Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - January 12, 2006

Jan 11, 2006 11:25PM PST

Discussion is locked

- Collapse -
Troj/Bancos-JL
Jan 11, 2006 11:29PM PST
- Collapse -
Troj/Banload-MG
Jan 12, 2006 12:14AM PST
- Collapse -
Troj/LegMir-FI
Jan 12, 2006 12:15AM PST
- Collapse -
Troj/Dloadr-ACX
Jan 12, 2006 12:17AM PST
- Collapse -
Troj/StartPa-KJ
Jan 12, 2006 12:19AM PST
- Collapse -
W32/Loosky-V
Jan 12, 2006 12:22AM PST

Type
Worm

Aliases
Email-Worm.Win32.Locksky.y
W32/Loosky.gen

W32/Loosky-V is a mass-mailing worm for the Windows platform.

W32/Loosky-V attempts to send itself to email addresses harvested from the infected computer. Emails sent have the following characteristics:

Subject line: Your Ebay account is Suspended

Message text:

Dear eBay Member,

We regret to inform you that your eBay account could be suspended if you don't re-update your
account information.

To resolve this problem please visit link below and re-enter your account information to the attached form.

Attachment name: ebay_info.exe

http://www.sophos.com/virusinfo/analyses/w32looskyv.html

- Collapse -
Troj/Banload-IB
Jan 12, 2006 12:24AM PST
- Collapse -
Troj/DownLdr-TD
Jan 12, 2006 12:26AM PST
- Collapse -
Troj/Stinx-K
Jan 12, 2006 1:06AM PST
- Collapse -
Troj/Loosky-R
Jan 12, 2006 1:08AM PST

Type
Trojan

Aliases
Email-Worm.Win32.Locksky.m

Troj/Loosky-R is a downloading Trojan and proxy server.

Troj/Loosky-R downloads and executes files from a preconfigured URL and provides a proxy server, allowing a remote attacker to route TCP traffic through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojlooskyr.html

- Collapse -
Troj/Aolps-Q
Jan 12, 2006 1:18AM PST
- Collapse -
Troj/Small-IM
Jan 12, 2006 1:19AM PST
- Collapse -
Troj/Swizzor-AG
Jan 12, 2006 1:21AM PST
- Collapse -
Troj/Feutel-CD
Jan 12, 2006 1:24AM PST
- Collapse -
Troj/Hackvan-D
Jan 12, 2006 1:26AM PST
- Collapse -
Troj/Banker-TP
Jan 12, 2006 1:28AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banbra.df

Troj/Banker-TP is a password stealing Trojan for the Windows platform.

The Trojan monitors Internet Explorer sessions and captures keypresses when certain banking sites are visited by displaying fake login windows. The harvested information is then sent to a remote user via email.

http://www.sophos.com/virusinfo/analyses/trojbankertp.html

- Collapse -
W32/Feebs-H
Jan 12, 2006 1:30AM PST

Type
Spyware Worm

Aliases
JS/Kmax.gen@MM
JS_FEEBS.A
Worm.Win32.Feebs.h

W32/Feebs-H is a worm for the Windows platform.

The worm may arrive as an attachment to an email claiming to be sent via "Protected E-Mail service" with bogus credentials. The message may lure the recipient into entering the supplied credentials into an attached HTML document.

W32/Feebs-H spreads via file sharing on peer-to-peer networks.

W32/Feebs-H may also harvest information from the infected computer and send stolen data to a remote user via FTP.

http://www.sophos.com/virusinfo/analyses/w32feebsh.html

- Collapse -
W32/Sdbot-ALZ
Jan 12, 2006 4:20AM PST

Type
Worm

W32/Sdbot-ALZ is a worm and IRC backdoor Trojan for the Windows platform.

W32/Sdbot-ALZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run W32/Sdbot-ALZ copies itself to <System> \svchosts.exe.

http://www.sophos.com/virusinfo/analyses/w32sdbotalz.html

- Collapse -
Troj/DownLdr-SI
Jan 12, 2006 4:22AM PST
- Collapse -
W32/Rbot-BKV
Jan 12, 2006 4:25AM PST

Type
Worm

W32/Rbot-BKV is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BKV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run W32/Rbot-BKV copies itself to <System> \winupdatexx.exe.

http://www.sophos.com/virusinfo/analyses/w32rbotbkv.html

- Collapse -
Troj/Agent-PQ
Jan 12, 2006 4:26AM PST
- Collapse -
Troj/LewDl-I
Jan 12, 2006 4:28AM PST
- Collapse -
Troj/Banker-VE
Jan 12, 2006 4:30AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.ahy

Troj/Banker-VE is a password stealing Trojan targeted at customers of Brazilian banks.

Troj/Banker-VE attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbankerve.html

- Collapse -
W32/Tilebot-CW
Jan 12, 2006 4:32AM PST
- Collapse -
W32/Sdbot-ALY
Jan 12, 2006 4:36AM PST
- Collapse -
Troj/Zlob-CK
Jan 12, 2006 4:37AM PST
- Collapse -
Troj/Shredl-G
Jan 12, 2006 4:39AM PST
- Collapse -
Troj/Banload-HZ
Jan 12, 2006 4:41AM PST
- Collapse -
Troj/Bancban-NN
Jan 12, 2006 4:43AM PST

Type
Spyware Trojan

Aliases
Trojan-Spy.Win32.Banker.apk
PWS-Banker.gen.bb

Troj/Bancban-NN is a Trojan for the Windows platform.

Troj/Bancban-NN includes functionality to:

- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations

http://www.sophos.com/virusinfo/analyses/trojbancbannn.html

- Collapse -
Troj/LewDl-J
Jan 12, 2006 4:45AM PST