Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - February 15, 2008

by Marianna Schmudlach / February 14, 2008 2:05 PM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - February 15, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - February 15, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Zapchas-DY
by Marianna Schmudlach / February 14, 2008 2:07 PM PST
Collapse -
W32/Dorf-AX
by Marianna Schmudlach / February 14, 2008 2:08 PM PST
Collapse -
Troj/Pushu-I
by Marianna Schmudlach / February 14, 2008 2:09 PM PST
Collapse -
Troj/Sniffer-Q
by Marianna Schmudlach / February 14, 2008 2:10 PM PST
Collapse -
Troj/Agent-GPQ
by Marianna Schmudlach / February 14, 2008 2:12 PM PST
Collapse -
Troj/Flamgo-A. - Valentine's Flash - Tainted Love
by Marianna Schmudlach / February 14, 2008 2:17 PM PST

It made a change today to see malware in a Valentine?s-based spam run that wasn?t related to Dorf. Nor was it a Pushdo, nor even a Zapchas (though we?ve seen some of those this week too).

Today?s spam looked very similar to something we?ve actually seen before, but last time with a Christmas theme - a flash-based ecard attack.


More: http://www.sophos.com/security/blog/2008/02/1075.html

Collapse -
Troj/Agent-GPR
by Marianna Schmudlach / February 14, 2008 11:38 PM PST
Collapse -
Troj/Prorat-DN
by Marianna Schmudlach / February 14, 2008 11:40 PM PST
Collapse -
Mal/TinyDL-R
by Marianna Schmudlach / February 14, 2008 11:41 PM PST

Reported:
2008-02-15

Description:
Mal/TinyDL-R is a malicious program for the Windows platform. Detection for members of Mal/TinyDL-R is behavior based. It is extremely important that customers report detections of Mal/TinyDL-R to Sophos and send a sample for analysis.

http://www.sophos.com/security/analyses/maltinydlr.html

Collapse -
Exploit.Perl.Small.b
by Marianna Schmudlach / February 15, 2008 12:02 AM PST

This malicious program exploits a vulnerability in web server configuration in order to propagate. It is a Perl script. It is 1165 bytes in size.

This malicious program exploits a vulnerability in the "Advanced Web Statistics" system which is used to calculate site visit statistics. If this vulnerability has not been patched on the server which is under attack, the malicious code makes it possible to execute any command on the server.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=155310

Collapse -
Exploit.Perl.Small.a
by Marianna Schmudlach / February 15, 2008 12:03 AM PST

This malicious program exploits a vulnerability in web server configuration in order to propagate. It is a Perl script. It is 3437 bytes in size.

The malicious program imitates a Googlebot request. It may harvest a range of data from web servers which have a specific vulnerability.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=152530

Collapse -
NbtDump
by Marianna Schmudlach / February 15, 2008 12:05 AM PST
Collapse -
Virus Alerts [Panda Security's weekly report on viruses and
by Marianna Schmudlach / February 15, 2008 1:08 AM PST

Virus Alerts [Panda Security's weekly report on viruses and intruders - 02/15/08]

Madrid, February 15, 2008 - Over 28% of computers scanned over the last
week at the Infected or Not website (http://www.infectedornot.com) were
infected with malware, despite having an up-to-date security solution
installed.

"Traditional security solutions are no longer enough to fight off the
increasing number of malware samples that appear every day. These
solutions need to be complemented with online tools such as TotalScan,
capable of accessing a larger knowledge base and detecting much more
malicious code," explains Luis Corrons, Technical Director of PandaLabs.


As for the most active codes this week, the list is headed by the
spyware program Virtumonde, followed by two adware samples: NaviPromo
and VideoAddon.


Most active malware:

1 Spyware/Virtumonde
2 Adware/NaviPromo
3 Adware/VideoAddon
4 Adware/Comet
5 Adware/SaveNow
6 Adware/Zango
7 Adware/Lop
8 Adware/OnlineAddon
9 Adware/OneStep
10 Spyware/Vundo

"Adware is a type of malware designed to show users unwanted advertising
while they surf the Net," explains Luis Corrons, who also claims that:
"users must be careful, since apart from being annoying, they could have
been created to steal users' confidential data, compromising their
security".

Of the thousands of malicious code that appeared this week, PandaLabs
focuses on the Resentment.A and Nuwar.QI worms.

The first reaches computers disguised as a Windows folder. When run, it
displays an error message and opens a Notepad file. It simultaneously
creates several copies of itself on the system and edits a key in the
Windows Registry to ensure it is run every time a session is started. It
also replaces the Internet Explorer start page for a fake error page.
When users click on "actualizar" (update) the worm sends an email via a
JavaScript form to an email address.

"The surprising thing is that the email is sent to a specific company,
indicating that two employees' should be fired. This raises suspicions
of personal quarrels between the worm distributor and the staff in
question," comments Corrons.

Nuwar.QI on the other hand, is a worm designed to send spam. To do so,
it uses users' PCs as servers, causing them to slow down.

The emails use romantic subjects - which are especially effective since they were distributed on Valentine's day - to tempt users into opening the attached file. If they do, users will view a romantic card while downloading a copy of the worm.

Collapse -
Troj/DownLd-P
by Marianna Schmudlach / February 15, 2008 1:15 AM PST
Collapse -
W32/Autorun-BI
by Marianna Schmudlach / February 15, 2008 1:16 AM PST
Collapse -
ELF/Impok-A
by Marianna Schmudlach / February 15, 2008 1:17 AM PST
Collapse -
Troj/Agent-GPT
by Marianna Schmudlach / February 15, 2008 1:18 AM PST
Collapse -
W32/Autorun-BH
by Marianna Schmudlach / February 15, 2008 1:20 AM PST
Collapse -
Trojan-Dropper.Win32.Small.amj
by Marianna Schmudlach / February 15, 2008 1:22 AM PST
Collapse -
Exploit.Perl.Small.e
by Marianna Schmudlach / February 15, 2008 1:23 AM PST

Technical details

This malicious program exploits a vulnerability in web server configuration in order to propagate. It is a Perl script. It is 3277 bytes in size.

Payload

This malicious program exploits a vulnerability in the Apache web server. If this vulnerability has not been patched on the server which is under attack, the malicious script makes it possible for a malicious user to execute any command on the server.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=158573

Collapse -
Exploit.Perl.Small.d
by Marianna Schmudlach / February 15, 2008 1:24 AM PST

Technical details

This malicious program exploits a vulnerability in web server configuration in order to propagate. It is a Perl script. It is 3507 bytes in size.

Payload

This malicious program exploits a vulnerability in the "PhpMyChat" chat server. If this vulnerability has not been patched on the server which is under attack, the malicious code makes it possible to execute any command on the server.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=155312

Collapse -
Exploit.Perl.Small.c
by Marianna Schmudlach / February 15, 2008 1:25 AM PST

Technical details

This malicious program exploits a vulnerability in web server configuration in order to propagate. It is a Perl script. It is 1747 bytes in size.

Payload

The malicious program exploits a vulnerability in the Horde webmail client. If the vulnerability is not patched on the server under attack, the malicious script makes it possible to get user names and passwords for this mail client.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=155311

Collapse -
Comdori Downloader
by Marianna Schmudlach / February 15, 2008 1:27 AM PST
Collapse -
Troj/Agent-GPV
by Marianna Schmudlach / February 15, 2008 4:58 AM PST
Collapse -
Bat/Autorun-BJ
by Marianna Schmudlach / February 15, 2008 5:00 AM PST

Reported:
2008-02-15

Description:
Bat/Autorun-BJ is a worm for the Windows platform. Bat/Autorun-BJ attempts to copy itself to removable drives and creates an autorun.inf file in those drives in order to execute when they are inserted into a computer running the Windows operating system. Running Bat/Autorun-BJ will cause Windows to shutdown after 30 seconds.

http://www.sophos.com/security/analyses/batautorunbj.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?