Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - April 11, 2007

by Marianna Schmudlach / April 10, 2007 3:09 PM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS - April 11, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - April 11, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/IRCFlood-O
by Marianna Schmudlach / April 10, 2007 3:11 PM PDT
Collapse -
Troj/Keygen-BE
by Marianna Schmudlach / April 10, 2007 3:13 PM PDT
Collapse -
W32/SillyFDC-W
by Marianna Schmudlach / April 10, 2007 3:14 PM PDT

Alert ID : FrSIRT/ALRT-2007-02451
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-04-11


Description

W32/SillyFDC-W is a worm for the Windows platform that spreads via removeable shared drives.

References

http://www.sophos.com/virusinfo/analyses/w32sillyfdcw.html

Credits

Reported by Sophos

Collapse -
Troj/RKProc-H
by Marianna Schmudlach / April 10, 2007 3:16 PM PDT
Collapse -
Troj/Banloa-BIC
by Marianna Schmudlach / April 10, 2007 3:17 PM PDT

Alert ID : FrSIRT/ALRT-2007-02449
Aliases : Trojan-Downloader.Win32.Banload.amc
Size : N/A
Rated as : Low Risk
Release Date : 2007-04-11


Description

Troj/Banloa-BIC is a Trojan for the Windows platform. Troj/Banloa-BIC includes functionality to download, install and run new software.

References

http://www.sophos.com/virusinfo/analyses/trojbanloabic.html

Credits

Reported by Sophos

Collapse -
Troj/Zlob-ABM
by Marianna Schmudlach / April 10, 2007 3:19 PM PDT
Collapse -
W32/Feebs-BL
by Marianna Schmudlach / April 11, 2007 12:27 AM PDT
Collapse -
W32/Sdbot-DCY
by Marianna Schmudlach / April 11, 2007 12:28 AM PDT
Collapse -
Troj/PcClien-KD
by Marianna Schmudlach / April 11, 2007 12:30 AM PDT
Collapse -
Troj/PcClien-KE
by Marianna Schmudlach / April 11, 2007 12:31 AM PDT
Collapse -
Troj/Keygen-BD
by Marianna Schmudlach / April 11, 2007 12:33 AM PDT
Collapse -
Troj/Rising-A
by Marianna Schmudlach / April 11, 2007 12:34 AM PDT
Collapse -
Mal/Clagger-C
by Marianna Schmudlach / April 11, 2007 12:35 AM PDT
Collapse -
W32/Rbot-GLU
by Marianna Schmudlach / April 11, 2007 12:36 AM PDT
Collapse -
Troj/Adload-LC
by Marianna Schmudlach / April 11, 2007 12:38 AM PDT
Collapse -
W32/RabbitLuv-A
by Marianna Schmudlach / April 11, 2007 12:40 AM PDT
Collapse -
PWS-LegMir!2eff06bc
by Marianna Schmudlach / April 11, 2007 12:41 AM PDT

Alert ID : FrSIRT/ALRT-2007-02455
Aliases : Infostealer.Perfwo - Trj/Lineage.DBD - Troj/PSW-Gen - Trojan-PSW.Win32.OnLineGames.es - Trojan:Win32/Meredrop - TSPY_ONLINEG.YG
Size : N/A
Rated as : Low Risk
Release Date : 2007-04-11


Description

This trojan is designed to steal password information of online games including the game "Legend of Mir".

References

http://vil.nai.com/vil/content/v_141965.htm

Credits

Reported by McAfee

Collapse -
W32/Tiotua-G
by Marianna Schmudlach / April 11, 2007 12:44 AM PDT

Type Worm

Aliases IM-Worm.Win32.Sohanad.ak

W32/Tiotua-G is a worm for the Windows platform.

W32/Tiotua-G spreads by copying itself to mapped disk drives and removable storage devices.

When run, the worm opens various programs like Notepad, Solitaire, Pinball, Windows Media Player etc. It also tries to open and close the CD drive. It pretends to select and delete all shortcuts on the Desktop. After this it displays a fake message "The 'USB Mass Storage Device' device can now be safely removed from the system." and forces a reboot.

W32/Tiotua-G creates a number of WIndows Schedules Tasks to run itself at various times everyday.

Protection available since 11 April 2007

http://www.sophos.com/security/analyses/w32tiotuag.html

Collapse -
W32/Delbot-AG
by Marianna Schmudlach / April 11, 2007 12:45 AM PDT

Alert ID : FrSIRT/ALRT-2007-02468
Aliases : Win32/Rinbot.S - W32/Nirbot.worm.gen - Backdoor.Win32.VanBot.ay - W32/Backdoor.AHJW
Size : N/A
Rated as : Low Risk
Release Date : 2007-04-11


Description

W32/Delbot-AG is a worm with IRC Backdoor functionality which allows a remote intruder to gain access and control over the computer vie IRC channels. W32/Delbot-AG spreads - to computers vulnerable to common exploits, including: Symantec (SYM06-010) - to MSSQL servers protected by weak passwords .

References

http://www.sophos.com/virusinfo/analyses/w32delbotag.html

Credits

Reported by Sophos

Collapse -
Troj/Dloadr-AXD
by Marianna Schmudlach / April 11, 2007 12:46 AM PDT

Alert ID : FrSIRT/ALRT-2007-02467
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-04-11


Description

Troj/Dloadr-AXD is a Trojan for the Windows platform. Troj/Dloadr-AXD may attempt to install itself in place of the legitimate MSN Messenger application and may download further executable code.

References

http://www.sophos.com/virusinfo/analyses/trojdloadraxd.html

Credits

Reported by Sophos

Collapse -
Troj/Ranck-FN
by Marianna Schmudlach / April 11, 2007 12:47 AM PDT

Alert ID : FrSIRT/ALRT-2007-02466
Aliases : BackDoor-AWItrojan - Trojan-Proxy.Win32.Ranky.gen - Win32/TrojanProxy.Ranky - destructiveprogramnamedW32/Trojan.ABED
Size : N/A
Rated as : Low Risk
Release Date : 2007-04-11


Description

Troj/Ranck-FN is a Trojan for the Windows platform. Troj/Ranck-FN runs a proxy server, allowing a remote intruder to route traffic through the infected computer.

References

http://www.sophos.com/virusinfo/analyses/trojranckfn.html

Credits
Reported by Sophos

Collapse -
March Malware Roundup
by Marianna Schmudlach / April 11, 2007 2:17 AM PDT

April 11th, 2007 by Ryan Flores

Good day everyone!


March seemed to be a relatively quiet month for malware authors. There were fewer mass-mailed malwares, but we still saw a fair share of TROJ_ZLOB?s and WORM_MYTOB?s making their rounds. IM and web based threats were seen in their usual numbers, with the more interesting ones discussed below.


One probable reason why March was a relatively quiet month is because it lacks an international event. January has New Year and February has Valentines. March has, umm? well? it?s summer in the Philippines, and spring in the US, but not much of an event to effectively use as social engineering. The lack of ?shocking? headlines could?ve contributed too to the calmer March malware traffic.

Regional Attacks


In a rather unusual attack to Middle Eastern countries, TrendLabs discovered a worm malware that executes only on machines with Arabic or Persian keyboard layouts. The malware?s use of e-mail subjects and bodies that contains references to Israel, Iran, Lebanon, and Gazza, solidifies its intent to infect Arab or Persian speaking users.


In another round of social engineering attack, TROJ_YABE uses another German company, this time the German Telekom, in an attempt to fool users into downloading the malware. The said malware arrives via e-mail claiming to be a bill from German Telekom. A few days earlier, TROJ_YABE was seen arriving as a confirmation e-mail from Apple store Germany.

More: http://blog.trendmicro.com/

Collapse -
Spyware.FreeKeylogger
by Marianna Schmudlach / April 11, 2007 4:37 AM PDT
Collapse -
W32.Feebs.DH@mm
by Marianna Schmudlach / April 11, 2007 4:39 AM PDT
Collapse -
W32.Virut!gen
by Marianna Schmudlach / April 11, 2007 4:40 AM PDT
Collapse -
W32/Sohana-S
by Marianna Schmudlach / April 11, 2007 8:21 AM PDT

Type Worm

Aliases Win32/Sohanad.NAM worm
IM-Worm.Win32.Sohanad.t

W32/Sohana-S is a worm for the Windows platform.

W32/Sohana-S spreads
- via Yahoo Messenger.
- by copying itself to all mapped drives and removable storage devices.

W32/Sohana-S includes functionality to access the internet and communicate with a remote server via HTTP.

Protection available since 11 April 2007

http://www.sophos.com/security/analyses/w32sohanas.html

Collapse -
W32/Tilebot-JJ
by Marianna Schmudlach / April 11, 2007 8:23 AM PDT
Collapse -
W32/Tilebot-JK
by Marianna Schmudlach / April 11, 2007 8:24 AM PDT
Collapse -
Troj/Bitget-A
by Marianna Schmudlach / April 11, 2007 8:25 AM PDT
Collapse -
W32/VBAut-C
by Marianna Schmudlach / April 11, 2007 8:27 AM PDT

Type Worm

Aliases W32/YahLover.worm
IM-Worm.Win32.Qucan.r

W32/VBAut-C is a worm for the Windows platform.

W32/VBAut-C spreads via
- removable storage devices.
- Yahoo Messenger.

W32/VBAut-C includes functionality to download, install and run new software.


Protection available since 11 April 2007

http://www.sophos.com/security/analyses/w32vbautc.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.