Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - January 23, 2008

by Marianna Schmudlach / January 22, 2008 1:41 PM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - January 23, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - January 23, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Clickr-D
by Marianna Schmudlach / January 22, 2008 1:43 PM PST
Collapse -
Mal/Dorf-K
by Marianna Schmudlach / January 22, 2008 1:44 PM PST
Collapse -
W32/Backzat-D
by Marianna Schmudlach / January 22, 2008 1:45 PM PST

Name W32/Backzat-D
Type Worm

How it spreads Network shares
Peer-to-peer

Affected operating systems Windows

Side effects Turns off anti-virus applications
Installs itself in the Registry

Protection available since 23 January 2008

http://www.sophos.com/security/analyses/w32backzatd.html

Collapse -
Troj/Dloadr-BHT
by Marianna Schmudlach / January 22, 2008 1:46 PM PST
Collapse -
Troj/Agent-GND
by Marianna Schmudlach / January 22, 2008 1:48 PM PST
Collapse -
Troj/Renos-AO
by Marianna Schmudlach / January 22, 2008 1:49 PM PST
Collapse -
Troj/Dloadr-BHU
by Marianna Schmudlach / January 22, 2008 11:25 PM PST
Collapse -
Mal/Dorf-K
by Marianna Schmudlach / January 22, 2008 11:26 PM PST
Collapse -
VBS/Autorun-AU
by Marianna Schmudlach / January 22, 2008 11:28 PM PST
Collapse -
Troj/Agent-GNE
by Marianna Schmudlach / January 22, 2008 11:29 PM PST
Collapse -
Troj/Dropper-TA
by Marianna Schmudlach / January 22, 2008 11:30 PM PST
Collapse -
ComClean
by Marianna Schmudlach / January 22, 2008 11:31 PM PST
Collapse -
Troj/Dloadr-BFY
by Marianna Schmudlach / January 22, 2008 11:33 PM PST
Collapse -
Troj/Agent-GNH
by Marianna Schmudlach / January 22, 2008 11:34 PM PST
Collapse -
Troj/Zlob-AHR
by Marianna Schmudlach / January 22, 2008 11:35 PM PST
Collapse -
Troj/BHO-EM
by Marianna Schmudlach / January 22, 2008 11:36 PM PST
Collapse -
Troj/Agent-GNG
by Marianna Schmudlach / January 22, 2008 11:37 PM PST
Collapse -
Avert Labs Low-Profiled Threat Notice: SymbOS/Beselo
by Marianna Schmudlach / January 22, 2008 11:39 PM PST
Collapse -
Compromised Sites ?Heath? It Up
by Marianna Schmudlach / January 23, 2008 12:01 AM PST

January 23rd, 2008 by Bernadette Irinco
No sooner had the world learned of the untimely death of actor Heath Ledger (Brokeback Mountain) than malware authors started using the late actor?s name as a social engineering ploy. Within hours of these reports, Research Project Manager Ivan Macalintal discovered a couple of malicious URLs that turn up when users key in the search terms ?heath? and ?ledger?:

However, the user doesn?t even get to see this, as this page automatically redirects to another site. This site requires the user to download a ?new version of ActiveX Object.? As expected, this is just the beginning of a series of redirections that end in the download of different malicious files (like TROJ_RENOS.LZ in one infection chain, and WORM_NUCRP.GEN in another).

More: http://blog.trendmicro.com/

Collapse -
Trojan-Downloader:W32/Small.HSG
by Marianna Schmudlach / January 23, 2008 12:04 AM PST

First Report: 2008-01-23

Type: Trojan-Downloader
Category: Malware

Summary
Trojan-Downloader:W32/Small.HSG downloads and runs a file that is detected as Trojan-Downloader.Win32.Agent.HQL.

This normally arrives as a dropped file by other malware or is downloaded unsuspectingly by the user from a malicious website.

http://www.f-secure.com/v-descs/trojan-downloader_w32_small_hsg.shtml

Collapse -
WORM_IMBOT.AC
by Marianna Schmudlach / January 23, 2008 12:08 AM PST

First Report: 2008-01-23

Malware type: Worm

This memory-resident worm may be dropped by other malware or downloaded unknowingly by a user when visiting malicious Web sites.

It propagates via the popular instant messaging application, MSN Messenger. It does this by sending a message and a .ZIP file that contains a copy of itself to target contacts.

The message it sends may be any of the following:

? Did you see this picture, it's hilarious!!!!!
? Have I shown you this new picture of my cat Happy
? Hey, check out this great photo from my trip to England

This worm also has backdoor capabilities. It connects to random TCP ports and executes the commands from a remote malicious user. It also terminates certain processes, if found running in memory.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FIMBOT%2EAC

Collapse -
SymbOS/Anitgru.A
by Marianna Schmudlach / January 23, 2008 12:10 AM PST
Collapse -
Drive-by download menace spreading fast
by Marianna Schmudlach / January 23, 2008 12:48 AM PST

Marks host malware

By John Leyden

Published Wednesday 23rd January 2008

Booby-trapped web pages are growing at an alarming rate with unsuspecting firms acting for nurseries for botnet farmers, according to a new study.

Security watchers at Sophos are discovering 6,000 new infected webpages every day, the equivalent of one every 14 seconds. Four in five (83 per cent) of these webpages actually belong to innocent companies and individuals, unaware that their sites have been hacked. Websites of all types, from those of antique dealers to ice cream manufacturers and wedding photographers, have hosted malware on behalf of virus writers, Sophos reports.

More: http://www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

Collapse -
W32/Traxg-N
by Marianna Schmudlach / January 23, 2008 5:05 AM PST
Collapse -
Troj/Dropper-TG
by Marianna Schmudlach / January 23, 2008 5:06 AM PST
Collapse -
Troj/Dload-AT
by Marianna Schmudlach / January 23, 2008 5:09 AM PST
Collapse -
Troj/Rootkit-BU
by Marianna Schmudlach / January 23, 2008 5:11 AM PST
Collapse -
Mal/Zlob-H
by Marianna Schmudlach / January 23, 2008 5:12 AM PST
Collapse -
Troj/Bckdr-QLA
by Marianna Schmudlach / January 23, 2008 5:13 AM PST
Collapse -
Mal/DelpDldr-F
by Marianna Schmudlach / January 23, 2008 5:14 AM PST

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!