Spyware, Viruses, & Security forum

General discussion

VIRUS \ Spyware ALERTS - October 9, 2008

by Marianna Schmudlach / October 8, 2008 3:03 PM PDT
Post a reply
Discussion is locked
You are posting a reply to: VIRUS \ Spyware ALERTS - October 9, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS \ Spyware ALERTS - October 9, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/KeyGen-Gen
by Marianna Schmudlach / October 8, 2008 3:05 PM PDT
Collapse -
Troj/FakeAV-EN
by Marianna Schmudlach / October 8, 2008 3:06 PM PDT
Collapse -
Troj/Dloadr-BVE
by Marianna Schmudlach / October 8, 2008 3:07 PM PDT
Collapse -
Troj/Bdoor-AOL
by Marianna Schmudlach / October 8, 2008 3:09 PM PDT
Collapse -
Troj/Agent-HWF
by Marianna Schmudlach / October 8, 2008 3:16 PM PDT
Collapse -
W32/Autorun-LF
by Marianna Schmudlach / October 9, 2008 12:58 AM PDT
Collapse -
Troj/Agent-HWH
by Marianna Schmudlach / October 9, 2008 12:59 AM PDT
Collapse -
Troj/Agent-HWG
by Marianna Schmudlach / October 9, 2008 1:00 AM PDT
Collapse -
Packed.Generic.189
by Marianna Schmudlach / October 9, 2008 1:02 AM PDT
Collapse -
Packed.Generic.190
by Marianna Schmudlach / October 9, 2008 1:03 AM PDT
Collapse -
UI redress attacks (aka Clickjacking)
by Marianna Schmudlach / October 9, 2008 2:26 AM PDT

9 October 2008

Recently there has been quite a bit of noise about attacks involving a technique dubbed ?Clickjacking?. The tale starts back in September when a talk planned for the OWASP conference was pulled at the last minute, due to concerns about disclosing details of the attack [1, 2].

The combination of the cancelled talk and scant attack details was sufficient to pique the interest of many, and speculation over the last few weeks about how the attack worked has been rife [3,4,5]. Earlier this week, the cat escaped its bag - a proof of concept demonstration of the attack was released [6]. Since then, the original researchers have published full details [7,8].

So, exactly what is clickjacking? And what can you do to prevent being hit by it?

More: http://www.sophos.com/security/blog/2008/10/1850.html

Collapse -
Troj/Pushdo-X
by Marianna Schmudlach / October 9, 2008 6:01 AM PDT

Category Viruses and Spyware

Type Trojan

Troj/Pushdo-X is a Trojan for the Windows platform.

When Troj/Pushdo-X is installed it creates the file <System>\drivers\ati7xbxx.sys, which is detected as Troj/Pushu-Gen.

The file ati7xbxx.sys is registered as a new system driver service named "ati7xbxx". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\ati7xbxx
HKLM\SYSTEM\CurrentControlSet\SafeBoot\Minimal\ati7xbxx.sys
HKLM\SYSTEM\CurrentControlSet\SafeBoot\Network\ati7xbxx.sys
HKLM\SYSTEM\ControlSet002\Services\ati7xbxx

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpushdox.html?_log_from=rss

Collapse -
Troj/Iframe-BC
by Marianna Schmudlach / October 9, 2008 6:02 AM PDT
Collapse -
Troj/Iframe-BB
by Marianna Schmudlach / October 9, 2008 6:03 AM PDT
Collapse -
Troj/Dloadr-BVG
by Marianna Schmudlach / October 9, 2008 6:04 AM PDT

Aliases VirTool:Win32/DelfInject.gen!AF

Category Viruses and Spyware

Type Trojan

Troj/Dloadr-BVG is a downloader Trojan for the Windows platform.

When first run Troj/Dloadr-BVG copies itself to <Windows>\service.exe with the hidden, system and read-only attributes set and creates the following registry entries to run service.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Messenger Service
service.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Messenger Service
service.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Messenger Service
service.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvg.html?_log_from=rss

Collapse -
Troj/Agent-HWN
by Marianna Schmudlach / October 9, 2008 6:05 AM PDT
Collapse -
Troj/Agent-HWM
by Marianna Schmudlach / October 9, 2008 6:07 AM PDT
Collapse -
Troj/Agent-HWL
by Marianna Schmudlach / October 9, 2008 6:08 AM PDT

Category Viruses and Spyware

Type Trojan

Troj/Agent-HWL is a Trojan for the Windows platform.

When first run Troj/Agent-HWL copies itself to <System>\qq.exe and creates the file <Root>\bot.txt.

The file QQ.exe is registered as a new system driver service named "windows XP", with a display name of "windows XP" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\windows XP

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthwl.html?_log_from=rss

Collapse -
Troj/Agent-HWK
by Marianna Schmudlach / October 9, 2008 6:09 AM PDT
Collapse -
Troj/Agent-HWJ
by Marianna Schmudlach / October 9, 2008 6:10 AM PDT
Collapse -
Mal/FakeAV-I
by Marianna Schmudlach / October 9, 2008 6:11 AM PDT
Collapse -
Adzgalore
by Marianna Schmudlach / October 9, 2008 6:42 AM PDT

Category Adware or PUA

Type Adware

Adzgalore is an adware plugin for Microsoft Internet Explorer.

When the application is installed the following files are created:

<System>\cont_adzgalore-remove.exe
<System>\nsxB.dll

The file nsxB.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22a17ff-9f1f-6cd5-74e4-64d841b2339b}
HKCR\CLSID\{d22a17ff-9f1f-6cd5-74e4-64d841b2339b}

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_adzgalore

Adzgalore provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "Contextual Tool Adzgalore".

http://www.sophos.com/security/analyses/adware-and-puas/adzgalore.html?_log_from=rss

Collapse -
Trojan-Downloader:W32/Tibs.VX
by Marianna Schmudlach / October 9, 2008 6:54 AM PDT

Detection Names : Trojan-Downloader:W32/Tibs.VX
Trojan-Downloader.Win32.Agent.ajbg

Aliases : TrojanDownloader:Win32/Tibs (Microsoft)

Size: 14336
Type: Trojan-Downloader
Category: Malware
Platform: W32

Summary
This malware downloads files into the system and executes them.

http://www.f-secure.com/v-descs/trojan-downloader_w32_tibs_vx.shtml

Collapse -
W32.Bluven
by Marianna Schmudlach / October 9, 2008 9:29 AM PDT
Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the school year

Smart tech for smart students

Forget the pencils and notebooks. Gear up your students with these portable and powerful note-taking machines.