General discussion

VIRUS ALERTS - February 22, 2005

W32/Sdbot-VL
Summary

Type Worm

W32/Sdbot-VL is a worm with backdoor functionality.
W32/Sdbot-VL may spread to remote network shares with weak passwords.
W32/Sdbot-VL connects to a predetermined IRC channel and runs in the background listening for backdoor commands.
W32/Sdbot-VL contains functionality to participate in denial of service attacks and download and run further code.
W32/Sdbot-VL may spread as an archive file that also drops the proxy Trojan Troj/Ranck-CC.

http://www.sophos.com/virusinfo/analyses/w32sdbotvl.html

Discussion is locked

Follow
Reply to: VIRUS ALERTS - February 22, 2005
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: VIRUS ALERTS - February 22, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
W32/Codbot-F

Aliases WORM_CODBOT.E

Type Worm

W32/Codbot-F is a backdoor Trojan containing functionality to spread via network shares.
The worm connects to an IRC channel and listens for backdoor commands from a remote attacker. The backdoor functionality of the worm includes the ability to steal passwords and system information, sniff packets or open an FTP or TFTP server.

http://www.sophos.com/virusinfo/analyses/w32codbotf.html

- Collapse -
Troj/Flatsurf-B

Aliases Trojan-Proxy.Win32.FlatSurfer.033

Type Trojan

Troj/Flatsurf-B is a proxy Trojan for the Windows platform.
Once installed Troj/Flatsurf-B runs in the background as a proxy server providing the possibility to reroute data to other computers via the proxy, in order to bypass access restrictions and to hide the IP address of the source computer.
Troj/Flatsurf-B also provides a silent uninstall option.

http://www.sophos.com/virusinfo/analyses/trojflatsurfb.html

- Collapse -
W32/Rbot-WJ

Aliases Backdoor.Win32.Rbot.jd

Type Worm

W32/Rbot-WJ is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotwj.html

- Collapse -
Troj/Borobot-F
- Collapse -
Troj/Agent-CE

Type Trojan

Troj/Agent-CE is a backdoor Trojan for the Windows platform.
Troj/Agent-CE reports its presence to a preconfigured remote location, and can steal system information, modify files and download and run executable code.

http://www.sophos.com/virusinfo/analyses/trojagentce.html

- Collapse -
W32/Bropia-P

Aliases WORM_BROPIA.S
W32/Bropia.worm.q

Type Worm

W32/Bropia-P is a worm for the Windows platform.
The worm monitors the status of MSN Messenger and sends a copy of itself to Messenger contacts.
W32/Bropia-P drops a file to the Windows system folder named winis.exe which is detected by Sophos's anti-virus products as W32/Rbot-WI

http://www.sophos.com/virusinfo/analyses/w32bropiap.html

- Collapse -
Troj/StartPa-ET
- Collapse -
Troj/Goldun-I
- Collapse -
W32/Rbot-WI

Aliases WORM_RBOT.AOR
Backdoor.Win32.Rbot.je

Type Worm

W32/Rbot-WI is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-WI speads to network shares with weak passwords and by exploiting system vulnerabilities including the RPC DCOM (MS04-012) and LSASS (MS04-011) vulnerabilities.
W32/Rbot-WI can also download and execute remote files on the infected computer, log keystrokes and flood other computers with network packets and terminate processes.

http://www.sophos.com/virusinfo/analyses/w32rbotwi.html

- Collapse -
Troj/Bancban-BL

Aliases Trojan-Spy.Win32.Banker.ju

Type Trojan

Troj/Bancban-BL is a password stealing Trojan for the Windows platform.
Troj/Bancban-BL monitors which URLs are visited by the web browser and creates fake web pages for certain Brazilian banking sites in order to log account information. The logged information is sent to remote users via email.

http://www.sophos.com/virusinfo/analyses/trojbancbanbl.html

- Collapse -
Troj/StartPa-EX
- Collapse -
W32/Domwis-G

Aliases Backdoor.Win32.Wisdoor.k

Type Worm

W32/Domwis-G is a network worm with backdoor functionality for the Windows platform that allows a malicious user remote access to an infected computer.
W32/Domwis-G can delete, download and execute remote files on the infected computer. The backdoor component can be used to send files to other IRC users.
The backdoor component can be used to flood other computers with internet traffic. To evade detection, the worm can spoof the IP address of the infected computer.
The backdoor component of W32/Domwis-G can steal system information, log keystrokes, create screen and webcam captures and send them to a remote user.
The backdoor component can also be used to scan other computers for open ports and for vulnerabilities in web and database servers.

http://www.sophos.com/virusinfo/analyses/w32domwisg.html

- Collapse -
Troj/Dluca-AH
- Collapse -
Troj/Ablank-D

Aliases Trojan.Win32.StartPage.qr
StartPage-DU.dll
Trojan.Startpage-215

Type Trojan

Troj/Ablank-D is a browser hijacking Trojan.
Troj/Ablank-D changes settings for Internet Explorer and intercepts attempts to view the home page, instead showing a custom start page.
Troj/Ablank-D provides an uninstallation option via the Add or Remove Programs dialog in the Windows Control Panel.

http://www.sophos.com/virusinfo/analyses/trojablankd.html

- Collapse -
Troj/Daemoni-W
- Collapse -
Troj/Bckdr-AZV
- Collapse -
W32/Sdbot-VM

Aliases Backdoor.Win32.SdBot.gen
probably unknown WIN32

Type Worm

W32/Sdbot-VM is a worm which attempts to spread to remote network shares. It also contains backdoor functionality, allowing unauthorised remote access to the infected computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32sdbotvm.html

- Collapse -
Troj/Ablank-E

Aliases Trojan.Win32.StartPage.ux
StartPage-DU.dll.dr

Type Trojan

Troj/Ablank-E is a browser hijacking Trojan.
Troj/Ablank-E changes settings for Internet Explorer and intercepts attempts to view the home page, instead showing a file dropped by the Trojan.

http://www.sophos.com/virusinfo/analyses/trojablanke.html

CNET Forums

Forum Info