 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/Horst-C
Type
Spyware Trojan
Troj/Horst-C is a keylogging Trojan for the Windows platform.
When run Troj/Horst-C may display a fake error message box with the title "Version" and the message "Software incompatibility occured! Please download another version."
http://www.sophos.com/virusinfo/analyses/trojhorstc.html
Discussion is locked
Type
Trojan
Aliases
Trojan-Downloader.Win32.Zlob.dp
Troj/Puper-AN is a downloader Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojpuperan.html
Type
Trojan
Aliases
Trojan.Zlob
Troj/Puper-AO is a downloader Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojpuperao.html
Type
Worm
Aliases
Net-Worm.Win32.Mytob.bi
WORM_MYTOB.NZ
W32/Mytob-GL is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-GL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Emails sent by W32/Mytob-GL sends emails in the following format, with details filled in to make the email look more authentic:
Subject line chosen from:
Your password has been updated
Your password has been successfully updated
You have successfully updated your password
Your new account password is approved
Your Account is Suspended
*DETECTED* Online User Violation
Your Account is Suspended For Security Reasons
Warning Message: Your services near to be closed.
Important Notification
Members Support
Security measures
Email Account Suspension
Notice of account limitation
<random characters>
Message text chosen from (the worm will insert the username and the email domain of the addressee into the email):
'Dear user <UserName>,
You have successfully updated the password of your <domain> account.
If you did not authorize this change or if you need assistance with your account, please contact <domain> customer service at: <sender@domain>
Thank you for using <domain>!
The <domain> Support Team
+++ Attachment: No Virus (Clean)
+++ <domain> Antivirus - www.<domain>'
'Dear user <UserName>,
It has come to our attention that your <domain> User Profile ( x ) records are out of date. For further details see the attached document.
Thank you for using <domain>!
The <domain> Support Team
+++ Attachment: No Virus (Clean)
+++ <domain> Antivirus - www.<domain>'
'Dear <domain> Member,
We have temporarily suspended your email account <UserEmailAddress>.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your <domain> account.
Sincerely,The <domain> Support Team
+++ Attachment: No Virus (Clean)
+++ <domain> Antivirus - www.<domain>'
'Dear <domain> Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.
Virtually yours,
The <domain> Support Team
+++ Attachment: No Virus found
+++ <domain> Antivirus - www.<domain>'
The attached file consists of a base name followed by the extension ZIP. The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is BAT, CMD, PIF, SCR, EXE or ZIP. The base filenames are randomly chosen from:
updated-password
email-password
new-password
password
approved-password
account-password
accepted-password
important-details
account-details
email-details
account-info
document
readme
account-report
<random characters>
The zip file will contain the worm with double extension. The first extension will be one of DOC, HTM, TXT followed by spaces and the second extension is EXE, SCR or PIF.
W32/Mytob-GL harvests email addresses from files on the infected computer and from the Windows address book.
Sophos's anti-virus products include Genotype? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Mytob-GL (detected as W32/Mytob-Fam) since version 3.99.
http://www.sophos.com/virusinfo/analyses/w32mytobgl.html
Type
Trojan
Aliases
Trojan-Downloader.Win32.Agent.ti
Troj/PurScan-AM is a Trojan for the Windows platform.
Troj/PurScan-AM includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojpurscanam.html
Type
Trojan
Aliases
Backdoor.Win32.VBbot.ad
Troj/VBbot-P is a backdoor Trojan for the Windows platform that allows access to the infected computer via an IRC channel.
Troj/VBbot-P contains the functionality to download files and access the Internet.
http://www.sophos.com/virusinfo/analyses/trojvbbotp.html
W32/Hazif-C
W32/Hazif-C is a password stealing worm for the Windows platform.
W32/Hazif-C can spread to the floppy drive with a preconfigured filename.
W32/Hazif-C can be used to steal passwords for Yahoo Instant Messenger and can be preconfigured to send stolen passwords via email, Yahoo IM, or by accessing a remote URL.
http://www.sophos.com/virusinfo/analyses/w32hazifc.html
Type
Trojan
Aliases
Backdoor.Win32.Robobot.az
DDoS-Boxed
Troj/Borobot-V is an IRC backdoor Trojan for windows platform.
http://www.sophos.com/virusinfo/analyses/trojborobotv.html
Type
Trojan
Troj/Small-FS is a Trojan for the Windows platform.
Troj/Small-FS includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojsmallfs.html
Type
Trojan
Aliases
Trojan-Downloader.Win32.Harnig.ax
Troj/Dloadr-AH is a Trojan for the Windows platform.
Troj/Dloadr-AH includes functionality to access the internet and communicate with a remote server via HTTP.
http://www.sophos.com/virusinfo/analyses/trojdloadrah.html
Type
Spyware Worm
Aliases
Backdoor.Win32.Rbot.alk
W32/Sdbot.worm.gen.ae
W32/Rbot-BFV is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-BFV spreads using a variety of techniques including:
-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities
-using backdoors opened by other worms or Trojans.
W32/Rbot-BFV can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BFV can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software
http://www.sophos.com/virusinfo/analyses/w32rbotbfv.html
Type
Spyware Worm
Aliases
Backdoor.Win32.IRCBot.az
W32/Rbot-BFU is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-BFU spreads using a variety of techniques including:
-exploiting weak passwords on computers and SQL servers
-exploiting operating system vulnerabilities
-using backdoors opened by other worms or Trojans.
W32/Rbot-BFU can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-BFU can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software
http://www.sophos.com/virusinfo/analyses/w32rbotbfu.html
Type
Trojan
Aliases
Trojan-PSW.Win32.VB.fu
PWS.g
Troj/HazifKit-B is a tool for creating password-stealing Trojans.
Trojans produced using this tool are detected as Troj/Hazif-C.
http://www.sophos.com/virusinfo/analyses/trojhazifkitb.html
Type
Trojan
Troj/Agent-IH is a Trojan for the Windows platform.
Troj/Agent-IH will harvest email addresses from the infected computer and report them to a remote URL.
Troj/Agent-IH may inject code into running processes in order to avoid detection.
http://www.sophos.com/virusinfo/analyses/trojagentih.html
Type
Spyware Trojan
Aliases
PWS-Banker.gen.t
Troj/Iyus-P is a password stealing Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojiyusp.html
Type
Spyware Trojan
Aliases
Trojan-PSW.Win32.Agent.an
Troj/Agent-HZ is a password stealing Trojan for the Windows platform.
Troj/Agent-HZ has the functionalities to:
- steal email server passwords
- send notification messages to remote locations
- access the Internet and communicate with a remote server via HTTP
http://www.sophos.com/virusinfo/analyses/trojagenthz.html
Type
Spyware Trojan
Aliases
Trojan-PSW.Win32.Lmir.kn
W32/Legendmir.FJ
Troj/LegMir-CN is a password stealing Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojlegmircn.html
Type
Spyware Worm
Aliases
WORM_RBOT.ALO
W32/Rbot-ALO is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ALO spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-ALO can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-ALO can be instructed by a remote user to perform the following functions:
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
W32/Rbot-ALO will attempt to terminate processes associated with security and anti-virus products.
http://www.sophos.com/virusinfo/analyses/w32rbotalo.html
Type
Trojan
Troj/Dloader-HK is a downloader Trojan for the Windows platform.
Troj/Dloader-HK will drop a DLL file to the Windows temporary folder with a random name starting with stb. This file is then used to download and install a program without the users knowledge.
The Trojan will remove old versions of the program before installing the new program. This downloaded program is installed as a Browser Helper Object.
http://www.sophos.com/virusinfo/analyses/trojdloaderhk.html
Troj/Choup-A
Troj/Choup-A is a Trojan for the Windows platform.
The Trojan can perform the following functions:
steal information
sends email
send, recieve and execute files
harvest email addresses from files containing HTM or TXT file extensions
log URLs visited
disable Windows Update
Modify the system registry
reduce the security zone settings for Internet Explorer
post information to remote sites via FTP or HTTP
http://www.sophos.com/virusinfo/analyses/trojchoupa.html
Type
Spyware Trojan
Aliases
Trojan-Spy.Win32.Banker.jv
PWS-Banker.j
Troj/BankAsh-A is a banker and password stealing Trojan.
Troj/BankAsh-A will spy on a user's internet access. When certain banking and finance websites are accessed, the Trojan can display a fake login page or log keyboard presses in order to steal username and password information. Targeted banks include the following:
Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest, Smile
The Trojan can also steal email login details and passwords from the protected store. Periodically, Troj/BankAsh-A will send the stolen details to a remote FTP site.
Troj/BankAsh-A will attempt to disable the beta version of Microsoft AntiSpyware. The Trojan may also attempt to deny access to a number of security-related and anti-virus websites.
http://www.sophos.com/virusinfo/analyses/trojbankasha.html
Type
Trojan
Aliases
Backdoor.Win32.Bifrose.d
BackDoor-CKA
Trojan.Bifrose-4
Troj/Bckdr-CKA is a Trojan for the Windows platform.
The Trojan connect to a predetermined site and recieves backdoor commands from a remote user.
http://www.sophos.com/virusinfo/analyses/trojbckdrcka.html
Type
Worm
Aliases
Email-Worm.Win32.MyDoom.al
W32/Kipis.h@MM
W32/Kipis-H is a mass-mailing worm with some backdoor functionality.
W32/Kipis-H will also attempt to terminate various anti-virus and security related processes and open a backdoor on port TCP/1988.
http://www.sophos.com/virusinfo/analyses/w32kipish.html
Type
Spyware Trojan
Aliases
Trojan-Clicker.Win32.Agent.ac
Troj/Clicker-AC is a Trojan for the Windows platform.
The Trojan monitors internet sessions in Internet Explorer and can record and/or modify data transmission.
http://www.sophos.com/virusinfo/analyses/trojclickerac.html
Type
Worm
Aliases
W32.SillyP2p
P2P-Worm.Win32.Delf.ak
W32/Crutle-A is a peer-to-peer worm for the Windows platform.
When first run W32/Crutle-A copies itself to the Windows folder with the filename WinExec.exe.
W32/Crutle-A also creates a folder called "files" in the Windows folder, and places multiple copies of itself in this folder, and will configure Kazaa peer-to-peer software to share this folder.
http://www.sophos.com/virusinfo/analyses/w32crutlea.html
Type
Spyware Trojan
Troj/Feutel-BX is a backdoor Trojan for the Windows platform.
Troj/Feutel-BX connects to the internet and attempts to download configuration files from preconfigured sites. The Trojan installs a keylogging component and opens up a backdoor allowing unauthorized remote access to the infected computer.
http://www.sophos.com/virusinfo/analyses/trojfeutelbx.html
Type
Trojan
Troj/Puper-AM is a browser hijacking Trojan for the Windows platform.
http://www.sophos.com/virusinfo/analyses/trojpuperam.html
Type
Trojan
Troj/Dload-ACV is a Trojan that sits in the background on the computer and attempts to download and run a remote file every 30 seconds.
http://www.sophos.com/virusinfo/analyses/trojdloadacv.html
Type
Trojan
Troj/Multidr-FB is a Trojan that drops and executes more malware.
http://www.sophos.com/virusinfo/analyses/trojmultidrfb.html
Type
Trojan
Troj/Hazif-D is a password-stealing Trojan.
Troj/Hazif-D steals Yahoo! Messenger passwords. The Trojan may also act as a backdoor server, providing a command shell to a remote user.
Stolen information may be sent by email or to another Yahoo! Messenger id.
The Trojan may be configured to disable certain features of the operating system, including System Restore, Registry Editor and Task Manager.
A fake error message may be displayed.
Type Spyware Worm
Aliases WORM_SDBOT.***
W32/Sdbot-*** is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers, AOL Instant Messenger (AIM) and through various operating system vulnerabilities such as ASN.1 (MS04-007).
W32/Sdbot-*** connects to a predetermined IRC channel and awaits further commands from remote users.
http://www.sophos.com/virusinfo/analyses/w32sdbotdic.html
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic