Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - February 13, 2006

by roddy32 / February 13, 2006 2:57 AM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - February 13, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - February 13, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Bagle-CK
by roddy32 / February 13, 2006 2:59 AM PST

Type
Worm

Aliases
Email-Worm.Win32.Bagle.fl
W32.Beagle.DN@mm
WORM_BAGLE.EU

W32/Bagle-CK is a mass-mailing worm and backdoor Trojan for the Windows platform.

W32/Bagle-CK spreads via file sharing on P2P networks and via email.

W32/Bagle-CK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

W32/Bagle-CK will harvest email addresses found on the infected computer and send itself to these addresses with the following email characteristics:

Subject (one of the following):

Gwd: Msg reply
Gwd: Hello Happy
Gwd: Yahoo!!!
Gwd: Thank you!
Gwd: Thanks Happy
Gwd: Text message
Gwd: Document
Gwd: Incoming message
Gwd: Incoming Message
Gwd: Incoming Msg
Gwd: Message Notify
Gwd: Notification
Gwd: Changes..
Gwd: Update
Gwd: Fax Message
Gwd: Protected message
Gwd: Protected message
Gwd: Forum notify
Gwd: Site changes
Gwd: Hi
Gwd: crypted document

Message text (one of the following):

Ok. Read the attach.
Ok. Your file is attached.
Ok. More info is in attach
Ok. See attach.
Ok. Please, have a look at the attached file.
Ok. Your document is attached.
Ok. Please, read the document.
Ok. Attach tells everything.
Ok. Attached file tells everything.
Ok. Check attached file for details.
Ok. Check attached file.
Ok. Pay attention at the attach.
Ok. See the attached file for details.
Ok. Message is in attach
Ok. Here is the file.

Attachment name (one of the following):

www.cumonherface
Details
XXX_livebabes
XXX_PornoUpdates
xxxporno
****_her
Info
Common
MoreInfo
Message

Attachment extension (one of the following):

exe
scr
com

W32/Bagle-CK sometimes also attaches a file Description.txt which contains a copy of of the message text.

W32/Bagle-CK has been seen infected with W32/Sality-I, in which case all copies of itself and emails containing itself will also be infected.

http://www.sophos.com/virusinfo/analyses/w32bagleck.html

Collapse -
W32/Sdbot-AUQ
by roddy32 / February 13, 2006 3:04 AM PST

Type
Worm

Aliases
Backdoor.Win32.SdBot.alv
W32/Sdbot.OIX

W32/Sdbot-AUQ is a worm and IRC backdoor Trojan for the Windows platform.

W32/Sdbot-AUQ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Sdbot-AUQ includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32sdbotauq.html

Collapse -
Troj/Banload-MF
by roddy32 / February 13, 2006 3:09 AM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.Banload.vc

Troj/Banload-MF is a Trojan for the Windows platform.

When executed Troj/Banload-MF displays a fake screen about a banking transaction, but also attempts to
download, install and run new software.

http://www.sophos.com/virusinfo/analyses/trojbanloadmf.html

Collapse -
Troj/Prosti-H
by roddy32 / February 13, 2006 3:11 AM PST
Collapse -
Troj/Clagger-G
by roddy32 / February 13, 2006 3:13 AM PST
Collapse -
Troj/Teros-A
by roddy32 / February 13, 2006 5:08 AM PST

Type
Trojan

Troj/Teros-A is a Trojan for the Windows platform.

When executed Troj/Teros-A attempts to download, install and run new software.

At the time of writing, Troj/Teros-A is being spammed aggressively in emails with messages such as the following:

Subject: New act of terrorism in London

Message Body:

Today the Scotland Yard has informed new act of terrorism in London.
Look details in an applied file.

http://www.sophos.com/virusinfo/analyses/trojterosa.html

Collapse -
Troj/Dloadr-ADL
by roddy32 / February 13, 2006 5:11 AM PST
Collapse -
Troj/Dloadr-ADM
by roddy32 / February 13, 2006 5:13 AM PST

Type
Trojan

Aliases
Trojan-Downloader.HTML.Agent.ae

Troj/Dloadr-ADM is a Trojan that attempts to exploit various system vulnerabilities in order to download further malicious code.

At the time of writing, the file downloaded is detected as Troj/Haxdor-Gen.

http://www.sophos.com/virusinfo/analyses/trojdloadradm.html

Collapse -
Troj/Prosti-I
by roddy32 / February 13, 2006 5:15 AM PST
Collapse -
Troj/Prosti-J
by roddy32 / February 13, 2006 5:18 AM PST

Type
Spyware Trojan

Aliases
Backdoor.Win32.Prosti.a
W32/Backdoor.X

Troj/Prosti-J is a backdoor Trojan for the Windows platform.

Troj/Prosti-J includes includes keylogging and password stealing functionality.

Collapse -
Troj/QHosts-S
by roddy32 / February 13, 2006 5:20 AM PST

Type
Trojan

Aliases
Trojan-Clicker.Win32.Qhost.s

Troj/QHosts-S is a Trojan for the Windows platform.

Troj/QHosts-S modifies the HOSTS file, redirecting access to certain websties.

Troj/QHosts-S changes the Start Page for Microsoft Internet Explorer.

http://www.sophos.com/virusinfo/analyses/trojqhostss.html

Collapse -
Troj/CKLoader-A
by roddy32 / February 13, 2006 5:22 AM PST
Collapse -
Troj/Flecsip-B
by roddy32 / February 13, 2006 5:24 AM PST
Collapse -
Troj/Haxdoor-AT
by Marianna Schmudlach / February 13, 2006 8:34 AM PST

Type Trojan

Aliases Trojan-Dropper.Win32.Microjoin.aj
MultiDropper-PO

Troj/Haxdoor-AT is a backdoor Trojan for the Windows platform.

The Trojan drops a stealthing component detected as Troj/Haxdor-Gen.

The Trojan may arrive in a CAB file also containing a configuration file detected as Troj/Iyus-G.

http://www.sophos.com/virusinfo/analyses/trojhaxdoorat.html

Collapse -
Troj/Animoo-F
by Marianna Schmudlach / February 13, 2006 8:35 AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Ani.c
Exploit-ANIfile
Bloodhound.Exploit.20

Troj/Animoo-F is a Trojan that attempts to exploit a vulnerability in the handling of Windows animated cursor (.ANI) files found in the Microsoft USER32.dll.

The Trojan attempts to download further malicious code. At the time of writing, the file downloaded is detected as Troj/Haxdor-Gen.

For more information on the animated cursor vulnerability used by Troj/Animoo-F please refer to Microsoft security bulletin MS05-002.

http://www.sophos.com/virusinfo/analyses/trojanimoof.html

Collapse -
Troj/Delf-AES
by Marianna Schmudlach / February 13, 2006 8:36 AM PST
Collapse -
Troj/ByteVeri-R
by Marianna Schmudlach / February 13, 2006 8:37 AM PST

Type Trojan

Aliases Trojan-Downloader.Java.OpenStream.z
Exploit-ByteVerify
Trojan.ByteVerify
JAVA_BYTEVER.AD

Troj/ByteVeri-R is a Java Applet which exploits a vulnerability in the Byte Code Verify component of the Microsoft VM to download and execute an executable file from a remote location.

For more information about this exploit see the Microsoft Security Bulletin MS03-011.

http://www.sophos.com/virusinfo/analyses/trojbyteverir.html

Collapse -
Troj/SysBDr-C
by Marianna Schmudlach / February 13, 2006 8:38 AM PST
Collapse -
Troj/SysB-C
by Marianna Schmudlach / February 13, 2006 8:38 AM PST
Collapse -
Troj/Banload-UA
by Marianna Schmudlach / February 13, 2006 8:39 AM PST

Type Trojan

Aliases Trojan-Downloader.Win32.Banload.ua

Troj/Banload-UA is a Trojan for the Windows platform.

Troj/Banload-UA includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

http://www.sophos.com/virusinfo/analyses/trojbanloadua.html

Collapse -
Troj/SysBDr-D
by Marianna Schmudlach / February 13, 2006 8:40 AM PST
Collapse -
Troj/VBanker-D
by Marianna Schmudlach / February 13, 2006 8:41 AM PST

Type Spyware Trojan

Troj/VBanker-D is a Trojan for the Windows platform.

Troj/VBanker-D monitors open windows for internet sessions with certain banking websites and captures keypresses entered into web forms. Stolen information is sent to a remote attacker via email.

The Trojan has the capability to download and install additional files from remote locations.

http://www.sophos.com/virusinfo/analyses/trojvbankerd.html

Collapse -
W32/Bagle-CM
by Marianna Schmudlach / February 13, 2006 10:40 AM PST

Type Spyware Worm

W32/Bagle-CM is a worm and backdoor Trojan for the Windows platform.

W32/Bagle-CM spreads via file sharing on P2P networks and via email.

W32/Bagle-CM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

W32/Bagle-CM includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Bagle-CM will harvest email addresses found on the infected computer and send itself to these addresses with the following email characteristics:

Subject (one of the following):

FREE OLYMPIC TICKETS LOTTERY!
2006 Winter Games in Torino
2006 Torino Winter Games FREE Tickets

Message text (one of the following):

'Attention: you recieved free ticket invitation with attachment!

Coast to Coast Tickets provides the most comprehensive inventory of Opening Ceremony tickets available on the secondary market. If the Opening Ceremony tickets you are looking for are not available, please check back as our inventory is constantly updated. Orders for Opening Ceremony tickets that are no longer available will be cancelled or substituted at the customer's discretion. All Opening Ceremony tickets are shipped via Federal Express.

If you would like to attend a Opening Ceremony event to see athletes live, or to see a team schedule and information, Coast to Coast Tickets is your source. All it takes is a phone call or a few clicks of the mouse to buy Opening Ceremony tickets. We offer a wide selection of Winter Games tickets for all teams, and we are happy to provide information about schedules at any time. '

'Our company (TicketWorld) is the world's largest supplier of tickets to all major international events including the 2006 Winter Games and 2006 Torino Tickets. We sell tickets to every sporting event in Torino including the preliminary competitions as well as Olympic Finals tickets. You can order Winter Games tickets for all categories for every match. All Winter Games tickets are guaranteed 200%.

All ticket prices are in US Currency ($).
OPEN ATTACHMENT ARCHIVE TO GET INFORMATION HOW TO OBTAIN A FREE TOCKET.

Please call our United States office at +1.512.472.5797 or from the United Kingdom 0800.781.0819 if you have questions.'

'The Torino Winter games will be the most celebrated Olympics of our era. If you are looking to witness this historic event for yourself, look no further. SuperTicketing Premium Seating is your source for Olympics tickets. We have access to tickets for nearly every Olympic event from Opening to Closing Ceremonies, Curling to Figure Skating.

FREE TICKECKS AVAILABLE NOW ON LOTTERY BASIS. CHECK ATTACHED FILE.

DISCLAIMER
TickCo Premium Seating buys and resells tickets on the secondary market at above face value. Our prices can be substantially higher than the original ticket price, as they reflect the cost of obtaining premium seating. Any trademarked terms that appear on this page are used for descriptive purposes only.'

Attachment name (one of the following):

Generated_bill.exe
Order_details.exe
Service_receipt.exe

The email may also contain another attachment:

Description.txt

This file is not malicious.

http://www.sophos.com/virusinfo/analyses/w32baglecm.html

Collapse -
Troj/Dloadr-LI
by Marianna Schmudlach / February 13, 2006 2:24 PM PST
Collapse -
Troj/RegPat-A
by Marianna Schmudlach / February 13, 2006 2:25 PM PST
Collapse -
Troj/Dloadr-LJ
by Marianna Schmudlach / February 13, 2006 2:25 PM PST

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!