Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - December 8, 2005

Dec 7, 2005 8:17PM PST

Discussion is locked

- Collapse -
Perl/Elxbot-A
Dec 8, 2005 6:51AM PST

Type Worm

Perl/Elxbot-A is a worm and IRC backdoor Trojan.
Perl/Elxbot-A attempts to spread by exploiting a vulnerability in the Mambo content management system.
The worm also connects to an IRC channel and listens for backdoor commands.
Perl/Elxbot-A allows an attacker to run arbitrary commands on the infected system and may be used to carry out denial-of-service attacks.

http://www.sophos.com/virusinfo/analyses/perlelxbota.html

- Collapse -
W32/Kelvir-BI
Dec 8, 2005 6:52AM PST

Type Worm

Aliases Backdoor.Win32.VB.amp
W32.Kelvir
WORM_KELVIR.DD

W32/Kelvir-BI is a worm and backdoor Trojan for the Windows platform.
W32/Kelvir-BI includes functionality to access the internet and communicate with
a remote server via HTTP.
W32/Kelvir-BI sends itself to MSN contacts with any of the following messages:
This is what i made for u (K)
What, damn i never seen this before if u do, let me know.
I think i love this person, it's so beautifull :$
W32/Kelvir-BI can also spread by copying itself to the download folders of the peer-to-peer networking applications Shareaza, Emule and Limewire.

http://www.sophos.com/virusinfo/analyses/w32kelvirbi.html

- Collapse -
W32/P2pVB-CJ
Dec 8, 2005 6:53AM PST
- Collapse -
W32/Rbot-BAR
Dec 8, 2005 6:54AM PST

Type Spyware Worm

Aliases Backdoor.Win32.Rbot.aeu

W32/Rbot-BAR is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-BAR spreads using a variety of techniques including:
-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities such as LSASS (MS04-011), RPC-DCOM (MS04-012), WebDav (MS03-007) and Dameware (CAN-2003-1030)
-using backdoors opened by other worms or Trojans
W32/Rbot-BAR can be controlled by a remote attacker over IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbar.html

- Collapse -
W32/Sdbot-AGG
Dec 8, 2005 2:07PM PST

Type Worm

W32/Sdbot-AGG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AGG spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007).
W32/Sdbot-AGG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The following patches for the operating system vulnerabilities exploited by W32/Sdbot-AGG can be obtained from the Microsoft website:
MS03-049
MS04-007

http://www.sophos.com/virusinfo/analyses/w32sdbotagg.html

- Collapse -
W32/Rbot-BAZ
Dec 8, 2005 2:08PM PST

Type Worm

Aliases Backdoor.Win32.Rbot.akg

W32/Rbot-BAZ is a worm for the Windows platform.
W32/Rbot-BAZ can spread via common buffer overflow vulnerabilities, including LSASS (MS04-011) and RPC-DCOM (MS04-012).
W32/Rbot-BAZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbaz.html

- Collapse -
W32/Sdbot-AGH
Dec 8, 2005 2:09PM PST

Type Worm

Aliases WORM_SDBOT.CTR

W32/Sdbot-AGH is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AGH spreads to other network computers infected with W32/MyDoom.
W32/Sdbot-AGH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotagh.html

- Collapse -
Troj/Dloadr-ABL
Dec 8, 2005 2:10PM PST
- Collapse -
Troj/Dropper-BU
Dec 8, 2005 2:11PM PST
- Collapse -
Troj/Bander-P
Dec 8, 2005 2:12PM PST
- Collapse -
Troj/Banload-Y
Dec 8, 2005 2:12PM PST
- Collapse -
Troj/DNSChan-A
Dec 8, 2005 2:13PM PST
- Collapse -
Troj/Dloadr-ABM
Dec 8, 2005 2:14PM PST
- Collapse -
Troj/Bancban-KZ
Dec 8, 2005 2:15PM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ahy

Troj/Bancban-KZ is a Trojan for the Windows platform.
Troj/Bancban-KZ attempts to log information sent to certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancbankz.html