Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - December 28, 2007

by Marianna Schmudlach / December 27, 2007 1:07 PM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - December 28, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - December 28, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mal/VB-L
by Marianna Schmudlach / December 27, 2007 1:09 PM PST
Collapse -
Troj/BankDL-DD
by Marianna Schmudlach / December 27, 2007 1:11 PM PST
Collapse -
AccessDiver Installer
by Marianna Schmudlach / December 27, 2007 1:12 PM PST
Collapse -
W32/Autorun-AD
by Marianna Schmudlach / December 27, 2007 11:06 PM PST
Collapse -
Troj/Banker-EKG
by Marianna Schmudlach / December 27, 2007 11:07 PM PST
Collapse -
Troj/Dloadr-BGY
by Marianna Schmudlach / December 27, 2007 11:09 PM PST
Collapse -
Troj/Psyme-GK
by Marianna Schmudlach / December 27, 2007 11:10 PM PST
Collapse -
Troj/Psyme-GJ
by Marianna Schmudlach / December 27, 2007 11:11 PM PST
Collapse -
Troj/Keylog-JR
by Marianna Schmudlach / December 27, 2007 11:12 PM PST
Collapse -
Troj/Bckdr-QKQ
by Marianna Schmudlach / December 27, 2007 11:13 PM PST
Collapse -
Troj/OnLineG-AG
by Marianna Schmudlach / December 27, 2007 11:14 PM PST
Collapse -
Troj/Dload-AH
by Marianna Schmudlach / December 27, 2007 11:16 PM PST
Collapse -
Troj/HACDnldr-A
by Marianna Schmudlach / December 27, 2007 11:17 PM PST
Collapse -
JS_AGENT.AEVE. - Bhutto Assassination: JavaScripted
by Marianna Schmudlach / December 27, 2007 11:29 PM PST

December 27th, 2007 by Mayee Corpin
Cybercriminals wasted no time riding on the tragic and shocking news of former Pakistan Prime Minister Benazir Bhutto?s assassination, as Websense discovered a number of malicious Web sites that came up on Google search results using the simple search term ?benazir?. These sites attempt to infect users who want to know more about the unfortunate incident.

TrendLabs researchers found that one of the sites in question indeed has an embedded malicious JavaScript redirect, which Trend Micro detects as JS_AGENT.AEVE.

The malicious script downloads a Trojan (already detected TROJ_SMALL.LDZ), which in turn downloads more malicious files, namely WORM_HITAPOP.O and TROJ_AGENT.AFFR.

A graphical representation of this routine is as follows:

More: http://blog.trendmicro.com/

Collapse -
W32/Kibik.b
by Marianna Schmudlach / December 27, 2007 11:31 PM PST
Collapse -
Packed:W32/Tibs.GU
by Marianna Schmudlach / December 27, 2007 11:33 PM PST

First Report: 2007-12-28

Alias: Trojan.Peacomm.D, Packed.Win32.Tibs.gu
Type: Email-Worm
Category: Malware
Platform: Win32

Summary
Files that are detected as Packed.Win32.Tibs.gu have similar functionality to Email-Worm.Win32.Zhelatin variants.

http://www.f-secure.com/v-descs/packed_w32_tibs_gu.shtml

Collapse -
Panda Security's weekly report on viruses and intruders
by Marianna Schmudlach / December 28, 2007 12:09 AM PST

Virus Alerts, by Panda Security (http://www.pandasecurity.com)

Madrid, December 28, 2007 - According to data gathered at the Infected
or Not website (http://www.infectedornot.com) this week, 10.25% of
computers scanned were infected with some type of malicious code.

"Unlike latent malware, which just lies dormant on the system, active
malware is taking malicious actions, so it is far more dangerous to
users. For that reason, and even though it is advisable to keep
computers free of all malicious code, it is fundamental to make sure
that there are no active threats on the computer before taking any
actions that might compromise the safety of confidential data, such as
accessing online banking services", says Luis Corrons, Technical
Director of PandaLabs.

As for the most harmful malware strains this week, the list is headed by
the Virtumonde spyware and the NaviPromo and VideoAddon adware.

Position Name
1 Spyware/Virtumonde
2 Adware/NaviPromo
3 Adware/VideoAddon
4 Adware/SaveNow
5 Adware/Comet
6 Adware/AdRotator
7 Adware/IST
8 Adware/OneStep
9 Adware/Gator
10 Adware/Lop

As for the new samples that appeared this week, today's PandaLabs report
looks at the MsnChristmas.A worm, and the Yahmail.A and Banbra.FEM
Trojans.

The MsnChristmas.A worm spreads to Messenger contacts in messages like
"Christmas photo! :D", "vengo de fi este foto" or "Hey i que hace el"
which contain an infected attachment called "img2007-12.JPEG.scr". If
the recipient of the message runs the file, the worm will install on the
system.

Yahmail.A is a Trojan that can either be dropped on the system by other
malware or sent in a spam message. This malicious code is designed to
steal user names and passwords for the Yahoo! instant messaging
application and send them to a certain Internet address.

Once installed on the target computer, Yahmail.A creates several copies
of itself on the system and inserts a series of entries in the Windows
registry. This way, it ensures it is run every time the system is
started up.

Finally, Banbra.FEM is a banker Trojan, designed to steal login data for
certain online banking services and Internet payment platforms.

Collapse -
Troj/Agent-GKH
by Marianna Schmudlach / December 28, 2007 12:17 AM PST
Collapse -
W32/NetskyD-Dam
by Marianna Schmudlach / December 28, 2007 12:18 AM PST
Collapse -
Troj/Iframe-M
by Marianna Schmudlach / December 28, 2007 12:20 AM PST
Collapse -
Mal/Jessy-A
by Marianna Schmudlach / December 28, 2007 12:21 AM PST
Collapse -
Troj/Psyme-GL
by Marianna Schmudlach / December 28, 2007 12:23 AM PST
Collapse -
W32/Hoxi-B
by Marianna Schmudlach / December 28, 2007 10:02 AM PST
Collapse -
Troj/Iframe-N
by Marianna Schmudlach / December 28, 2007 10:04 AM PST
Collapse -
WM97/Sherlock-H
by Marianna Schmudlach / December 28, 2007 10:05 AM PST
Collapse -
W32/Rbot-GVQ
by Marianna Schmudlach / December 28, 2007 10:06 AM PST

Name W32/Rbot-GVQ
Type Worm

Affected operating systems Windows

Side effects Allows others to access the computer
Installs itself in the Registry

Aliases Backdoor.Win32.MSNMaker.as

Protection available since 28 December 2007

http://www.sophos.com/security/analyses/w32rbotgvq.html

Collapse -
QHosts-96
by Marianna Schmudlach / December 28, 2007 10:08 AM PST

First Report: 2007-12-28

Description:
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspe...

http://vil.nai.com/vil/content/v_143841.htm

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.