Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - December 15, 2004

by Marianna Schmudlach / December 15, 2004 12:39 AM PST

W32/Forbot-CY
Summary

Aliases Backdoor.Win32.Wootbot.gen
WORM_WOOTBOT.ZQ

Type Worm

W32/Forbot-CY is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allow unauthorised remote access to the infected computer via IRC channels.
Once installed, W32/Forbot-CY will attempt to setup an HTTP proxy server, delete connections to network shares, particpate in denial-of-service (DoS) attacks and steal CD keys when instructed to do so by a remote attacker.
W32/Forbot-CY can spread to unpatched machines affected by the LSASS security exploit (MS04-011).

http://www.sophos.com/virusinfo/analyses/w32forbotcy.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - December 15, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - December 15, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Bdoor-AW
by Marianna Schmudlach / December 15, 2004 12:41 AM PST

Type Trojan

Troj/Bdoor-AW is a backdoor Trojan for the Windows platform.
Troj/Bdoor-AW chooses a random port and then sends registration information to a remote site via an HTTP GET request. The information transferred includes the randomly chosen port number and the system IP.


http://www.sophos.com/virusinfo/analyses/trojbdooraw.html

Collapse -
Troj/Ranck-BK
by Marianna Schmudlach / December 15, 2004 12:43 AM PST
Collapse -
W32/Sdbot-SR
by Marianna Schmudlach / December 15, 2004 12:45 AM PST

Aliases W32/Sdbot.worm.gen.k
WORM_SDBOT.CAH

Type Worm

W32/Sdbot-SR is a Windows worm that spreads via network shares with weak passwords. When run the worm creates backdoor functions that allow a remote intruder access into the computer via IRC channels while running in the background as a process.
The worm attempts to log keystrokes, capture screen information, launch Denial of Service (DoS) attacks, download files from the internet and run them when instructed to do so by a remote attacker.
W32/Sdbot-SR also takes advantage of the vulnerabilities exploited by the MyDoom family of worms.

http://www.sophos.com/virusinfo/analyses/w32sdbotsr.html

Collapse -
W32/Sdbot-SE
by Marianna Schmudlach / December 15, 2004 12:46 AM PST

Aliases Backdoor.Win32.SdBot.gen

Type Worm

W32/Sdbot-SE is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32sdbotse.html

Collapse -
W32/Rbot-RO
by Marianna Schmudlach / December 15, 2004 12:49 AM PST

Aliases W32/Sdbot.worm.gen.h

Type Worm

W32/Rbot-RO is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allow unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011), RPC-DCOM security exploit (MS03-039) and the WebDav security exploit (MS03-007).
Once installed, W32/Rbot-RO will attempt to participate in distributed denial of service (DDoS) attacks, download and run files from the internet, steal CD keys, log keystrokes and create an HTTPD server when instructed to do so by a remote attacker.
The worm tries to terminate and disable various anti-virus and security related programs and also attempts to exploit backdoors and vulnerabilites used by the MyDoom family of worms.

http://www.sophos.com/virusinfo/analyses/w32rbotro.html

Collapse -
W32/Rbot-SR
by Marianna Schmudlach / December 15, 2004 12:50 AM PST

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.y

Type Worm

W32/Rbot-SR is a Windows worm that spreads via network shares with weak passwords.
The worm also has a backdoor component that allows a malicious user remote access to an infected computer via IRC channels while running in the background as a service process.

http://www.sophos.com/virusinfo/analyses/w32rbotsr.html

Collapse -
Troj/AdClick-AX
by Marianna Schmudlach / December 15, 2004 12:52 AM PST
Collapse -
W32/Protoride-Z
by Marianna Schmudlach / December 15, 2004 12:54 AM PST

Aliases Worm.Win32.Protoride.gen

Type Worm

W32/Protoride-Z is a network worm with backdoor functionality.
W32/Protoride-Z targets remote network shares allowing, at the same time, remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32protoridez.html

Collapse -
W32/Dedler-E
by Marianna Schmudlach / December 15, 2004 12:56 AM PST

Aliases Net-Worm.Win32.Dedler.u
W32/Dedler.worm

Type Worm

W32/Dedler-E is a network worm with backdoor Trojan functionality.
W32/Dedler-E will connect to an ICQ chat server and await backdoor commands over the ICQ network. The worm is capable of downloading and running further executables.
W32/Dedler-E is capable of spreading to network shares protected by weak passwords.
W32/Dedler-E will attempt to disable anti-virus and security software and deny access to certain anti-virus websites. The worm will attempt to disable the Windows update service.

http://www.sophos.com/virusinfo/analyses/w32dedlere.html

Collapse -
Troj/Padodor-S
by Marianna Schmudlach / December 15, 2004 12:58 AM PST
Collapse -
Troj/Antinny-J
by Marianna Schmudlach / December 15, 2004 1:00 AM PST

Aliases Trojan.Win32.KillFiles.gm

Type Trojan

Troj/Antinny-J is a Trojan that will display a full screen image and play a sound file repeatedly.
Each time Troj/Antinny-J is run, it will attempt to delete a folder from the Program Files folder.
Troj/Antinny-J will disable the Windows Task Manager.

http://www.sophos.com/virusinfo/analyses/trojantinnyj.html

Collapse -
Troj/Dloader-ER
by Marianna Schmudlach / December 15, 2004 1:01 AM PST

Aliases Virus.Win32.Delf.a

Type Trojan

Troj/Dloader-ER is a Trojan for the Windows platform.
When executed the Trojan copies itself to many different locations on the infected computer and then attempts to download several webpages to the current folder.

http://www.sophos.com/virusinfo/analyses/trojdloaderer.html

Collapse -
Troj/Lineage-B
by Marianna Schmudlach / December 15, 2004 1:03 AM PST

Aliases Trojan-PSW.Win32.Lineage.o

Type Trojan

Troj/Lineage-B is a password stealing Trojan for the Windows platform. The Trojan targets passwords associated with the game "Lineage"
Troj/Lineage-B will send the stolen information to a pre-defined email address or remote website.
Troj/Lineage-B will attempt to disable anti-virus and security related applications.

http://www.sophos.com/virusinfo/analyses/trojlineageb.html

Collapse -
Zafi-D worm storms the internet, spreading Christmas fear
by Marianna Schmudlach / December 15, 2004 1:05 AM PST

Currently accounting for over 70% of all virus reports to Sophos's global network of monitoring stations, the Zafi-D email worm spreads disguised as a Christmas greeting. Make sure you have automatic virus protection updates defending your business.

http://www.sophos.com/virusinfo/articles/zafid.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!