Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 10, 2006

Jan 9, 2006 9:38PM PST

Discussion is locked

- Collapse -
W32/Stap-A
Jan 9, 2006 9:40PM PST

Type
Worm

Aliases
Net-Worm.Win32.Stap.f
W32.Yourip

W32/Stap-A is a worm for the Windows platform.

W32/Stap-A has the functionalities to:

- spread by network shares
- send mail to email addresses found on the infected computer

http://www.sophos.com/virusinfo/analyses/w32stapa.html

- Collapse -
Troj/Krepper-AM
Jan 9, 2006 9:42PM PST
- Collapse -
Troj/DownLdr-SM
Jan 9, 2006 9:43PM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.Tiny.am

Troj/DownLdr-SM is a Trojan for the Windows platform.

Troj/DownLdr-SM includes functionality to download, install and run new software.

Troj/DownLdr-SM downloads and runs Troj/Torpig-AA.

http://www.sophos.com/virusinfo/analyses/trojdownldrsm.html

- Collapse -
Troj/Torpig-AA
Jan 9, 2006 9:45PM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Agent.jl

Troj/Torpig-AA is an information stealing Trojan for the Windows platform.

The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP.

http://www.sophos.com/virusinfo/analyses/trojtorpigaa.html

- Collapse -
Troj/Banker-VF
Jan 9, 2006 9:47PM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.aps
PWS-Banker.gen.bb

Troj/Banker-VF is a Trojan for the Windows platform.

Troj/Banker-VF includes functionality to send notification messages to remote locations.

The Trojan monitors Internet Explorer sessions and attempts to steal credentials entered into login forms on certain financial websites. Collected information is sent to a remote attacker via email or FTP.

http://www.sophos.com/virusinfo/analyses/trojbankervf.html

- Collapse -
W32/Mytob-GN
Jan 9, 2006 11:42PM PST

Type
Worm

Aliases
Net-Worm.Win32.Mytob.gen
W32/Mytob.hm@MM

W32/Mytob-GN is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.

W32/Mytob-GN spreads via its built in mass mailing functionality.

http://www.sophos.com/virusinfo/analyses/w32mytobgn.html

- Collapse -
Troj/Bancos-JE
Jan 9, 2006 11:44PM PST

Type
Spyware Trojan

Troj/Bancos-JE is an information stealing Trojan for the Windows platform.

Troj/Bancos-JE targets the customers of certain Brazilian online banking websites by displaying fake interfaces and recording any details that are entered.

http://www.sophos.com/virusinfo/analyses/trojbancosje.html

- Collapse -
W32/Rbot-BJZ
Jan 9, 2006 11:46PM PST

Type
Worm

Aliases
Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.br

W32/Rbot-BJZ is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BJZ can spread in the following ways:
- via network shares with weak passwords
- to other network computers infected with W32/MyDoom or W32/Bagle
- by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), Veritas (CAN-2004-1172) and ASN.1 (MS04-007).

W32/Rbot-BJZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-BJZ attempts to disable various security related applications.

http://www.sophos.com/virusinfo/analyses/w32rbotbjz.html

- Collapse -
W32/Alcra-E
Jan 10, 2006 9:00AM PST

Type Worm

Aliases Trojan-Dropper.Win32.WinAD.h
W32.Alcra.D
TROJ_DROPPER.OX

W32/Alcra-E is a worm for the Windows platform which may arrive disguised as a Windows Media Player file.

W32/Alcra-E spreads via file sharing on P2P networks.

W32/Alcra-E includes functionality to download, install and run new malware executables.

Once executed W32/Alcra-E displays the following fake error message:

Title: Windows media player
Message text: Codec Error : 60034 Please Check Codec Exists

W32/Alcra-E also drops W32/Rbot-BJU.


http://www.sophos.com/virusinfo/analyses/w32alcrae.html

- Collapse -
WM97/Sapattra-A
Jan 10, 2006 9:01AM PST
- Collapse -
W32/Rbot-BJU
Jan 10, 2006 9:02AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.afu
WORM_RBOT.CNG

W32/Rbot-BJU is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BJU spreads:
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012)
- by copying itself to network shares protected by weak passwords

W32/Rbot-BJU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbju.html

- Collapse -
Troj/Danmec-K
Jan 10, 2006 9:03AM PST

Type Trojan

Aliases Danmec
Trojan.Danmec

Troj/Danmec-K is a Trojan for the Windows platform.

Troj/Danmec-K can be used in conjunction with other malware to offer remote
attackers the ability to route HTTP traffic through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojdanmeck.html

- Collapse -
Troj/Danmec-M
Jan 10, 2006 9:05AM PST

Type Trojan

Aliases Danmec
Trojan.Danmec

Troj/Danmec-M is a Trojan for the Windows platform.

Troj/Danmec-M can be used in conjunction with other malware to offer remote
attackers the ability to route HTTP traffic through the infected computer

http://www.sophos.com/virusinfo/analyses/trojdanmecm.html

- Collapse -
Troj/Danmec-L
Jan 10, 2006 9:06AM PST

Type Trojan

Aliases Danmec
Trojan.Danmec
TROJ_DANMEC.I

Troj/Danmec-L is a Trojan for the Windows platform.

Troj/Danmec-L can be used in conjunction with other malware to offer remote
attackers the ability to route HTTP traffic through the infected computer

http://www.sophos.com/virusinfo/analyses/trojdanmecl.html

- Collapse -
W32/Rbot-BJV
Jan 10, 2006 9:07AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.amz

W32/Rbot-BJV is a network worm with backdoor functionality for the Windows platform.

W32/Rbot-BJV spreads using a variety of techniques including exploiting weak passwords on computers and exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WKS and ASN.1).

W32/Rbot-BJV can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BJV can be instructed by a remote user to perform the following functions:

start an FTP server
start a Proxy server
take part in distributed denial of service (DDoS) attacks
log keypresses
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)

http://www.sophos.com/virusinfo/analyses/w32rbotbjv.html

- Collapse -
W32/Rbot-BJU
Jan 10, 2006 9:08AM PST

Type Worm

Aliases Backdoor.Win32.Rbot.afu
WORM_RBOT.CNG

W32/Rbot-BJU is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BJU spreads:
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012)
- by copying itself to network shares protected by weak passwords

W32/Rbot-BJU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbju.html

- Collapse -
Troj/Zlob-CJ
Jan 10, 2006 9:09AM PST
- Collapse -
Troj/Banker-VK
Jan 10, 2006 9:10AM PST
- Collapse -
Troj/Zlob-BK
Jan 10, 2006 9:11AM PST
- Collapse -
Troj/Zlob-DQ
Jan 10, 2006 9:11AM PST
- Collapse -
W32/Rbot-BKA
Jan 10, 2006 3:16PM PST

Name W32/Rbot-BKA

Aliases WORM_OPANKI.BE

W32/Rbot-BKA is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BKA runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbka.html

- Collapse -
Troj/Spyjack-K
Jan 10, 2006 3:17PM PST
- Collapse -
Troj/Zlob-DR
Jan 10, 2006 3:18PM PST
- Collapse -
Troj/Iefeat-AZ
Jan 10, 2006 3:19PM PST
- Collapse -
Troj/Zlob-BY
Jan 10, 2006 3:20PM PST
- Collapse -
Troj/Lineage-DY
Jan 10, 2006 3:21PM PST
- Collapse -
Troj/Dialer-Y
Jan 10, 2006 3:22PM PST