Attention: The forums are currently placed on Read Only.

Thank you for visiting the CNET forums. Our site is currently undergoing some maintenance. During this period (6:30 AM to 8 PM PDT,) you can read the forums content, however posting in the forum will not be available. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - February 1, 2007

by Marianna Schmudlach / January 31, 2007 2:17 PM PST

Troj/Dloadr-ASR

Alert ID : FrSIRT/ALRT-2007-00844
Aliases : Win32/TrojanDownloader.Nurech.NAD - Downloader-AAP
Size : N/A
Rated as : Low Risk
Release Date : 2007-02-01


Description

Troj/Dloadr-ASR is a Trojan for the Windows platform. Troj/Dloadr-ASR includes functionality to access the internet and communicate with a remote server via HTTP.

References

http://www.sophos.com/virusinfo/analyses/trojdloadrasr.html

Credits

Reported by Sophos

Discussion is locked
Collapse -
Troj/QQRob-ACF
by Marianna Schmudlach / January 31, 2007 2:19 PM PST
Collapse -
Troj/DwnLdr-GAA
by Marianna Schmudlach / January 31, 2007 2:20 PM PST

Alert ID : FrSIRT/ALRT-2007-00842
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-02-01


Description

Troj/DwnLdr-GAA ia an downloader Trojan for the Windows platform. The Trojan includes functionality to access the internet and communicate with a remote server via HTTP.

References

http://www.sophos.com/virusinfo/analyses/trojdwnldrgaa.html

Credits

Reported by Sophos

Collapse -
Troj/Agent-EBI
by Marianna Schmudlach / January 31, 2007 2:21 PM PST

Alert ID : FrSIRT/ALRT-2007-00841
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-02-01


Description

Troj/Agent-EBI is a Trojan for the Windows platform. The Trojan includes functionality to access the internet and communicate with a remote server via HTTP.

References

http://www.sophos.com/virusinfo/analyses/trojagentebi.html

Credits

Reported by Sophos

Collapse -
Troj/Spy-TR
by Marianna Schmudlach / January 31, 2007 2:22 PM PST
Collapse -
W32/Tilebot-IR
by Marianna Schmudlach / January 31, 2007 2:23 PM PST

Alert ID : FrSIRT/ALRT-2007-00839
Aliases : Backdoor.Win32.SdBot.aad - W32/Sdbot.worm.gen.l - W32.Spybot.Worm - WORM_SDBOT.BGD
Size : N/A
Rated as : Low Risk
Release Date : 2007-02-01


Description

W32/Tilebot-IR is a worm with backdoor functionality for the Windows platform. W32/Tilebot-IR spreads: to computers vulnerable to common exploits, including: RealVNC (CVE-2006-2369), to MSSQL servers protected by weak passwords, to network shares protected by weak passwords W32/Tilebot-IR runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

References

http://www.sophos.com/virusinfo/analyses/w32tilebotir.html

Credits

Reported by Sophos

Collapse -
Troj/YuiET-A
by Marianna Schmudlach / January 31, 2007 2:24 PM PST

Alert ID : FrSIRT/ALRT-2007-00838
Aliases : Trojan-Downloader.Win32.Small.egn - W32/Behavior:SelfStarterInternetTrojan!Maximus
Size : N/A
Rated as : Low Risk
Release Date : 2007-02-01


Description

Troj/YuiET-A is a Backdoor for the Windows platform. Troj/YuiET-A attempts to download and execute files from a remote website.

References

http://www.sophos.com/virusinfo/analyses/trojyuieta.html

Credits

Reported by Sophos

Collapse -
Troj/Dropper-NB
by Marianna Schmudlach / January 31, 2007 2:25 PM PST

Alert ID : FrSIRT/ALRT-2007-00837
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-02-01


Description

Troj/Dropper-NB is a Trojan for the Windows platform. Troj/Dropper-NB installs and executes the following file: <System>\soemuav.dll, detected as Troj/Dloadr-ASQ.

References

http://www.sophos.com/virusinfo/analyses/trojdroppernb.html

Credits

Reported by Sophos

Collapse -
Troj/Dloadr-ASQ
by Marianna Schmudlach / January 31, 2007 2:26 PM PST

Alert ID : FrSIRT/ALRT-2007-00836
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2007-02-01


Description

Troj/Dloadr-ASQ is a Trojan for the Windows platform. Troj/Dloadr-ASQ includes functionality to access the internet and communicate with a remote server via HTTP.

References

http://www.sophos.com/virusinfo/analyses/trojdloadrasq.html

Credits

Reported by Sophos

Collapse -
W32/Tilebot-IS
by Marianna Schmudlach / January 31, 2007 2:27 PM PST

Alert ID : FrSIRT/ALRT-2007-00835
Aliases : Backdoor.Win32.SdBot.aad - W32/Sdbot.worm.gen.ax - W32.Spybot.Worm - WORM_SDBOT.BLC
Size : N/A
Rated as : Low Risk
Release Date : 2007-02-01


Description

W32/Tilebot-IS is a worm with backdoor functionality for the Windows platform. W32/Tilebot-IS spreads: to computers vulnerable to common exploits, including: RealVNC (CVE-2006-2369), to MSSQL servers protected by weak passwords, to network shares protected by weak passwords W32/Tilebot-IS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

References

http://www.sophos.com/virusinfo/analyses/w32tilebotis.html

Credits

Reported by Sophos

Collapse -
Troj/DwnLdr-FZZ
by Marianna Schmudlach / February 1, 2007 12:04 AM PST
Collapse -
Troj/DwnLdr-GAB
by Marianna Schmudlach / February 1, 2007 12:05 AM PST
Collapse -
Troj/LegMir-AJG
by Marianna Schmudlach / February 1, 2007 12:06 AM PST
Collapse -
W32/Brontok-CN
by Marianna Schmudlach / February 1, 2007 12:13 AM PST

Type Worm

Aliases Email-Worm.Win32.Brontok.d
W32/Rontokbro.gen@MM
Win32/Brontok
W32.Gavgent.A

W32/Brontok-CN is a worm for the Windows platform.

W32/Brontok-CN spreads by emailing itself to the email addresses harvested from the infected computer.

http://www.sophos.com/security/analyses/w32brontokcn.html

Collapse -
Troj/AscDld-A
by Marianna Schmudlach / February 1, 2007 12:14 AM PST
Collapse -
Troj/Agent-EBK
by Marianna Schmudlach / February 1, 2007 12:16 AM PST
Collapse -
W32/Rbot-GDB
by Marianna Schmudlach / February 1, 2007 12:28 AM PST

Type Worm

Aliases WORM_RBOT.DDB

W32/Rbot-GDB is a Trojan for the Windows platform.

W32/Rbot-GDB is a worm with IRC backdoor functionality for the Windows platform.

W32/Rbot-GDB spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), ASN.1 (MS04-007) and Symantec (SYM06-010). The worm also spreads via networks shares protected by weak passwords.

W32/Rbot-GDB runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/security/analyses/w32rbotgdb.html

Collapse -
Troj/Agent-EBL
by Marianna Schmudlach / February 1, 2007 12:30 AM PST
Collapse -
Mal/Cimuz-A
by Marianna Schmudlach / February 1, 2007 12:32 AM PST

Type Malicious Behavior

Mal/Cimuz-A is a family of Trojans for the Windows platform.

Mal/Cimuz-A Trojans typically install a dll to the <System> folder, and register this dll as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer.

http://www.sophos.com/virusinfo/analyses/malcimuza.html

Collapse -
TROJ_DLOADER.KHZ
by Marianna Schmudlach / February 1, 2007 1:07 AM PST
Collapse -
TROJ_AGENT.ICF
by Marianna Schmudlach / February 1, 2007 1:09 AM PST
Collapse -
W32/Ridnu-B
by Marianna Schmudlach / February 1, 2007 4:35 AM PST
Collapse -
Troj/Swizzor-NA
by Marianna Schmudlach / February 1, 2007 4:36 AM PST
Collapse -
Troj/Swizzor-NB
by Marianna Schmudlach / February 1, 2007 4:37 AM PST
Collapse -
Troj/Agent-EBM
by Marianna Schmudlach / February 1, 2007 4:38 AM PST
Collapse -
Troj/Dloadr-***
by Marianna Schmudlach / February 1, 2007 4:40 AM PST

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!