Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virus alerts for week of 1/10/05

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Jan 10, 2005 8:14 am    Post subject: Virus alerts for week of 1/10/05 Reply with quote

VIRUSES AIM FOR IM
Virus writers, scammers and spammers are plying their trade via
instant messaging. Liane Cassavoy and Andrew Brandt identify the real
threats and offer tips on avoiding them.
http://www.net-security.org/news.php?id=6858

SIMS 2 HACKS SPREAD LIKE VIRUSES
If spammer appliances and other household objects are exhibiting
strange behavior in your virtual home, you may have unknowingly
picked up hacked code from the official Sims 2 website. What's more,
you may have spread it.
http://www.net-security.org/news.php?id=6860

PHISHERS MIGRATING TO TROJAN HORSE ATTACKS
The latest report from the Anti-Phishing Working Group (APWG)
suggests a depressing if unsurprising outlook for phishing trends in
the year ahead.
http://www.net-security.org/news.php?id=6859
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Mon Jan 10, 2005 8:16 am    Post subject: Reply with quote

"Chance is a word void of sense; nothing can exist without a cause."
François Marie Arouet Voltaire (1694-1778); French philosopher and writer.

- Weekly report on viruses and intruders -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, January 9, 2005 - This week's report will focus on Winxor.A,
Breacuk.E and Asan.A.

Winxor.A is the first malicious code designed to exploit a vulnerability in
the WINS service, which allows arbitrary code to be run on Windows
2003/XP/2000/NT/Me/98/95 servers. Winxor.A can also affect computers running
Windows 2003/XP/2000/NT/Me/98/95.

Winxor.A connects to an IRC server and waits for control commands (such as
download files or run programs). When the author of this malicious code
specifies, Winxor.A scans IP addresses in order to find open ports. If these
belong to servers that are affected by this security flaw, it installs an
FTP server in port 36010 and uses it to transfer itself to these computers.

When it has reached a computer, Winxor.A carries out the following actions:

- It creates two files: CCEVTMNGR.EXE, which is a copy of itself, and
CCSETMNGR.EXE, which is a component that looks for remote computers affected
by the vulnerability in the WINS service in order to try and exploit it.

- It generates several entries in the Windows Registry in order to ensure it
is run whenever the computer is started and thereby, register as a Windows
service.

Breacuk.E is a worm that spreads via the P2P (peer-to-peer) file sharing
program KaZaA. To do this, it follows the routine below:

- It creates a directory called SOFTWARE KINGS AND QUEENS in the Windows
directory and shares it through KaZaA.

- In this directory it creates multiple copies of itself under attractive
names, so that other users download them, thinking that they are games or
other applications. However, when the downloaded file is run, the computer
will be infected by Breacuk.E.

Breacuk.E deletes files with certain extensions, including: EXE, DLL, OCX
and BMP, preventing certain applications from working correctly. What's
more, this malicious code causes problems on switching on the affected
computer.

We are going to finish this week's report with Asan.A, a worm that affects
servers with a vulnerable version of the program phpBB installed, and that
have already been attacked by a worm detected by Panda Software as
PHP/Santy.A.worm. In this case, it removes the vulnerability from the
server, although this could lead to loss of certain functionalities.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- WINS (Windows Internet Name Service): a service that manages the names
associated to the computers in a network and therefore, access and the
possibility of working with them. A computer contains a database with the
addresses in IP format (for example 125.15.0.32) and the common names
assigned to each computer in the network (for example, SERVER1).

More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Jan 11, 2005 7:38 am    Post subject: Reply with quote

1/10: Sdbot-SW Worm Spreads to Shares
W32/Sdbot-SW is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,m14g,gjcu,9s3s,a9gz
------------------------------------------------------------
4. 1/10: Clicker-S a Memory-Resident Trojan
Troj_Clicker.S is a memory-resident Trojan that arrives in a system by being installed
from a malicious Web site, or by being dropped by another malware.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,3tr,8urp,9s3s,a9gz
------------------------------------------------------------
5. 1/10: Lnk_Acespades-A a File Infector
Lnk_Acespades.A is a file infector that arrives as an .LNK file.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,goup,4jbe,9s3s,a9gz
------------------------------------------------------------
6. 1/10: Spybot-AAR Exploits Windows Flaws
Worm_Spybot.AAR is a worm that takes advantage of Windows vulnerabilities to propagate
across networks.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,8ksb,4dk6,9s3s,a9gz
------------------------------------------------------------
7. 1/10: Goldun Trojan Steals Users' E-Gold
Trojan.Goldun is a Trojan horse program that steals a user's authentication for e-gold.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,4vub,l71v,9s3s,a9gz
------------------------------------------------------------
8. 1/10: Minit Trojan Creates a DLL
Trojan.Minit is a Trojan horse that creates a DLL, which will download and execute
arbitrary code from a predetermined list of websites.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,jec,k7aw,9s3s,a9gz
------------------------------------------------------------
9. 1/10: Looked-B Worm Downloads File
W32.Looked.B is a worm that downloads a file and then infects .exe files.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,j28w,83w6,9s3s,a9gz
------------------------------------------------------------
10. 1/10: Spybot-HUR Worm Targets Bad Passwords
W32.Spybot.HUR is a worm that has distributed denial of service and back door
capabilities.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,kj8x,jbb5,9s3s,a9gz
------------------------------------------------------------
11. 1/10: Gaobot.CKP Worm Lets Hackers In
Gaobot.CKP is a worm with backdoor characteristics that allows hackers to gain remote
control over the affected computer and carry out actions such as command execution,
download and execute files, log keystrokes, obtain different information on the computer,
launch distributed denial of service (DDoS) attacks, etc.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,aw1m,mf5d,9s3s,a9gz
------------------------------------------------------------
12. 1/10: Woned-A Worm Copies Itself to Folders
W32/Woned-A is a worm for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,h8ei,ctz6,9s3s,a9gz
------------------------------------------------------------
13. 1/10: Rbot-TD Worm Allows Unauthorized Access
W32/Rbot-TD is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,hb4l,2mjs,9s3s,a9gz
------------------------------------------------------------
14. 1/10: VBS/Mcon-G Worm Spreads Via IRC
VBS/Mcon-G is a worm that spreads via network shares and IRC channels.
http://nl.internet.com/ct.html?rtr=on&s=1,1bs3,1,e2gd,clhz,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Jan 11, 2005 8:05 am    Post subject: Reply with quote

- Video files appear that download
malicious application when they are run -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

MADRID, January 10, 2005 - PandaLabs has detected the appearance of two new
Trojans, Trj/WmvDownloader.A and Trj/WmvDownloader.B, which are spreading
through P2P networks in video files. These Trojans take advantage of the new
technology incorporated in Microsoft Windows Media player called Windows
Media Digital Rights Management (DRM), designed to protect the intellectual
property rights of multimedia content. When a user tries to play a protected
Windows media file, this technology demands a valid license. If the license
is not stored on the computer, the application will look for it on the
Internet, so that the user can acquire it directly or buy it. This new
technology is incorporated through the Windows XP Service Pack 2 + Windows
Media Player 10 update.

The video files infected by these Trojans have a .wmv extension and are
protected by licenses, supposedly issued by the companies overpeer (for
Trj/WmvDownloader.A), or protectedmedia (for Trj/WmvDownloader.B). If the
user runs a video file that is infected by one of these Trojans, they
pretend to download the corresponding license from certain web pages.
However, what they actually do is redirect the user to other Internet
addresses from which they download a large number adware (programs that
display advertisements on screen), spyware, dialers (applications that
dial-up high rate toll numbers) and other viruses. Below are some examples
of the malicious programs and viruses these Trojans download:

Adware/Funweb
Adware/MydailyHoroscope
Adware/MyWay
Adware/MyWebSearch
Adware/Nsupdate
Adware/PowerScan
Adware/Twain-Tech
Dialer Generic
Dialer.NO
Spyware.AdClicker
Spyware/BetterInet
Spyware/ISTbar
Trj/Downloader.GK

Even though these Trojans have been detected in video files with extremely
variable names which can be downloaded through P2P networks like KaZaA or
eMule, bear in mind that they can also be distributed through other means,
such as files attached to email messages, FTP or Internet downloads, floppy
disks, CD-ROM, etc.

Panda Software has made the corresponding updates to its anti-malware
solutions available to its clients to detect and disinfect any video file
protected by the licenses used by Trj/WmvDownloader.A and
Trj/WmvDownloader.B to carry out their malicious actions. Similarly, the
Panda Software solutions protect users against the malware that these
Trojans try to install on computers.

For further information about Trj/WmvDownloader.A, Trj/WmvDownloader.B or
the malicious programs and viruses these Trojans try to download, visit
Panda Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste'.

------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Tue Jan 11, 2005 4:59 pm    Post subject: Reply with quote

New Trojan Exploits Windows DRM
Video watchers may get an unexpected surprise from downloading from P2P.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,3ojb,kdha,9s3s,a9gz
------------------------------------------------------------

1/11: Symbos_Vlasco-C Virus Hits Phones
Symbos_Vlasco.C is Trend Micro's detection for files infected by Pe_Vlasco.A.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,c9c8,mdy2,9s3s,a9gz
------------------------------------------------------------
5. 1/11: Symbos_Vlasco-B Virus Hits Bluetooth
Symbos_Vlasco-B is a variant of Symbos_Vlasco.A and affects Series 60 mobile phones.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,bme0,aihp,9s3s,a9gz
------------------------------------------------------------
6. 1/11: Sdbot-AJ Trojan Lets Attacker In
Backdoor.Sdbot.AJ is a network-aware worm with back door capabilities that spreads via
network shares and allows a remote attacker to gain unauthorized access to the
compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,c1bq,gps3,9s3s,a9gz
------------------------------------------------------------
7. 1/11: Dimi Trojan Downloaded by Sober Worms
Trojan.Dimi is a Trojan horse that is downloaded by variants of the Sober family of
worms. The Trojan may update the worm.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,ei1g,mb79,9s3s,a9gz
------------------------------------------------------------
8. 1/11: Lasco-A Worm Affects Cell Phones
Vendors have issued alerts for Lasco.A, a worm that only affects cellular phones that use
the operating system Symbian.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,cteb,40n2,9s3s,a9gz
------------------------------------------------------------
9. 1/11: Rbot-TE Worm Runs in Background
W32/Rbot-TE is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,dxed,5twk,9s3s,a9gz
------------------------------------------------------------
10. 1/11: Wurmark-D a Mass-Mailing Worm
W32/Wurmark-D is a mass mailing worm that sends itself as a ZIP attachment to email
addresses found on the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,hj1e,5aag,9s3s,a9gz
------------------------------------------------------------
11. 1/11: Agobot-OV Worm Connects to IRC Server
W32/Agobot-OV is a network worm with IRC backdoor functionality.
http://nl.internet.com/ct.html?rtr=on&s=1,1bv9,1,hlhr,ezq4,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Thu Jan 13, 2005 7:20 pm    Post subject: Reply with quote

1/13: Sdbot-TG Worm Has Backdoor Ability
W32/Sdbot-TG is a worm with backdoor Trojan functionality.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,lk1r,etvh,9s3s,a9gz
------------------------------------------------------------
6. 1/13: Agobot-AEK a Memory-Resident Worm
Worm_Agobot.AEK is a memory-resident worm that is another variant of the AGOBOT family
that exploits the vulnerabilities discussed in Microsoft Security Bulletins.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,mbz,17xc,9s3s,a9gz
------------------------------------------------------------
7. 1/13: Expl_Iconex-A an Animated Cursor File
Expl_Iconex.A is Trend Micro's detection for an animated cursor file (ANI) that exploits
the Vulnerability in 'Cursor and Icon Format Handling Could Allow Remote Code Execution.'

http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,m704,3s23,9s3s,a9gz
------------------------------------------------------------
8. 1/13: Globe a Proof-of-Concept Trojan
Backdoor.Globe is a proof-of-concept Trojan that exploits the Microsoft Windows LoadImage
API Function Integer Overflow Vulnerability (described in Microsoft Security Bulletin
MS05-002).
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,55d7,ksnj,9s3s,a9gz
------------------------------------------------------------
9. 1/13: Ranky-Q Trojan Uses System as Proxy
Backdoor.Ranky.Q is a back door program that allows a compromised computer to be used as
a covert proxy.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,dtx3,dhlg,9s3s,a9gz
------------------------------------------------------------
10. 1/13: Linkbot-H Worm Exploits LSASS Flaw
W32.Linkbot.H is a worm that exploits the Microsoft Windows LSASS Buffer Overrun
Vulnerability (Microsoft Security Bulletin MS04-011) in order to propagate.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,8dzc,jgd8,9s3s,a9gz
------------------------------------------------------------
11. 1/13: Downloader-UA.b Exploits DRM Technology
Downloader-UA.b is a multimedia file that takes advantage of an exploit in the Digital
Rights Management (DRM) technology in the Windows Media Player.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,lzs4,ylg,9s3s,a9gz
------------------------------------------------------------
12. 1/13: Downloader-UA.a a Multimedia File
Downloader-UA.a is a multimedia file that takes advantage of an exploit in the Digital
Rights Management (DRM) technology in the Windows Media Player.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,i6qa,2tnf,9s3s,a9gz
------------------------------------------------------------
13. 1/13: Buchon-C Worm Has Several Traits
Some vendors have issued alerts for W32/Buchon.c@MM, a mass-mailing worm.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,fryz,dikr,9s3s,a9gz
------------------------------------------------------------
14. 1/13: Wurmark-E Worm Arrives As Zip Attachment
W32/Wurmark-E is a mass mailing worm which sends itself as a zip attachment to email
addresses found on the infected computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,2qsi,702z,9s3s,a9gz
------------------------------------------------------------
15. 1/13: Rbot-T Worm Allows Unauthorized Access
W32/Rbot-TF is a worm for the Windows platform that provides unauthorized remote access
to the infected computer through an IRC channels.
http://nl.internet.com/ct.html?rtr=on&s=1,1c2a,1,fmsr,cpd6,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Fri Jan 14, 2005 4:37 pm    Post subject: Reply with quote

1/14: Adw_Adroar-A an Adware Program
Adw_Adroar.A is an adware program that adds a Browser Helper Object (BHO) to
automatically pop up advertisements from certain Web sites affiliated with AdRoar.com,
which is an advertisement company.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,8nnx,jgbz,9s3s,a9gz

1/14: Mirsa-A Worm Spreads Via Email
Worm_Mirsa.A propagates via email.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,ey43,32kl,9s3s,a9gz
------------------------------------------------------------
8. 1/14: Mugly-E Worm Gathers Addresses
W32.Mugly.E@mm is a worm that uses its own SMTP engine to spread by sending itself as an
email attachment to addresses gathered from the compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,5z5q,g6uk,9s3s,a9gz
------------------------------------------------------------
9. 1/14 Abebot Trojan Lowers Security Settings
Backdoor.Abebot is a Trojan horse that opens a back door and lowers security settings on
the compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,m0eu,85f2,9s3s,a9gz
------------------------------------------------------------
10. 1/14: Mugly-D Worm Drops in Randex Variant
W32.Mugly.D@mm is a worm that uses its own SMTP engine to spread by sending itself as an
email attachment to addresses gathered from the compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,1nkf,auvb,9s3s,a9gz
------------------------------------------------------------
11. 1/14: Mugly-F Worm Uses Own SMTP Engine
W32.Mugly.F@mm is a worm that uses its own SMTP engine to spread by sending itself as an
email attachment to addresses gathered from the compromised computer.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,4z,73aj,9s3s,a9gz
------------------------------------------------------------
12. 1/14: Rbot-TL Worm Copies Itself to File
W32/Rbot-TL is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,44rb,355e,9s3s,a9gz
------------------------------------------------------------
13. 1/14: Rbot-AGZ a Network Worm and Trojan
W32/Rbot-AGZ is a network worm and IRC backdoor Trojan for the Windows platform.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,ltzm,1cxc,9s3s,a9gz
------------------------------------------------------------
14. 1/14: Myfip-F Worm Uses Network Shares
W32/Myfip-F is a worm that spreads using network shares that are either unprotected or
protected only by weak passwords.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,gpwm,ds3x,9s3s,a9gz
------------------------------------------------------------
15. 1/14: Baba-B a Mass-Mailing Worm
W32/Baba-B is a mass-mailing worm with a backdoor component.
http://nl.internet.com/ct.html?rtr=on&s=1,1c4z,1,82kq,9eri,9s3s,a9gz
------------------------------------------------------------

************************************
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group