Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virus alerts for week of 12/6/04

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sun Dec 05, 2004 10:07 pm    Post subject: Virus alerts for week of 12/6/04 Reply with quote

Nothing fixes a thing so intensely in the memory as the wish to forget it."
Michel de Montaigne (1533-1592); French essayist.

- Weekly report on viruses and intruders -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, December 5 2004 - This week's report looks at two worms -Mugly.A and
Gaobot.BXG-, a virus called Jabbit.A, the Skulls.B Trojan and an application
called pcAudit.

Mugly.A is a worm that spreads via email in message with variable
characteristics that includes an attachment called ATTACHED.ZIP. This file
in turn contains an executable file, which is actually the worm itself.

In the computer it infects, Mugly.A searches files with the following
extension: ADB, ASP, DBX, DOC, HTM, HTML, PHP, SHT, TBB, TXT o WAB-, looking
for email addresses to which to send itself, unless the addresses contain
text referring to antivirus companies.

After it's run, Mugly.A displays an image on screen, and installs and runs
another worm, which Panda Software detects as Gaobot.BXG, which spreads by
making copies of itself in shared network resources that it manages to
access.

Gaobot.BXG affects computers with Windows 2003/XP/2000/NT, exploiting the
LSASS, RPC DCOM and WebDAV vulnerabilities. It also connects to an IRC
server and awaits orders to carry out malicious action such as obtaining
information from the PC, executing files and carrying out Distributed Denial
of Service attacks (DDoS).

Jabbit.A is a virus that doesn't spread automatically and reaches computers
when it is distributed through any of the usual means (floppies, CD-ROMs,
emails, etc.) in previously infected files. The virus uses 'prepending'
techniques to infect HTML files that are in the directory in which it is
executed. It also creates copies of itself in the Favorites folder and makes
all links in the folder point to the virus, so it is run whenever users
access the links.

After it infects a PC, on the 13th of each month Jabbit.A makes several
messages appear on screen. It then opens the Internet Explorer and displays
a certain web page.

The next malicious code we will look at today is Skulls.B, a Trojan that has
been distributed through cellphone forums and needs user interaction in
order to install itself. It affects mobile phones using the Symbian
operating system. Although the initial targets were Nokia 7610 phones, other
devices based on the Symbian operating system can also be affected.

Skulls.B changes the icons of all the applications on the phone for others
belonging to a certain system application. It also installs files
corresponding to other malware that also affects phones based on Symbian and
detected by Panda Software as Cabir.A.

We end today's report with pcAudit, a program developed by a private company
to check the level of security of the computer. By simulating a hacker
attack, it tries to send data (such as files and folders in the My documents
directory, screenshots, keystrokes, etc.) to a server. If it manages to send
information, the consequences can be serious as it will be transmitted over
the Internet without any kind of encryption.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Freeware: legal software distributed free o charge.

- Prepending: This is a technique used by viruses for infecting files by
adding their code to the beginning of the file. By doing this, these viruses
ensure that they are activated when an infected file is used.

More technical definitions at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Dec 06, 2004 1:03 pm    Post subject: Reply with quote

12/6: Atak-B a Mass-Mailing Worm
W32.Atak.B@mm is a mass-mailing worm that uses its own SMTP engine to send its messages
to the email addresses it gathers from certain files on a compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,19o1,1,eci9,696i,9s3s,a9gz
------------------------------------------------------------
4. 12/6: Trojan Wlogo Exploits IE Flaw
Trojan.Wlogo exploits the Microsoft Internet Explorer Malformed IFRAME Remote Buffer
Overflow Vulnerability (described in the Microsoft Security Bulletin MS04-040) to
download and execute a remote file.
http://nl.internet.com/ct.html?rtr=on&s=1,19o1,1,eqhg,l3kc,9s3s,a9gz
------------------------------------------------------------
5. 12/6: Trojan Frutca Hides Files
Trojan.Frutca is a Trojan Horse program that hides files on the compromised computer and
sends out information to remote server.
http://nl.internet.com/ct.html?rtr=on&s=1,19o1,1,4mzv,8npp,9s3s,a9gz
------------------------------------------------------------
6. 12/6: Atak-E Worm Harvests Email Addresses
Some vendors have issued alerts for W32/Atak.e@MM, a new variant of the W32/Atak worm.
http://nl.internet.com/ct.html?rtr=on&s=1,19o1,1,4qee,3e35,9s3s,a9gz
------------------------------------------------------------
7. 12/6: Rbot-RE Worm Targets Weak Passwords
W32/Rbot-RE is an IRC backdoor Trojan and network worm.
http://nl.internet.com/ct.html?rtr=on&s=1,19o1,1,7l41,67qt,9s3s,a9gz
------------------------------------------------------------
8. 12/6: Rbot-RC an IRC Trojan and Worm
W32/Rbot-RC is an IRC backdoor Trojan and network worm.
http://nl.internet.com/ct.html?rtr=on&s=1,19o1,1,5aj7,kvp,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Dec 06, 2004 4:43 pm    Post subject: Reply with quote

Network World's Security News Alert

Trend Micro gives away mobile anti-virus software, 12/06/04

Trend Micro will become the latest major anti-virus software
company to provide protection against mobile phone viruses, with
new anti-virus and anti-spam software for mobile phones running
the Microsoft Windows Mobile and Symbian's operating systems.
http://www.nwfusion.com/news/2004/1206trendmicro.html?nl
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Dec 07, 2004 3:48 pm    Post subject: Reply with quote

12/7: Banker-BG Targets Brazilian Banks
Troj/Banker-BG is a password stealing Trojan aimed at customers of Brazilian banks.
http://nl.internet.com/ct.html?rtr=on&s=1,19re,1,71qs,5y74,9s3s,a9gz
------------------------------------------------------------
6. 12/7: Rbot-RF a Network Worm and Trojan
W32/Rbot-RF is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,19re,1,cj3q,51x4,9s3s,a9gz
------------------------------------------------------------
7. 12/7: Agent-BF a Downloading Trojan
Troj/Agent-BF is a downloading Trojan for the Windows platform that attempts to download
and run a program from a remote location.
http://nl.internet.com/ct.html?rtr=on&s=1,19re,1,htd5,3lak,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Dec 08, 2004 5:43 pm    Post subject: Reply with quote

slow week for viruses so far!!!!

12/8: Rbot-RJ Worm Spreads to Shares
W32/Rbot-RJ is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,19w0,1,i6fl,ggvv,9s3s,a9gz
------------------------------------------------------------
5. 12/8: Maslan-C Worm Spreads By Email
W32/Maslan-C is worm that spreads by emailing itself to addresses found on the infected
computer.
http://nl.internet.com/ct.html?rtr=on&s=1,19w0,1,kdwl,a1y3,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group