Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 22, 2005

by roddy32 Dec 21, 2005 9:22PM PST

W32/Rbot-BFL

Type
Spyware Worm

W32/Rbot-BFL is an internet worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BFL spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and RPC-DCOM (MS04-012) and by copying itself to network shares protected by weak passwords.

W32/Rbot-BFL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-BFL includes functionality to:

- steal confidential information
- carry out DDoS flooder attacks
- silently download, install and run new software

The following patches for the operating system vulnerabilities exploited by W32/Rbot-BFL can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

http://www.sophos.com/virusinfo/analyses/w32rbotbfl.html

Discussion is locked

1 - 30 of 48 Posts
- Collapse + Expand Details
- Collapse -
W32/Rbot-BFM
by roddy32 Dec 21, 2005 9:58PM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.Rbot.akr

W32/Rbot-BFM is a network worm with backdoor Trojan functionality for the Windows platform.

W32/Rbot-BFM spreads using a variety of techniques including:

-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities such as LSASS (MS04-011) and RPC-DCOM (MS04-012)
-using backdoors opened by other worms or Trojans.

W32/Rbot-BFM can be controlled by a remote attacker over IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbfm.html

- Collapse -
Troj/Dropper-CD
by roddy32 Dec 21, 2005 9:59PM PST
- Collapse -
W32/Tilebot-CR
by roddy32 Dec 21, 2005 10:01PM PST

Type
Worm

Aliases
Backdoor.Win32.SdBot.aad
W32/Sdbot.worm.gen.g
W32.Spybot.Worm
IM.Giftcom.All

W32/Tilebot-CR is a worm for the Windows platform.

W32/Tilebot-CR spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007) and via AOL Instant Messenger.

W32/Tilebot-CR runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Tilebot-CR includes functionality to:

- set up an FTP server
- spread via AOL Instant Messager by sending messages automatically
- change Internet Explorer start page
- set or remove network shares
- port scanning
- packet sniffing
- access the internet and communicate with a remote server via HTTP
- harvest information from clipboard

Sophos's anti-virus products include Genotype? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Tilebot-CR (detected as W32/Tilebot-Gen) since version 3.99.

http://www.sophos.com/virusinfo/analyses/w32tilebotcr.html

- Collapse -
W32/Rbot-CWA
by roddy32 Dec 21, 2005 10:03PM PST

Type
Spyware Worm

Aliases
WORM_RBOT.CWA
Backdoor.Win32.SdBot.ajf

W32/Rbot-CWA is a network worm with backdoor Trojan functionality for the Windows platform.

W32/Rbot-CWA spreads using a variety of techniques including:

-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities
-using backdoors opened by other worms or Trojans.

W32/Rbot-CWA can be controlled by a remote attacker over IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotcwa.html

- Collapse -
Troj/DownLdr-IM
by roddy32 Dec 21, 2005 10:06PM PST
- Collapse -
Troj/Bancos-IJ
by roddy32 Dec 21, 2005 10:08PM PST
- Collapse -
Troj/Bander-T
by roddy32 Dec 21, 2005 10:10PM PST
- Collapse -
Troj/Bancban-NT
by roddy32 Dec 21, 2005 10:23PM PST
- Collapse -
Troj/MancSyn-B
by roddy32 Dec 21, 2005 10:24PM PST
- Collapse -
Troj/Rumale-D
by roddy32 Dec 21, 2005 10:32PM PST
- Collapse -
Troj/Bancban-MU
by roddy32 Dec 21, 2005 10:33PM PST
- Collapse -
Troj/Bckdr-AX
by roddy32 Dec 21, 2005 10:35PM PST
- Collapse -
Troj/Bancban-MV
by roddy32 Dec 21, 2005 11:03PM PST
- Collapse -
W32/Rbot-BFN
by roddy32 Dec 21, 2005 11:05PM PST

Type
Worm

W32/Rbot-BFN is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BFN spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007).

W32/Rbot-BFN runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbfn.html

- Collapse -
Troj/GrayBrd-AY
by roddy32 Dec 21, 2005 11:06PM PST
- Collapse -
Troj/Dloadr-ACR
by roddy32 Dec 21, 2005 11:08PM PST
- Collapse -
Troj/Banload-DJ
by roddy32 Dec 21, 2005 11:13PM PST
- Collapse -
Troj/Bancban-MT
by roddy32 Dec 21, 2005 11:15PM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banbra.df

Troj/Bancban-MT is an internet banking Trojan for the Windows platform.

Troj/Bancban-MT has the functionalities to:

- steal information
- send notification messages to a remote location via email

http://www.sophos.com/virusinfo/analyses/trojbancbanmt.html

- Collapse -
Troj/Bancban-MK
by roddy32 Dec 21, 2005 11:20PM PST
- Collapse -
Troj/Bancban-MJ
by roddy32 Dec 21, 2005 11:21PM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.anx
PWS-Banker.gen.i

Troj/Bancban-MJ is a Trojan for the Windows platform.

Troj/Bancban-MJ attempts to log information sent to certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user

Troj/Bancban-MJ may also perform the following functions:

- start a Proxy server
- download and execute additional files

http://www.sophos.com/virusinfo/analyses/trojbancbanmj.html

- Collapse -
Troj/Bander-S
by roddy32 Dec 21, 2005 11:28PM PST
- Collapse -
Troj/Bander-R
by roddy32 Dec 21, 2005 11:32PM PST
- Collapse -
W32/Bropia-U
by roddy32 Dec 21, 2005 11:35PM PST

Type
Worm

Aliases
Backdoor.Win32.Spyboter.gen

W32/Bropia-U is a worm for the Windows platform.

W32/Bropia-U spreads via file sharing on P2P networks.

W32/Bropia-U includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32bropiau.html

- Collapse -
W32/Protorid-AG
by roddy32 Dec 21, 2005 11:40PM PST

Type
Spyware Worm

Aliases
W32/Protoride.worm

W32/Protorid-AG is a worm and IRC backdoor Trojan for the Windows platform.

W32/Protorid-AG spreads to other network computers infected with: Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix and by copying itself to network shares protected by weak passwords.

W32/Protorid-AG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32protoridag.html

- Collapse -
Troj/Mesoto-A
by roddy32 Dec 21, 2005 11:43PM PST

Type
Spyware Trojan

Aliases
IM-Worm.Win32.Delf.a

Troj/Mesoto-A is a Trojan for the Windows platform.

Troj/Mesoto-A attempts to steal passwords and user information related to Microsoft MSN Messenger, and may send stolen information to a remote user via email.

Troj/Mesoto-A may display a fake MSN screen to encourage users to enter their details.

Troj/Mesoto-A may display a fake MSN screen.

http://www.sophos.com/virusinfo/analyses/trojmesotoa.html

note: Screen shot on above link. Click on where it says "description" when you get to the page.

- Collapse -
Troj/DNSChan-K
by roddy32 Dec 21, 2005 11:45PM PST

Type
Trojan

Aliases
DNSChanger.a

Troj/DNSChan-K is a Trojan for the Windows platform.

Troj/DNSChan-K includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/DNSChan-K also attempts to modify DNS settings on the computer.

http://www.sophos.com/virusinfo/analyses/trojdnschank.html

- Collapse -
Troj/Zlob-AJ
by roddy32 Dec 21, 2005 11:47PM PST
- Collapse -
Troj/BagleDl-AS
by roddy32 Dec 22, 2005 3:23AM PST
- Collapse -
Troj/BagleDl-AT
by roddy32 Dec 22, 2005 3:25AM PST

Type
Trojan

Aliases
Email-Worm.Win32.Bagle.ex

Troj/BagleDl-AT is a downloader Trojan for the Windows platform.

Troj/BagleDl-AT downloads a file to the windows folder as <random number>.exe.
At the time of writing the downloaded file is detected by Sophos's anti-virus products as W32/Bagle-AR.

http://www.sophos.com/virusinfo/analyses/trojbagledlat.html

- Collapse -
Troj/BagleDl-AU
by roddy32 Dec 22, 2005 3:27AM PST
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info