Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virus alerts for week of 12/20/04

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Dec 20, 2004 10:52 am    Post subject: Virus alerts for week of 12/20/04 Reply with quote

BEWARE OF CHRISTMAS PCS BEARING VIRUSES
Shop-bought computers often unpatched and vulnerable to malicious
code.
http://www.net-security.org/news.php?id=6732

MERRY VIRUS TO YOU
Security firms are reporting the spread of two holiday-themed
viruses. Zafi.D and Atak.age use Christmas greetings and promises of
an electronic holiday card to lure users to open malicious files.
Zafi.D is circulating in multiple languages.
http://www.net-security.org/news.php?id=6747

CHRISTMAS CARD VIRUS HITS ONE IN 10 EMAILS
Zafi-D spreading rapidly around the world.
http://www.net-security.org/news.php?id=6750
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Dec 20, 2004 2:03 pm    Post subject: Reply with quote

12/20: Sdbot-SI Worm also a Backdoor
W32/Sdbot-SI is a network worm and backdoor for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,8hz2,iwq7,9s3s,a9gz
------------------------------------------------------------
4. 12/20: Netdepix Trojan Exploits Buffer Overrun
Trojan.Netdepix is a Trojan horse program that attempts to exploit the Microsoft Windows
LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011) on randomly
selected computers.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,ltlc,gik0,9s3s,a9gz
------------------------------------------------------------
5. 12/20: Tabdim Trojan Lets Hacker In
Backdoor.Tabdim is a Trojan horse program that opens a backdoor and allows a remote
attacker to control the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,fprt,eqkd,9s3s,a9gz
------------------------------------------------------------
6. 12/20: Looked Worm Infects .Exe Files
W32.Looked is a worm that propagates through shared folders, downloads a file, and
infects .exe files.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,b1j6,7to3,9s3s,a9gz
------------------------------------------------------------
7. 12/20: Mugly-C Worm Uses Own SMTP Engine
W32.Mugly.C@mm is a worm that uses its own SMTP engine to spread by sending itself as an
email attachment to addresses gathered from the compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,q38,ji2v,9s3s,a9gz
------------------------------------------------------------
8. 12/20: Pulkfer Virus Infects .Exe Files
W32.Pulkfer is virus that infects .exe files in the folder where it is executed from.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,26do,amql,9s3s,a9gz
------------------------------------------------------------
9. 12/20: Netdepix Worm Scans IP Addresses
W32.Netdepix is a worm that attempts to exploit the Microsoft Windows LSASS Buffer
Overrun Vulnerability (Microsoft Security Bulletin MS04-011).
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,kpbx,82t4,9s3s,a9gz
------------------------------------------------------------
10. 12/20: Grurev Macro Virus Infects Word
W97M.Grurev is a simple Macro virus that infects Microsoft Word's Normal.dot template.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,ctx0,eetz,9s3s,a9gz
------------------------------------------------------------
11. 12/20: PEQ a Generic VB Worm
W32.PEQ@mm is a generic Visual Basic worm that spreads by sending a copy of itself to
email addresses gathered from the Microsoft Outlook Address Book.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,fcp9,aayg,9s3s,a9gz
------------------------------------------------------------
12. 12/20: Oddbob-A a Network Worm
W32/Oddbob-A is a network worm for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,hn0w,gh48,9s3s,a9gz
------------------------------------------------------------
13. 12/20: Rbot-RW a Worm and IRC Trojan
W32/Rbot-RW is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,ixk,2bur,9s3s,a9gz
------------------------------------------------------------
14. 12/20: Wort-D Worm Exploits LSASS Flaw
W32/Wort-D is a network worm that attempts to spread to remote computers by exploiting
the LSASS vulnerability (MS04-011).
http://nl.internet.com/ct.html?rtr=on&s=1,1amp,1,3qx4,j93w,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Dec 21, 2004 6:04 pm    Post subject: Reply with quote

viruses are picking up for x mass!!!!!!!!!!

12/21: Santy Worm Infects Web Servers
A new worm Santy has started spreading that infects only web servers, not end user
computers.
http://nl.internet.com/ct.html?rtr=on&s=1,1aqc,1,1slw,3u54,9s3s,a9gz
------------------------------------------------------------
8. 12/21: Rbot-RY Worm Hits Weak Shares
W32/Rbot-RY is a Windows network worm that spreads to weakly protected network shares and
computers vulnerable to the RPC-DCOM exploit (see Microsoft Security Bulletin MS04-012).

http://nl.internet.com/ct.html?rtr=on&s=1,1aqc,1,330n,dbu3,9s3s,a9gz
------------------------------------------------------------
9. 12/21: Rbot-SB a Network Worm & Trojan
W32/Rbot-SB is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1aqc,1,402t,am4z,9s3s,a9gz
------------------------------------------------------------
10. 12/21: Bancban-AN Trojan Steals Bank Info
Troj/Bancban-AN is a data stealing Trojan that attempts to capture confidential
information related to internet banking, such as usernames and logon passwords.
http://nl.internet.com/ct.html?rtr=on&s=1,1aqc,1,jvrx,170v,9s3s,a9gz
------------------------------------------------------------
11. 12/21: Lateda Trojan Takes Commands
Backdoor.Lateda is a backdoor Trojan horse program that allows an attacker to download
and run files on the infected machine.
http://nl.internet.com/ct.html?rtr=on&s=1,1aqc,1,gblb,4myh,9s3s,a9gz
------------------------------------------------------------
12. 12/21: Banedi Macro Virus Infects Word
W97M.Banedi is a macro virus that infects the Microsoft Word Normal.dot template and is
triggered when a Word document is opened or closed.
http://nl.internet.com/ct.html?rtr=on&s=1,1aqc,1,m0c3,klvd,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Dec 22, 2004 4:09 pm    Post subject: Reply with quote

HEADLINES
----------------------------------------------------------------------

SANTY-A FUMES THROUGH INTERNET FORUMS | SearchSecurity.com

Google has deactivated queries essential to Santy-A's spread. But by
Wednesday morning, the worm had infected about 40,000 Web sites.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1036174,00.html?track=NL-102&ad=500461
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Dec 22, 2004 4:21 pm    Post subject: Reply with quote

1. Santy-A Worm Raises Fears Over New Trend
The Santy-A worm, which shows off the first automated Google hacking, has security
analysts bracing for a whole new trend.
http://nl.internet.com/ct.html?rtr=on&s=1,1au3,1,8hi6,7v9w,9s3s,a9gz
------------------------------------------------------------
2. 12/22: Santy Worm Attacks Bulletin Boards
Several security vendors continue to issue alerts for Perl/Santy-A, a worm that exploits
a vulnerability in the phpBB bulletin board software.
http://nl.internet.com/ct.html?rtr=on&s=1,1au3,1,jp7j,jrhk,9s3s,a9gz

------------------------------------------------------------
3. 12/22: Sapattra a Macro Virus
W97M.Sapattra is a macro virus that infects Microsoft Word documents and the Normal.dot
template.
http://nl.internet.com/ct.html?rtr=on&s=1,1au3,1,dho3,hchr,9s3s,a9gz
------------------------------------------------------------
4. 12/22: Mkar-E Virus Infects EXE Files
W32/Mkar-E is a virus that infects EXE files.
http://nl.internet.com/ct.html?rtr=on&s=1,1au3,1,igzx,5llu,9s3s,a9gz
------------------------------------------------------------
5. 12/22; Randex-CCF Worm Opens Backdoor
W32.Randex.CCF is a network-aware worm that opens a backdoor on an infected computer and
may be remotely controlled via IRC channels.
http://nl.internet.com/ct.html?rtr=on&s=1,1au3,1,i28n,du2a,9s3s,a9gz
------------------------------------------------------------
6. 12/22: Rbot-SD Worm, Trojan Uses Passwords
W32/Rbot-SD is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1au3,1,jqd4,5are,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Dec 23, 2004 1:22 pm    Post subject: Reply with quote

Santy-A Worm Raises Fears Over New Trend
The Santy-A worm, which shows off the first automated Google hacking, has security
analysts bracing for a whole new trend.
http://nl.internet.com/ct.html?rtr=on&s=1,1ax3,1,8hi6,7v9w,9s3s,a9gz
------------------------------------------------------------
3. 12/23: Rembot-A Worm Waits for Commands
W32/Rembot-A connects to a predetermined IRC channel and runs in the background waiting
for backdoor commands.
http://nl.internet.com/ct.html?rtr=on&s=1,1ax3,1,vzy,hd2o,9s3s,a9gz
------------------------------------------------------------
4. 12/23: Worm_Beaker-A Spreads Via Email
Worm_Beaker.A arrives and propagates via email.
http://nl.internet.com/ct.html?rtr=on&s=1,1ax3,1,6hvx,huoq,9s3s,a9gz
------------------------------------------------------------
5. 12/23: Keylog-Jingt a Malicious Trojan
Keylog-Jingt is a malicious keylogger Trojan that sends a package originating from China.

http://nl.internet.com/ct.html?rtr=on&s=1,1ax3,1,8er1,1xtk,9s3s,a9gz
------------------------------------------------------------
6. 12/23: Agobot-OR a Network Worm
W32/Agobot-OR is a network worm with an IRC backdoor component.
http://nl.internet.com/ct.html?rtr=on&s=1,1ax3,1,1gzc,7smh,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Dec 23, 2004 1:38 pm    Post subject: Reply with quote

PHP/Santy.A.worm: New Network Worm Attacks
Vulnerable phpBB Servers and Erases All Content -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, December 21, 2004 - In recent hours, PHP/Santy.A.worm, a new network
worm written in Perl, has appeared on the Internet and begun to distribute
itself rapidly. This malicious code uses Google to execute mass searches of
servers that are running the popular application for forums, news groups,
blogs, etc., phpBB in versions earlier than 2.0.11 and without the patch
that protects against the viewtopic.php vulnerability that was discovered
this past November 15. The patch to correct the vulnerability may be
downloaded from http://www.phpbb.com/phpBB/viewtopic.php?t=240513.

Once the worm locates a targeted server, it takes advantage of the phpBB
Remote URLDecode Input Validation Vulnerability to obtain remote access to
the web server. When access is obtained, it goes through the various
directories, overwriting files that have an .asp, .htm, .jsp, php, .phtm or
.shtm extension and installing in place of each a page that displays the
following message: "This site is defaced!!! NeveEverNoSanity WebWorm
generation X."

In the message, "x" varies according to the infections that the new virus is
able to accomplish.

This Internet worm affects only servers and distributes itself only among
them. Therefore, residential users are unaffected. Nor will residential
users be affected if they visit pages that have been infected by the worm.
Given that the vulnerability operates at the application level, web servers
with either Windows or Linux operating systems may be affected.

It is possible that if the worm continues to propagate itself on a large
scale, Internet services will slow down and even collapse.

Given the high probability of encountering PHP/Santy.A.worm or new variants
on PHP/Santy.A.worm, Panda Software recommends that extreme precautionary
measures be taken and antivirus software be updated. Panda Software
customers already have available to them the updates necessary to detect and
remove this new malicious code from their systems.

Similarly, Panda Software customers already have available to them the
updates necessary to install Panda's new TruPrevent Technologies solution
alongside their antivirus protection for preventive protection against this
worm and other new malicious code. For users of other antivirus solutions
on the market, Panda TruPrevent Corporate, for servers and workstations, is
the solution. It is compatible with and complementary to the other products
and provides a second line of defense as well as preventive protection that
runs while the antivirus program is being updated, thereby reducing the risk
of infection. More information on TruPrevent Technologies may be found at
http://www.pandasoftware.com/truprevent.

For free computer virus detection and removal, users can run Panda
ActiveScan, the online antivirus solution available at
http://www.pandasoftware.com/

More information about PHP/Santy.A.worm worms may be found in the Panda
Software Encyclopedia at
http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sat Dec 25, 2004 9:10 pm    Post subject: Reply with quote

"The sun is shining after the rain."
Proverb.

- Virus Hall of Fame 2004 -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, December 23 2004 - Today, Oxygen3 24h-365d offers a brief insight
into the malicious code which has appeared throughout 2004 and has stood out
for some of its features.

This ranking is made up of the following categories, together with the most
remarkable viruses in each category.

- The most damaging: Sasser, responsible for one of the most serious
epidemics seen so far. Its effects were especially annoying for victims who
found their computers were virtually unusable due to the continuous restarts
that this malicious code caused.

- The most sophisticated: Noomy.A, a worm that constructs infected web pages
and sends messages through chat channels as though it were a genuine user.
It is a technically complex worm.

- The most talkative: Amus.A, a malicious code from Turkey that uses Speech
Engine in the Windows XP operating system to announce its presence.

- The most musical: several variants of the Netsky worm take the title here,
as they emit a peculiar melody for three long hours once they have infected
a computer!

- The shyest: variants of the Bagle worm, which sent themselves out in
password protected ZIP files to prevent antivirus applications from scanning
them when they entered a computer. The strategy is actually used by a lot of
malicious code, but we have opted for the Bagle family given the extent to
which they propagated throughout 2004.

- The most opportunist - the most polyglot: Zafi.D. Designed to imitate a
greetings message and therefore exploit the festive season, this malicious
code spreads in messages in a multitude of languages.

- The smuttiest: Tasin.C, which downloaded an erotic image of a famous
Spanish celebrity.

- The most repetitive: the prolific Gaobot family of worms, which saw its
numbers increase by almost 2,000 new variants throughout 2004!

- The most schizophrenic: Bereb.C, which could use 442 different names to
spread across P2P file-sharing applications.

- The politest: in this category we have selected not one, but three
malicious code -StartPage.AV, Harnig.B and Multidropper.AM-. All of these
are 'kind' enough to display a message to users informing them that their
computers have fallen into their hands.

For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group