Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - January 25, 2008

by Marianna Schmudlach / January 24, 2008 2:10 PM PST
Discussion is locked
You are posting a reply to: VIRUS ALERTS - January 25, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - January 25, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Zlob-AHU
by Marianna Schmudlach / January 24, 2008 2:12 PM PST
Collapse -
Troj/Keygen-BQ
by Marianna Schmudlach / January 24, 2008 2:14 PM PST
Collapse -
EasyBar Toolbar
by Marianna Schmudlach / January 24, 2008 2:15 PM PST
Collapse -
EasyBar Installer
by Marianna Schmudlach / January 24, 2008 2:17 PM PST
Collapse -
TROJ_MDROPPER.GL
by Marianna Schmudlach / January 24, 2008 2:22 PM PST

Description:
This Trojan arrives as attachment to email messages spammed by another malware or a malicious user. It may be downloaded from remote sites by other malware. It takes advantage of a certain vulnerability in Microsoft Excel wherein it could allow a remote code execution. More information on the said vulnerability is available in the following Web site:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMDROPPER%2EGL

Collapse -
W32/Xorer-B
by Marianna Schmudlach / January 25, 2008 12:07 AM PST
Collapse -
Troj/Dload-AV
by Marianna Schmudlach / January 25, 2008 12:08 AM PST
Collapse -
JS/Agent-GNN
by Marianna Schmudlach / January 25, 2008 12:10 AM PST
Collapse -
W32/Autorun-AV
by Marianna Schmudlach / January 25, 2008 12:11 AM PST
Collapse -
Troj/Keylog-JX
by Marianna Schmudlach / January 25, 2008 12:12 AM PST
Collapse -
W32/Sdbot-DJW
by Marianna Schmudlach / January 25, 2008 12:14 AM PST

Name W32/Sdbot-DJW
Type Worm

Affected operating systems Windows

Side effects Allows others to access the computer
Installs itself in the Registry

Aliases W32/Sdbot.worm!MS06-040
Win32/Rbot trojan
Trojan.Win32.Pakes.df

Protection available since 25 January 2008

http://www.sophos.com/security/analyses/w32sdbotdjw.html

Collapse -
W32/AutoRun-AW
by Marianna Schmudlach / January 25, 2008 12:15 AM PST
Collapse -
Nuri Toolbar Downloader
by Marianna Schmudlach / January 25, 2008 12:16 AM PST
Collapse -
LinkComp ActiveX Control
by Marianna Schmudlach / January 25, 2008 12:17 AM PST
Collapse -
Troj/Agent-GNP
by Marianna Schmudlach / January 25, 2008 12:19 AM PST
Collapse -
W32/Bagle-TG
by Marianna Schmudlach / January 25, 2008 12:20 AM PST
Collapse -
Troj/Agent-GNO
by Marianna Schmudlach / January 25, 2008 12:21 AM PST
Collapse -
Bloodhound.Bancos.1
by Marianna Schmudlach / January 25, 2008 1:36 AM PST
Collapse -
Panda Security's weekly report on viruses and intruders
by Marianna Schmudlach / January 25, 2008 1:56 AM PST

Virus Alerts, by Panda Security (http://www.pandasecurity.com)

Madrid, January 25, 2008 - According to data gathered at the Infected or Not website (http://www.infectedornot.com) this week, 22.86% of protected computers were infected by some type of malware.

"Traditional security solutions installed on computers are no longer enough to combat the increasing number of malware samples that appear every day. They must be complemented with online solutions, like NanoScan or TotalScan, as proposed by the new security model from Panda. These online tools have access to a larger knowledge base and can therefore detect more malware", explains Luis Corrons, Technical Director of PandaLabs.

As for the most harmful codes this week, the list is headed by the Virtumonde spyware. Virtumonde has been designed to log keystrokes entered by users while they surf the Web and sporadically display adverts.

The list is completed by adware (NaviPromo, VideoAddon, etc.), designed to show ads to users through banners, pop-ups, etc.

TotalScan Top 10:

1 Spyware/Virtumonde
2 Adware/NaviPromo
3 Adware/VideoAddon
4 Adware/SaveNow
5 Adware/Lop
6 Adware/Comet
7 W32/Bagle.HX.worm
8 Adware/Gator
9 Adware/OneStep
10 Adware/AdRotator

"Many unscrupulous companies pay the creators of these malicious codes for advertising. This way, cyber-crooks profit financially from their infections", says Corrons.

This week's PandaLabs report also includes information about two new Trojans: Asprox.A and Romeo.C.

Asprox.A is designed to open a port on the infected computer and turn it into a proxy server. This could allow cyber-crooks to perform malicious actions (bank transfers with money coming from scams, send spam, etc.) from the infected user's computer using its IP address.

"This way, if the illegal action is detected and the authorities start looking for those responsible, the evidence will point to the infected user, whereas it will be very difficult to find the real culprit", says Corrons.

Romeo.C is installed on computers disguised as a Windows folder. This code has been designed to create or modify several keys in the Windows Registry, which allows it to perform malicious actions such as disable the system restore feature, hide the "Start" menu "Run" option, or hide file extensions.

Finally, every time the user starts up the computer, the Trojan will display the following text: "Su PC esta infestada por un virus de ultima generaci

Collapse -
Troj/Ovdoz-B
by Marianna Schmudlach / January 25, 2008 7:00 AM PST
Collapse -
Troj/Agent-GNR
by Marianna Schmudlach / January 25, 2008 7:02 AM PST
Collapse -
Troj/Agent-GNQ
by Marianna Schmudlach / January 25, 2008 7:03 AM PST
Collapse -
Troj/Dloadr-BIA
by Marianna Schmudlach / January 25, 2008 7:04 AM PST
Collapse -
Troj/Dloadr-BHZ
by Marianna Schmudlach / January 25, 2008 7:06 AM PST
Collapse -
Troj/Zlob-AHV
by Marianna Schmudlach / January 25, 2008 7:07 AM PST
Collapse -
WORM_AGENT.TBH
by Marianna Schmudlach / January 25, 2008 7:15 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.