Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - January 19, 2006

by roddy32 / January 18, 2006 8:56 PM PST

Troj/Ooj-B

Type
Spyware Trojan

Aliases
Trojan-PSW.Win32.VB.fl

Troj/Ooj-B is a password stealing Trojan for the Windows platform.

Troj/Ooj-B harvests email account information, passwords and ICQ numbers from the infected computer, and emails stolen data to a remote attacker.

http://www.sophos.com/virusinfo/analyses/trojoojb.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - January 19, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - January 19, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-BPQ
by roddy32 / January 18, 2006 9:05 PM PST
Collapse -
Troj/Bancban-OA
by roddy32 / January 18, 2006 9:07 PM PST
Collapse -
Troj/Banload-IY
by roddy32 / January 18, 2006 9:45 PM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.Banload.pc

Troj/Banload-IY is a Trojan for the Windows platform.

Troj/Banload-IY includes functionalities to:

- access the internet and communicate with a remote server via HTTP
- download, install and run new software

http://www.sophos.com/virusinfo/analyses/trojbanloadiy.html

Collapse -
Troj/Banload-LK
by roddy32 / January 18, 2006 9:49 PM PST
Collapse -
W32/Rbot-BPO
by roddy32 / January 18, 2006 9:51 PM PST

Type
Spyware Worm

Aliases
WORM_RBOT.DOC

W32/Rbot-BPO is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BPO spreads:

- to other network computers infected with Troj/Kuang
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012)
- by copying itself to network shares protected by weak passwords

http://www.sophos.com/virusinfo/analyses/w32rbotbpo.html

Collapse -
W32/Rbot-BPR
by roddy32 / January 18, 2006 9:54 PM PST

Type
Spyware Worm

Aliases
Backdoor.Win32.Rbot.adi

W32/Rbot-BPR is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BPR spreads:

- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), PNP (MS05-039) and ASN.1 (MS04-007)
- by copying itself to network shares protected by weak passwords

http://www.sophos.com/virusinfo/analyses/w32rbotbpr.html

Collapse -
W32/Rbot-BPP
by roddy32 / January 18, 2006 9:56 PM PST
Collapse -
Troj/Banload-IZ
by roddy32 / January 18, 2006 9:58 PM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.Banload.ap

Troj/Banload-IZ is a Trojan for the Windows platform.

Troj/Banload-IZ has the functionalities to:

- access the Internet and communicate with a remote server via HTTP
- download, install and run new software

http://www.sophos.com/virusinfo/analyses/trojbanloadiz.html

Collapse -
Troj/Vixup-BH
by roddy32 / January 19, 2006 2:11 AM PST

Type
Trojan

Aliases
Trojan-Downloader.Win32.Tibs.p
BackDoor-AZV

Troj/Vixup-BH is a Trojan for the Windows platform.

Troj/Vixup-BH includes functionality to:

-download, install and run new software
-communicate information to a remote server

http://www.sophos.com/virusinfo/analyses/trojvixupbh.html

Collapse -
W32/Rbot-BPT
by roddy32 / January 19, 2006 2:14 AM PST

Type
Worm

Aliases
Backdoor.Win32.Rbot.amy
W32/Sdbot.worm.gen.bh
WORM_RBOT.CTX

W32/Rbot-BPT is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-BPT runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels

http://www.sophos.com/virusinfo/analyses/w32rbotbpt.html

Collapse -
Troj/Spywad-T
by roddy32 / January 19, 2006 2:18 AM PST
Collapse -
Troj/Ghudl-B
by roddy32 / January 19, 2006 2:21 AM PST
Collapse -
Troj/Ghudl-C
by roddy32 / January 19, 2006 2:24 AM PST
Collapse -
W32/Sdbot-AKS
by roddy32 / January 19, 2006 2:26 AM PST
Collapse -
W32/Zotob-K
by Marianna Schmudlach / January 19, 2006 9:16 AM PST

Type Worm

Aliases Net-Worm.Win32.Mytob.dt

W32/Zotob-K is a mass-mailing and network worm and IRC backdoor Trojan for the Windows platform.

W32/Zotob-K spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: PNP (MS05-039) and ASN.1 (MS04-007), as well as to network shares with weak passwords.

W32/Zotob-K runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels, including the ability to download and execute files on the infected computer.

W32/Zotob-K can spread by sending itself as an email attachment to email addresses it harvests from the infected computer, either as an attachment with a double-extension or as a zip file containing a file with a double-extension. W32/Zotob-K avoids sending emails to addresses containing certain strings in them.

W32/Zotob-K processes the emails it has harvested by splitting them into name and domain. Once it has sent itself to the emails it has harvested, it uses a predefined list of names with the harvested domains. W32/Zotob-K spoofs the sender, sending emails as if from one of the following at the same domain as the recipient:

support
administrator
mail
service
admin
info
register
webmaster

For example if sending itself to name@example.com, W32/Zotob-K might send the email as if from admin@example.com.

Emails sent by the worm have characteristics from the following:

More: http://www.sophos.com/virusinfo/analyses/w32zotobk.html

Collapse -
W32/Zotob-Fam
by Marianna Schmudlach / January 19, 2006 9:17 AM PST

Type Worm

W32/Zotob-Fam is a family of network worms with IRC backdoor Trojan functionality. Some members of W32/Zotob-Fam also have email worm functionality.

Members of W32/Zotob-Fam usually spread to other network computers by exploiting common buffer overflow vulnerabilites, mainly PnP (MS05-039).

Members of W32/Zotob-Fam usually modifiy the HOSTS file to prevent access to various anti-virus and security-related websites.

Some members of W32/Zotob-Fam use their own SMTP engine to send themselves to email addresses harvested from files on the infected computer and from the Windows address book, but usually will avoid addresses containing certain strings.

http://www.sophos.com/virusinfo/analyses/w32zotobfam.html

Collapse -
W32/Rbot-BPE
by Marianna Schmudlach / January 19, 2006 9:18 AM PST

Type Worm

Aliases W32/Sdbot.worm.gen.g

W32/Rbot-BPE is a network worm with IRC backdoor functionality.

W32/Rbot-BPE spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012) and ASN.1 (MS04-007).

W32/Rbot-BPE allows a remote attacker to gain access and control over the infected computer using IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbpe.html

Collapse -
W32/Sdbot-AOK
by Marianna Schmudlach / January 19, 2006 9:19 AM PST

Type Spyware Worm

Aliases Backdoor.Win32.SdBot.ajs
WORM_SDBOT.DDG

W32/Sdbot-AOK is a network worm with backdoor Trojan functionality for the Windows platform.

When first run, W32/Sdbot-AOK copies itself to the Windows system folder as netdrvr.exe and registers itself as a system service named "NTDRV" with the display name "Network DRV". The newly created service is set with a startup type of automatic such that netdrvr.exe is run at system start.

W32/Sdbot-AOK connects to a predetermined IRC channel and awaits further commands from remote users.

The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities such as LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007).

http://www.sophos.com/virusinfo/analyses/w32sdbotaok.html

Collapse -
Troj/BeastCon-A
by Marianna Schmudlach / January 19, 2006 9:20 AM PST

Type Trojan

Aliases Backdoor.Win32.Beastdoor.202.a
BackDoor-AMQ
Win32/Beastdoor.202
Backdoor.Beasty.Kit
BKDR_BEASTDOOR.J

Troj/BeastCon-A is a construction kit and a client for backdoor Trojans.

The kit allows the generation of server programs that can run either in stealth mode or visibly (as Remote Administration tools) on the victim's computer.

The infected computer is vulnerable to unauthorized access attacks from network locations. In order to gain complete access to the infected computer an attacker has to run the Trojan client program.

http://www.sophos.com/virusinfo/analyses/trojbeastcona.html

Collapse -
Troj/Prosti-D
by Marianna Schmudlach / January 19, 2006 9:21 AM PST
Collapse -
Troj/Banker-WW
by Marianna Schmudlach / January 19, 2006 9:22 AM PST

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ahy

Troj/Banker-WW is a Trojan for the Windows platform.

The Trojan monitors open windows for browser sessions with certain banking websites. Troj/Banker-WW steals login credentials and sends stolen information to a remote attacker via email.

http://www.sophos.com/virusinfo/analyses/trojbankerww.html

Collapse -
Troj/AdClick-BV
by Marianna Schmudlach / January 19, 2006 9:23 AM PST
Collapse -
Troj/VB-TA
by Marianna Schmudlach / January 19, 2006 9:24 AM PST
Collapse -
W32/Forbot-Gen
by Marianna Schmudlach / January 19, 2006 9:25 AM PST

Type Worm

W32/Forbot-Gen detects members of the Forbot family of worms.

W32/Forbot-Gen worms typically attempt to spread to remote shares and open a backdoor on an infected computer.

W32/Forbot-Gen worms typically copy themselves to the Windows system folder and create registry entries under the following locations in order to run on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

http://www.sophos.com/virusinfo/analyses/w32forbotgen.html

Collapse -
W32/MyDoom-Gen
by Marianna Schmudlach / January 19, 2006 9:26 AM PST
Collapse -
W32/Mytob-Fam
by Marianna Schmudlach / January 19, 2006 9:27 AM PST
Collapse -
W32/Kookoo-A
by Marianna Schmudlach / January 19, 2006 11:32 AM PST

Type Virus

W32/Kookoo-A is a virus for the Windows platform.

W32/Kookoo-A spreads via infected files.

W32/Kookoo-A runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

W32/Kookoo-A includes functionality to:

- send stolen confidential information to a remote address
- provide a proxy server
- silently download, install and run new software
- terminate and delete anti-virus related software

http://www.sophos.com/virusinfo/analyses/w32kookooa.html

Collapse -
Troj/MancSyn-C
by Marianna Schmudlach / January 19, 2006 11:33 AM PST
Collapse -
Troj/Zapchas-AH
by Marianna Schmudlach / January 19, 2006 11:34 AM PST
Collapse -
W32/Waven-A
by Marianna Schmudlach / January 19, 2006 11:35 AM PST

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!