General discussion

VIRUS ALERTS - January 10, 2007

Discussion is locked

Follow
Reply to: VIRUS ALERTS - January 10, 2007
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: VIRUS ALERTS - January 10, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Troj/Cyn-B
- Collapse -
W32/Spybot-NC
- Collapse -
W32/Sdbot-CWQ
- Collapse -
W32/IRCBot-TM
- Collapse -
W32/Rbot-GAL

Type Spyware Worm

Aliases W32.Spybot.Worm

W32/Rbot-GAL is a worm and backdoor Trojan for the Windows platform.

W32/Rbot-GAL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-GAL spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: SRVSVC (MS06-040), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007).

http://www.sophos.com/virusinfo/analyses/w32rbotgal.html

- Collapse -
W32/Rbot-GAM

Type Spyware Worm

Aliases W32.Spybot.Worm

W32/Rbot-GAM is a worm and backdoor Trojan for the Windows platform.

W32/Rbot-GAM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-GAM spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: SRVSVC (MS06-040), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007).

http://www.sophos.com/virusinfo/analyses/w32rbotgam.html

- Collapse -
Troj/Zlob-XZ
- Collapse -
Troj/SilentS-E
- Collapse -
Troj/SilentS-F
- Collapse -
Troj/Control-J
- Collapse -
Troj/Control-K
- Collapse -
Troj/Schwind-C
- Collapse -
W32.Kakavex
- Collapse -
NetCat
- Collapse -
TROJ_YABE.AS

Alert ID : FrSIRT/ALRT-2007-00210
Aliases : N/A
Size : 15360 bytes
Rated as : Low Risk
Release Date : 2007-01-10


Description

This Trojan usually arrives on a system as an attachment to a spammed email message. It may also be dropped or downloaded file of other malware from a remote site.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_YABE.AS

Credits

Reported by Trend Micro

- Collapse -
W32.Mytob.RD@mm
- Collapse -
W32/Fujacks-D

Type Virus

Aliases Worm.Win32.Delf.bd
W32/Fujacks.worm
WORM_NIMAYA.AG

W32/Fujacks-D is a prepending virus and worm with backdoor functionality for the Windows platform.

W32/Fujacks-D spreads to other network computers through available network shares and removeable storage devices.

W32/Fujacks-D runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

W32/Fujacks-D includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/security/analyses/w32fujacksd.html

- Collapse -
W32/Fujacks-E

Type Virus

Aliases W32/Fujacks.f
Trojan-PSW.Win32.QQRob.kl
Win32/Fujacks.H
PE_FUJACKS.F-O

W32/Fujacks-E is a prepending virus and worm with backdoor functionality for the Windows platform.

W32/Fujacks-E spreads to other network computers through available network shares and removeable storage devices.

W32/Fujacks-E runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

W32/Fujacks-E includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Fujacks-E may change HTML files.


http://www.sophos.com/virusinfo/analyses/w32fujackse.html

- Collapse -
Troj/XHide-A
- Collapse -
W32/Rbot-GAO

Type Worm

W32/Rbot-GAO is a worm with IRC backdoor functionality for the Windows platform.

W32/Rbot-GAO runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotgao.html

- Collapse -
Troj/Bckdr-PVJ

Type Trojan

Aliases W32/Sdbot.VRY

Troj/Bckdr-PVJ is a Trojan for the Windows platform.

Troj/Bckdr-PVJ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

http://www.sophos.com/virusinfo/analyses/trojbckdrpvj.html

- Collapse -
Troj/Zlob-YA
- Collapse -
Troj/WoW-IW

Type Spyware Trojan

Aliases Win32/PSW.WOW.JE

Troj/WoW-IW is a Trojan for the Windows platform.

Troj/WoW-IW contains functionality to monitor processes for and steal usernames and passwords from the online game World of Warcraft.

http://www.sophos.com/virusinfo/analyses/trojwowiw.html

- Collapse -
W32/Tilebot-IH

Type Worm

Aliases Backdoor.Win32.SdBot.xd

W32/Tilebot-IH is a worm with IRC backdoor functionality for the Windows platform.

W32/Tilebot-IH spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), SRVSVC (MS06-040), RPC-DCOM (MS04-012), PNP (MS05-039), ASN.1 (MS04-007) and RealVNC (CVE-2006-2369).

W32/Tilebot-IH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Tilebot-IH includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/w32tilebotih.html

- Collapse -
W32/Spybot-ND

Type Worm

Aliases Backdoor.Win32.IRCBot.zd

W32/Spybot-ND is a worm with IRC backdoor functionality for the Windows platform.

W32/Spybot-ND spreads to other network computers by exploiting common buffer overflow vulnerabilities, including RealVNC (CVE-2006-2369).

http://www.sophos.com/virusinfo/analyses/w32spybotnd.html

- Collapse -
W32/Rbot-GAN

Type Worm

Aliases Backdoor.Win32.Rbot.gen
WORM_RBOT.BIL

W32/Rbot-GAN is a worm and backdoor Trojan for the Windows platform.

W32/Rbot-GAN spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), MSSQL (MS02-039) (CAN-2002-0649) and Realcast.

http://www.sophos.com/virusinfo/analyses/w32rbotgan.html

CNET Forums

Forum Info