VIRUS ALERTS - December 29, 2005

Type
Trojan

Troj/Small-GN is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojsmallgn.html

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.ahy
PWS-Banker.gen.bb

Troj/Bancban-NA is a Trojan for the Windows platform.

Troj/Bancban-NA includes functionality to send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojbancbanna.html

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.ahy

Troj/Bancban-NB is a Trojan for the Windows platform.

Troj/Bancban-NB includes functionality to send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojbancbannb.html

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.ahy

Troj/Banker-PN is a Trojan for the Windows platform.

Troj/Banker-PN includes functionality to send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojbankerpn.html

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.ahy

Troj/Banker-PM is a Trojan for the Windows platform.

Troj/Banker-PM includes functionality to send notification messages to remote locations.

http://www.sophos.com/virusinfo/analyses/trojbankerpm.html

Type
Trojan

Aliases
Trojan-Downloader.Win32.Zlob.dk

Troj/Puper-AC is a browser hijacking Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojpuperac.html

Type
Trojan

Aliases
Trojan-Downloader.Win32.Dadobra.a

Troj/Dloadr-ACU is a Trojan for the Windows platform.

Troj/Dloadr-ACU has the functionalities to:

- access the Internet and communciate with a remote server
- download, install and run new software

http://www.sophos.com/virusinfo/analyses/trojdloadracu.html

Type
Trojan

Aliases
BKDR_SMALL.AVD

Troj/Ranck-DL is a proxy Trojan for the windows platform.

Troj/Ranck-DL has the functionalities to:

- allow remote intruder to route Internet traffic through the infected computer
- communicate information to a remote server

http://www.sophos.com/virusinfo/analyses/trojranckdl.html

Type
Worm

W32/Sdbot-AKG is a worm and IRC backdoor Trojan for the Windows platform.

W32/Sdbot-AKG spreads to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil and W32/MyDoom.

W32/Sdbot-AKG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotakg.html

Type
Trojan

Troj/Sdbot-AKF is a backdoor Trojan for the Windows platform.

Troj/Sdbot-AKF has the functionalities to:

- communicate with a remote server
- allow remote intruderto gain access and control over the infected computer via IRC

http://www.sophos.com/virusinfo/analyses/trojsdbotakf.html

Type
Worm

Aliases
Trojan-Dropper.Win32.Agent.afj

W32/Loosky-M is a worm for the Windows platform.

http://www.sophos.com/virusinfo/analyses/w32looskym.html

Type
Trojan

Aliases
Trojan-Downloader.Win32.Zlob.dl

Troj/Zlob-AL is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojzlobal.html

Type
Trojan

Aliases
Trojan.Zlob
Trojan-Downloader.Win32.Zlob.dl

Troj/Puper-AD is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojpuperad.html

Type
Worm

Type
Worm

W32/Brontok-K is an email worm that sends itself to addresses gathered from the infected computer by searching files with the following extensions:

ASP, CFM, CSV, DOC, EML, HTML, PHP, TXT, WAB

http://www.sophos.com/virusinfo/analyses/w32brontokk.html

Type
Worm

W32/Sdranck-W is a multi-component network worm for the Windows platform.

http://www.sophos.com/virusinfo/analyses/w32sdranckw.html

Type
Trojan

Exp/WMF-A is a Windows Metafile (WMF) file which exploits a vulnerability associated with Windows Picture and Fax Viewer allowing arbitrary code execution.

For more information please see the following Microsoft advisory:

http://www.microsoft.com/technet/security/advisory/912840.mspx

http://www.sophos.com/virusinfo/analyses/expwmfa.html

Type Trojan

Aliases Backdoor.Win32.Nucleroot.a

Troj/RKNu-A is a rootkit for the Windows platform.
The rootkit can be used to hide files, processes, registry entries, network connections and to prevent applications from running.

http://www.sophos.com/virusinfo/analyses/trojrknua.html

Type Trojan

Aliases Trojan.Win32.StartPage.ady

Troj/StartP-ADY is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojstartpady.html

Type Trojan

Aliases Trojan-Dropper.Win32.Small.ahu

Troj/Dropper-CM is a dropper Trojan for the Windows platform.
Troj/Dropper-CM drops and runs Troj/Bdoor-JM.

http://www.sophos.com/virusinfo/analyses/trojdroppercm.html

Type Trojan

Aliases Trojan-Spy.Win32.Agent.jg

Troj/Sharp-N is a backdoor Trojan for the Windows platform.
Troj/Sharp-N includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojsharpn.html

Type Trojan

Aliases Backdoor.Win32.Hupigon.rd
BackDoor-AWQ.b

Troj/Hupigon-U is a Trojan for the Windows platform.
Troj/Hupigon-U includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojhupigonu.html

Type Trojan

Aliases Trojan-Downloader.Win32.Zlob.dm

Troj/Zlob-DM is a downloading Trojan for the Windows platform.
Troj/Zlob-DM includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojzlobdm.html

Type Trojan

Aliases SpamTool.Win32.Mailbot.q

Troj/Mipbot-D is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojmipbotd.html

Type Worm

W32/Sdbot-AKH is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AKH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotakh.html

Type Trojan

Troj/StartPa-IQ is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojstartpaiq.html

Type Trojan

Troj/DownLdr-IK is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojdownldrik.html

Type Trojan

Aliases Downloader-***
Trojan-Downloader.Win32.Agent.ach

Troj/DownLdr-NS is a downloader Trojan for the Windows platform.
Troj/DownLdr-NS will download and execute files from a remote URL to the Windows temp folder with random names of the form dmx<number>.tmp.

http://www.sophos.com/virusinfo/analyses/trojdownldrns.html

Type Spyware Trojan

Aliases Backdoor.Win32.Hupigon.j

Troj/Feutel-B is a backdoor Trojan for the Windows platform.
Troj/Feutel-B connects to the internet and attempts to download configuration files from preconfigured sites. The Trojan installs a keylogging component and opens up a backdoor allowing unauthorized remote access to the infected computer.

http://www.sophos.com/virusinfo/analyses/trojfeutelb.html

Type Trojan

Aliases W32/Downloader.AKD
Trojan-Downloader.Win32.Small.aon
Trojan.Dropper.Small.AON

Troj/Small-DQ is a downloader Trojan.

http://www.sophos.com/virusinfo/analyses/trojsmalldq.html

Type Spyware Worm

W32/Rbot-YU is an IRC backdoor and network worm.
W32/Rbot-YU may spread to remote network shares protected by weak passwords and computers vulnerable to common exploits. The worm also opens up a backdoor, allowing unauthorised remote access to infected computers via the IRC network, while running in the background as a service process. The worm exploits the following vulnerabilities: RPC-DCOM (MS04-12), LSASS (MS04-11), NTPass, WKS (MS03-049), and NetBios. Patches for these vulnerabilities are available from Microsoft at:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx
http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx

http://www.sophos.com/virusinfo/analyses/w32rbotyu.html