Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 7, 2005

by roddy32 Dec 6, 2005 8:34PM PST

Discussion is locked

31 - 60 of 55 Posts
- Collapse + Expand Details
- Collapse -
Troj/Banban-JY
by roddy32 Dec 7, 2005 4:05AM PST
- Collapse -
W32/Tilebot-CB
by Marianna Schmudlach Dec 7, 2005 7:29AM PST

Type Spyware Worm

Aliases Backdoor.Win32.SdBot.aad
W32/Sdbot.worm.gen.l
W32.Spybot.Worm
WORM_AIMDES.E

W32/Tilebot-CB is a worm with backdoor functionality for the Windows platform.
W32/Tilebot-CB spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007). The worm also spreads via network shares protected by weak passwords and AOL Instant Messenger.
W32/Tilebot-CB runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-CB includes functionality to:
- set up an FTP server
- spread via AOL Instant Messager by sending messages automatically
- change Internet Explorer start page
- set or remove network shares
- port scanning
- packet sniffing
- access the internet and communicate with a remote server via HTTP
- harvest information from clipboard

http://www.sophos.com/virusinfo/analyses/w32tilebotcb.html

- Collapse -
W32/Sdbot-AGE
by Marianna Schmudlach Dec 7, 2005 7:30AM PST
- Collapse -
Troj/Vixup-R
by Marianna Schmudlach Dec 7, 2005 7:31AM PST
- Collapse -
Troj/Bancban-KT
by Marianna Schmudlach Dec 7, 2005 7:31AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ahy
PWS-Banker.gen.b
PWSteal.Banpaes

Troj/Bancban-KT is a Trojan for the Windows platform.
Troj/Bancban-KT attempts to log information sent to certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information may sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancbankt.html

- Collapse -
Troj/Bancban-KS
by Marianna Schmudlach Dec 7, 2005 7:32AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banbra.df
PWS-Banker.gen.b

Troj/Bancban-KS is a Trojan for the Windows platform.
Troj/Bancban-KS attempts to log information sent to certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information may sent by email to a remote user

http://www.sophos.com/virusinfo/analyses/trojbancbanks.html

- Collapse -
Troj/Istbar-CF
by Marianna Schmudlach Dec 7, 2005 7:33AM PST
- Collapse -
Troj/Gina-M
by Marianna Schmudlach Dec 7, 2005 7:34AM PST
- Collapse -
Dial/TlfLic-I
by Marianna Schmudlach Dec 7, 2005 7:35AM PST
- Collapse -
W32/Tilebot-BZ
by Marianna Schmudlach Dec 7, 2005 7:36AM PST

Type Worm

Aliases Backdoor.Win32.Agobot.afk
W32/Gaobot.worm.gen.v
WORM_AGOBOT.AYE

W32/Tilebot-BZ is a worm with backdoor functionality for the Windows platform.
W32/Tilebot-BZ spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), MSSQL (MS02-039) (CAN-2002-0649), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Tilebot-BZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-BZ includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32tilebotbz.html

- Collapse -
W32/IRCBot-AV
by Marianna Schmudlach Dec 7, 2005 7:37AM PST

Type Spyware Worm

Aliases W32/Opanki.worm

W32/IRCBot-AV is a worm with backdoor functionality for the Windows platform.
W32/IRCBot-AV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32ircbotav.html

- Collapse -
Troj/QQPass-AL
by Marianna Schmudlach Dec 7, 2005 7:38AM PST
- Collapse -
Troj/PWSSagi-E
by Marianna Schmudlach Dec 7, 2005 7:39AM PST
- Collapse -
Troj/Dloadr-C
by Marianna Schmudlach Dec 7, 2005 7:40AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Agent.ip
Generic.Downloader.ab

Troj/Dloadr-C is a Trojan for the Windows platform.
Troj/Dloadr-C includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdloadrc.html

- Collapse -
Troj/Banker-IA
by Marianna Schmudlach Dec 7, 2005 7:41AM PST
- Collapse -
W32/Tilebot-CC
by Marianna Schmudlach Dec 7, 2005 12:11PM PST

Type Spyware Worm

Aliases Backdoor.Win32.SdBot.aiz

W32/Tilebot-CC is a worm with backdoor functionality for the Windows platform.
W32/Tilebot-CC spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), LSASS (MS04-011) and RPC-DCOM (MS04-012). The worm may also spreads via network shares and MSSQL servers protected by weak passwords.
W32/Tilebot-CC runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-CC includes functionality to:
- access the internet and communicate with a remote server via HTTP
- act as an HTTP proxy
- carry out DDoS attacks
- change Internet Explorer start page
- harvest information from clipboard
- packet sniffing
- port scanning
- set or remove network shares
- set up a SOCKS4 proxy server
- set up an FTP server
- spread via AOL Instant Messager by sending messages automatically
- steal information from protected storage areas
- steals POP3 and webmail usernames and passwords

http://www.sophos.com/virusinfo/analyses/w32tilebotcc.html

- Collapse -
W32/Attech-D
by Marianna Schmudlach Dec 7, 2005 12:12PM PST

Type Worm

W32/Attech-D is a worm for the Windows platform. This worm is capable of spreading via AOL Instant Messenger.
W32/Attech-D will disable Task Manager, regedit, Windows Explorer and will prevent Internet Explorer from closing.
W32/Attech-D will attempt to send itself to any contacts listed in AIM. It will send a link with one of the following messages:
LMAO OMG THIS IS HILARIOUS!
INFINITE FREE PICS OF ASIAN HOTTIES!
Lol OMG! Someone posted your picture here!
OMG LOOK IT'S YOU!
Cool hacking programs!
Take my Quiz!
Play the new Aim Online game!
Click to join! Better then myspace and xanga!
Check my Pics Out!
Wanna See My Profile!
Download My Profile.
LOL Check these Pics out.
Have you see this!
Download my mp3 i made.
Check out my music!
Funniest Clip Ever!
Download Dead Aim (5.9+)- NEW!
Check out my webcam.
See my Beach pictures!!
Make your own Profile!
THE KEY TO HAPPINESS IS LAUGHTER!
Join this free music site!
View My BuddyProfile
My Xanga!
LOL Watch this clip!
Free Aim Password Cracker. Use it to hack your friends.
This game is badass! Play now!
Email Hacker Pro 1.5 This is awsome! Happy
Game Hacker program download here.
Aim Hacker 1.3 FREE!
LOLOL *** IS THIS?!
Better then limewire and kazaa put together!
Get X-im Chat! Better then AIM!
Best Aim Password Cracker written by ZeX.
Download Aim Optimized 4.9!
Hack Webcams and Aim accounts with O-Hax! This is the last day it will be out for free!
The link attempts to download more malware from a remote site. At time of writing, the downloaded file is detected as W32/Attech-C.

http://www.sophos.com/virusinfo/analyses/w32attechd.html

- Collapse -
Troj/Delf-PB
by Marianna Schmudlach Dec 7, 2005 12:13PM PST
- Collapse -
Troj/Small-EX
by Marianna Schmudlach Dec 7, 2005 12:14PM PST
- Collapse -
Troj/Behz-A
by Marianna Schmudlach Dec 7, 2005 12:15PM PST

Type Spyware Trojan

Aliases TSPY_DAZHEB.A

Troj/Behz-A is a Trojan for the Windows platform.
The functions of Troj/Behz-A are configurable and can include:
Downloading and executing files
Stealing passwords
Displaying fake error messages
Disabling system functions such as registry editing

http://www.sophos.com/virusinfo/analyses/trojbehza.html

- Collapse -
Troj/Behz-B
by Marianna Schmudlach Dec 7, 2005 12:16PM PST

Name Troj/Behz-B

Aliases TSPY_DAZHEB.A

Troj/Behz-B is a Trojan for the Windows platform.
The functions of Troj/Behz-B are configurable and can include:
Downloading and executing files
Stealing passwords
Displaying fake error messages
Disabling system functions such as registry editing

http://www.sophos.com/virusinfo/analyses/trojbehzb.html

- Collapse -
Troj/BehzKit-B
by Marianna Schmudlach Dec 7, 2005 12:17PM PST
- Collapse -
Troj/OojKit-A
by Marianna Schmudlach Dec 7, 2005 12:18PM PST
- Collapse -
Troj/BehzKit-A
by Marianna Schmudlach Dec 7, 2005 12:19PM PST
- Collapse -
Troj/Ooj-A
by Marianna Schmudlach Dec 7, 2005 12:20PM PST

Type Spyware Trojan

Troj/Ooj-A is a password stealing Trojan for the Windows platform.
The Trojans harvest passwords from the infected computer and email stolen data to a remote attacker.
The Trojan may also terminate various anti-virus and security related applications.

http://www.sophos.com/virusinfo/analyses/trojooja.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info