different sites, all of which share common "whois" information and appear to be deliberately serving the page, according to Thor Larholm, senior security researcher at PivX Solutions LLC, based in Newport Beach, Calif. The Trojan also will change the start page of the infected PC.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Fri Aug 20, 2004 11:59 am    Post subject: Reply with quote

8/20: Vundo Decrypts, Drops DLL File
Vundo is malware from the field.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,izpx,8ir4,9s3s,a9gz
------------------------------------------------------------
6. 8/20: Ainesey-C a Macro Virus
X97M.Ainesey.C is a Microsoft Excel macro virus that infects Microsoft Excel
workbooks
and lowers Internet Explorer security settings.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,jm81,kg6c,9s3s,a9gz
------------------------------------------------------------
7. 8/20: Delsha Trojan Ends Sharing
Trojan.Delsha is a Trojan horse program that disables the sharing permission of
network-shared folders.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,7eba,b21r,9s3s,a9gz
------------------------------------------------------------
8. 8/20: Rbot-GO Allows Unauthorized Access
W32/Rbot-GO is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,53d0,cfd8,9s3s,a9gz
------------------------------------------------------------
9. 8/20: Rbot-GS Exploits Vulnerabilities
W32/Rbot-GS spreads by exploiting vulnerabilities, network services with weak
passwords
and backdoors opened by other worms.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,dxj9,4ztn,9s3s,a9gz
------------------------------------------------------------
10. 8/20: Rbot-GP Spreads to Remote Shares
W32/Rbot-GP is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,1nz1,3qnw,9s3s,a9gz
------------------------------------------------------------
11. 8/20: Rbot-GR Has Trojan Abilities
W32/Rbot-GR is a worm with backdoor Trojan functionality.
http://nl.internet.com/ct.html?rtr=on&s=1,12rg,1,29nc,h1f9,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group