Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 14, 2005

by roddy32 Dec 13, 2005 10:23PM PST

Discussion is locked

61 - 90 of 88 Posts
- Collapse + Expand Details
- Collapse -
Troj/Lineage-ON
by Marianna Schmudlach Dec 14, 2005 8:49AM PST

Type Spyware Trojan

Aliases Trojan-PSW.Win32.Lineage.on

Troj/Lineage-ON is a password stealing Trojan for the Windows platform that attempts to steal passwords associated with the game called "Lineage".
Troj/Lineage-ON includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojlineageon.html

- Collapse -
Troj/Dloadr-AAM
by Marianna Schmudlach Dec 14, 2005 8:50AM PST
- Collapse -
Troj/Banload-I
by Marianna Schmudlach Dec 14, 2005 8:50AM PST
- Collapse -
Troj/Lineage-OZ
by Marianna Schmudlach Dec 14, 2005 8:51AM PST

Type Spyware Trojan

Aliases PWS-Lineage

Troj/Lineage-OZ is a password stealing Trojan for the Windows platform.
Troj/Lineage-OZ includes functionality to log both keystrokes and mouse operations, and to email such information to a predefined email address. The Trojan attempts to disable some security related applications so that this email activity is undected.

http://www.sophos.com/virusinfo/analyses/trojlineageoz.html

- Collapse -
Troj/VBSWG-AC
by Marianna Schmudlach Dec 14, 2005 8:52AM PST
- Collapse -
Troj/VBSWG-AD
by Marianna Schmudlach Dec 14, 2005 8:53AM PST
- Collapse -
W32/Chode-O
by Marianna Schmudlach Dec 14, 2005 8:54AM PST

Type Worm

Aliases Backdoor.Win32.VBbot.i

W32/Chode-O is an instant messenger worm with IRC backdoor functionality for the Windows platform that spreads by sending itself to IM contacts using MSN and AOL's instant messenger.

http://www.sophos.com/virusinfo/analyses/w32chodeo.html

- Collapse -
Troj/Danmec-B
by Marianna Schmudlach Dec 14, 2005 8:55AM PST
- Collapse -
W32/Rbot-AOH
by Marianna Schmudlach Dec 14, 2005 9:57AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.pac
W32.Spybot.Worm

W32/Rbot-AOH is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AOH spreads:
- to other network computers by exploiting common buffer overflow vulnerabilites, including: RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords

http://www.sophos.com/virusinfo/analyses/w32rbotaoh.html

- Collapse -
W32/Hiberi-B
by Marianna Schmudlach Dec 14, 2005 9:58AM PST

Type Worm

Aliases Net-Worm.Win32.Hiberium.b
W32.Iberio
WORM_ZOTOB.O

W32/Hiberi-B is a worm and backdoor Trojan for the Windows platform.
W32/Hiberi-B spreads to other network computers by exploiting common buffer overflow vulnerabilites, including PNP (MS05-039).
W32/Hiberi-B runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.
W32/Hiberi-B includes functionality to download, install and run new software.

http://www.sophos.com/virusinfo/analyses/w32hiberib.html

- Collapse -
Troj/Dumaru-S
by Marianna Schmudlach Dec 14, 2005 9:59AM PST

Type Spyware Trojan

Aliases Backdoor.Win32.Dumador.az

Troj/Dumaru-S is a password stealing backdoor Trojan for the Windows platform.
Troj/Dumaru-S can log keystrokes on an infected computer, steal email and ftp details, as well as information from Protected Storage.
Troj/Dumaru-S contains a backdoor component that downloads a text file that can instruct it to do any of the following:
Upload or download a file
Execute a file
Create a remote command prompt

http://www.sophos.com/virusinfo/analyses/trojdumarus.html

- Collapse -
W32/Sdbot-ADH
by Marianna Schmudlach Dec 14, 2005 9:59AM PST

Type Worm

W32/Sdbot-ADH is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ADH spreads to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil and W32/MyDoom.
W32/Sdbot-ADH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotadh.html

- Collapse -
W32/Rbot-AOG
by Marianna Schmudlach Dec 14, 2005 10:00AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.adf

W32/Rbot-AOG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AOG spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), MSSQL (MS02-039) (CAN-2002-0649), UPNP (MS01-059), Veritas (CAN-2004-1172) and Dameware (CAN-2003-1030)
- by copying itself to network shares protected by weak passwords
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AOG can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049
MS03-007
MS02-039
MS01-059
W32/Rbot-AOG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotaog.html

- Collapse -
W32/Tilebot-Q
by Marianna Schmudlach Dec 14, 2005 10:01AM PST

Type Worm

Aliases Backdoor.Win32.SdBot.aad

W32/Tilebot-Q is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-Q spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and MSSQL (MS02-039) (CAN-2002-0649) and by copying itself to network shares protected by weak passwords.
The following patches for the operating system vulnerabilities exploited by W32/Tilebot-Q can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049
MS02-039
W32/Tilebot-Q runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32tilebotq.html

- Collapse -
W32/Rbot-AOF
by Marianna Schmudlach Dec 14, 2005 10:02AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.gen

W32/Rbot-AOF is a worm for the Windows platform.
W32/Rbot-AOF spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012) and IIS5SSL (MS04-011) (CAN-2003-0719) and by copying itself to network shares protected by weak passwords.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-AOF can be obtained from the Microsoft website:
MS04-011
MS04-012

http://www.sophos.com/virusinfo/analyses/w32rbotaof.html

- Collapse -
W32/Ahker-K
by Marianna Schmudlach Dec 14, 2005 10:09AM PST

Type Worm

Aliases Email-Worm.Win32.Anker.r
W32.Ahker.D@mm
WORM_AHKER.K

W32/Ahker-K is an email worm for the Windows platform.
W32/Ahker-K will download a ZIP copy of itself from a website in order to send out via email.
W32/Ahker-K will mail itself out to email addresses found on an infected computer.
W32/Ahker-K will arrive as a ZIP attachment to an email. The characteristics of the email will be as follows:
Attachment name: "Mini-Game.zip"
Subject:
"FW: Check this out! LMFAO!!"
"FW: Bin Laden mini game! Download it NOW! LOL!"
"FW: Latest Bin Laden mini game!"
"FW: Breaking News! Bin Laden's...MINI GAME! LOL!"
"FW: BREAKING NEWS!! LOL!"
"FW: FW: check Saddam's first ever mini game!"
"FW: FW: Download Saddam's NEW mini game!"
"FW: FW: Download Bush's mini game! LMFAO!"
"Here it is! LOL!<BR> <BR>"
"FW: FW: CNN releases Bin Laden's mini game!"
"FW: FW: CHECK this out! Happy"
From: webmaster@games.com
Body:
"You'll find it in the attachement! Have fun!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: games@cnn.com
Body:
"Here it is! LOL!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: webmaster@gamespot.com
Body:
"You'll find the game attached! LMFAO!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: webmaster@ign.com
Body:
"Thanks to CNN for this new funny game! LOL! Keep it up!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: webmaster@gamepro.com
Body:
"Just have fun...can't say much! LOL!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: webmaster@gamerevolution.com
Body:
"Have fun! The best! enjoy!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: webmaster@ahker-games.org
Body:
"Awesome game. Download it! thanks CNN!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: webmaster@downloads.com
Body:
"It's cool!!!!!!!!!! I want to thank CNN!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: webmaster@arcade.com
Body:
"If you wanna laugh out loud...just try this mini game...! LOL!
Enjoy Bin Laden's & Saddam's latest mini-game!"
From: mini-games@iml.edu.lb
Body:
"You'll find the mini-game in the attachement!!
Enjoy Bin Laden's & Saddam's latest mini-game!"

http://www.sophos.com/virusinfo/analyses/w32ahkerk.html

- Collapse -
Troj/VBbot-I
by Marianna Schmudlach Dec 14, 2005 11:33AM PST
- Collapse -
Troj/LewDl-D
by Marianna Schmudlach Dec 14, 2005 11:34AM PST
- Collapse -
Troj/Krepper-Z
by Marianna Schmudlach Dec 14, 2005 11:35AM PST

Type Trojan

Aliases Downloader-ARQ

Troj/Krepper-Z is a Trojan for the Windows platform.
Troj/Krepper-Z includes functionality to access the internet and communicate with a remote server via HTTP. The Trojan may also download and execute further files.

http://www.sophos.com/virusinfo/analyses/trojkrepperz.html

- Collapse -
Troj/Bancban-LP
by Marianna Schmudlach Dec 14, 2005 11:36AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ahy

Troj/Bancban-LP is a internet banking Trojan for the Windows platform.
Troj/Bancban-LP includes the following functionalities:
- to communicate with remote servers
- to steal confidential information

http://www.sophos.com/virusinfo/analyses/trojbancbanlp.html

- Collapse -
W32/Rbot-BCD
by Marianna Schmudlach Dec 14, 2005 11:37AM PST

Type Spyware Worm

Aliases Backdoor.Win32.Rbot.akq
WORM_RBOT.DDA

W32/Rbot-BCD is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-BCD spreads using a variety of techniques including:
-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities
-using backdoors opened by other worms or Trojans.
W32/Rbot-BCD can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BCD can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software

http://www.sophos.com/virusinfo/analyses/w32rbotbcd.html

- Collapse -
W32/Rbot-BBW
by Marianna Schmudlach Dec 14, 2005 11:38AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.adf
W32/Sdbot.MFP

W32/Rbot-BBW is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBW spreads:
- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords
W32/Rbot-BBW runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbbw.html

- Collapse -
Troj/Banload-BC
by Marianna Schmudlach Dec 14, 2005 11:38AM PST
- Collapse -
Troj/Banload-CE
by Marianna Schmudlach Dec 14, 2005 11:39AM PST
- Collapse -
Troj/Bancban-LQ
by Marianna Schmudlach Dec 14, 2005 11:40AM PST
- Collapse -
Troj/ConHook-L
by Marianna Schmudlach Dec 14, 2005 11:41AM PST
- Collapse -
Troj/Stawin-I
by Marianna Schmudlach Dec 14, 2005 11:42AM PST

Type Spyware Trojan

Troj/Stawin-I is a keylogging Trojan for the Windows platform.
Troj/Stawin-I includes functionality to email notification messages to remote locations.
When logging data, Troj/Stawin-I will target interactions with banks and financial institutions, such as data entered into online banking forms. The logged data will be sent to a specific email address.

http://www.sophos.com/virusinfo/analyses/trojstawini.html

- Collapse -
Troj/LegMir-BZ
by Marianna Schmudlach Dec 14, 2005 11:43AM PST
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info