VIRUS ALERTS - January 8, 2006

Type
Trojan

Troj/ServU-BW is a hacked version of a commercial FTP application.

http://www.sophos.com/virusinfo/analyses/trojservubw.html

Type
Trojan

Aliases
Trojan-Downloader.Win32.Ani.e
Exploit-ANIfile
Bloodhound.Exploit.20

Troj/Animoo-D is downloader Trojan that relies on exploiting a vulnerability in the handling of Windows animated cursor (.ANI) files found in Microsoft's USER32.dll.

For more information on the animated cursor vulnerability used by Troj/Animoo-D please refer to Microsoft security bulletin
http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx


http://www.sophos.com/virusinfo/analyses/trojanimood.html

Type
Trojan

Aliases
SpamTool.Win32.Mailbot.b
Proxy-Xmaib
Hacktool.Rootkit

Troj/RKFile-A is a Trojan rootkit for the Windows platform.

Troj/RKFile-A attempts to hide information about certain files and registry entries as passed to it by another program, providing stealthing by directly manipulating structures in the system kernel.

http://www.sophos.com/virusinfo/analyses/trojrkfilea.html

Type
Trojan

Troj/Masot-B is a configurable backdoor Trojan.

The Trojan runs a web server on the infected system which provides access to a remote attacker. Backdoor functionality includes being able to steal files, capture screen images and list and terminate processes. The Trojan may also disable the Windows firewall.

Troj/Masot-B may be configured to display a fake error message when first run.

Troj/Masot-B may send reports to a remote user by email.

http://www.sophos.com/virusinfo/analyses/trojmasotb.html

Type
Trojan

Aliases
Backdoor.Win32.Small.gs

Troj/RemShell-B is a backdoor Trojan that allows a remote intruder to access a shell on the affected computer.

http://www.sophos.com/virusinfo/analyses/trojremshellb.html

Type
Trojan

Troj/Mdrop-IZ is a multi-dropper Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojmdropiz.html

Type
Trojan

Aliases
Trojan.Win32.VB.aem

Troj/Dumahm-A is a Trojan for the Windows platform.

Troj/Dumahm-A attempts to run the file mirc.exe in the same folder as itself.

http://www.sophos.com/virusinfo/analyses/trojdumahma.html

Type
Trojan

Troj/VBbot-R is a DDOS Trojan for the Windows platform.

The Trojan connects to a remote IRC server, joins a specific channel and awaits denial-of-service instructions.

Additionally the Trojan will attempt to update itself from a remote website.

http://www.sophos.com/virusinfo/analyses/trojvbbotr.html

Type Worm

Aliases Backdoor.Win32.Rbot.amr
W32/Sdbot.worm.gen.h

W32/Rbot-BJH is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BJH spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007).
W32/Rbot-BJH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotbjh.html

Type Worm

Aliases Backdoor.Win32.SdBot.gen
Trojan-Proxy.Win32.Ranky.gen
Proxy-FBSR.gen

W32/Sdranck-X is a multi-component network worm.
W32/Sdranck-X uses a dropped file detected as W32/Sdbot-Fam to spread W32/Sdranck-X to network shares with weak passwords.

http://www.sophos.com/virusinfo/analyses/w32sdranckx.html

Type Trojan

Troj/Ifradv-A is a Trojan for the Windows platform.
Troj/Ifradv-A attempts to access a malicious remote php script using an iframe. The script is currently unavailable.

http://www.sophos.com/virusinfo/analyses/trojifradva.html

Type Trojan

Aliases Trojan-Downloader.Win32.VB.ur

Troj/Vixup-AE is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojvixupae.html

Type Trojan

Aliases Trojan-Downloader.Win32.Banload.qn

Troj/SmDown-D is a Trojan for the Windows platform.
Troj/SmDown-D includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojsmdownd.html

Type Trojan

Aliases Trojan-Spy.Win32.Luzia.m

Troj/Certif-P is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojcertifp.html

Type Trojan

Aliases Trojan-Spy.Win32.Agent.s

Troj/SkledKit-A is a Trojan for the Windows platform.
The Trojan generates keyloggging Trojan executable files (detected by Sophos's anti-virus products as Troj/Skled-A).

http://www.sophos.com/virusinfo/analyses/trojskledkita.html

Type Spyware Trojan

Troj/Skled-A is a keylogging Trojan for the Windows platform.
The Trojan logs keypresses typed in windows with predefined titles. Stolen data is sent to a remote attacker via email.

http://www.sophos.com/virusinfo/analyses/trojskleda.html

Type Trojan

Aliases Trojan-Downloader.Win32.Zlob.dv

Troj/Zlob-DV is a Trojan for the Windows platform.

http://www.sophos.com/virusinfo/analyses/trojzlobdv.html

Type Trojan

Aliases Trojan-Downloader.Win32.Zlob.ee

Troj/Zlob-EE is a Trojan for the Windows platform.
Troj/Zlob-EE includes functionality to access and download code from the
Internet.

http://www.sophos.com/virusinfo/analyses/trojzlobee.html

Type Trojan

Aliases Trojan-Proxy.Win32.Ranky.bu

Troj/Ranck-DU is a Trojan for the Windows platform.
The Trojan allows remote attackers the ability to route HTTP traffic through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojranckdu.html

Type Trojan

Aliases Trojan-Spy.Win32.Banker.ahy

Troj/Banker-TN is a Trojan for the Windows platform.
Troj/Banker-TN includes functionality to send notification messages to remote locations

http://www.sophos.com/virusinfo/analyses/trojbankertn.html

Type Trojan

Aliases Trojan-Downloader.Win32.VB.ji

Troj/DownLdr-QX is a Trojan for the Windows platform.
Troj/DownLdr-QX includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojdownldrqx.html

Type Trojan

Aliases Trojan-Downloader.Win32.Banload.ks

Troj/Banload-HP is a Trojan for the Windows platform.
Troj/Banload-HP includes functionality to download, install and run new software.

http://www.sophos.com/virusinfo/analyses/trojbanloadhp.html

Type Trojan

Aliases Trojan-Downloader.Win32.Banload.qw

Troj/Banload-QW is a Trojan for the Windows platform.
Troj/Banload-QW includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojbanloadqw.html

Type Trojan

Aliases Trojan-Downloader.Win32.Banload.cr

Troj/Banload-HQ is a Trojan for the Windows platform.
Troj/Banload-HQ includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojbanloadhq.html

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Bancos.u
trojan

Troj/Banker-TV is a Trojan for the Windows platform.
The Trojan steals login credentials entered into certain banking web sites.

http://www.sophos.com/virusinfo/analyses/trojbankertv.html

Type Trojan

Aliases Backdoor.Win32.BlueEye.10b
BackDoor-CHJ.cli
BKDR_BLUEEYE.10

Troj/BluEye-E is a backdoor generator toolkit. The Trojan is capable of recording keystrokes and opening a backdoor to allow access to the file server on the victim's computer. The keystrokes will be saved in a log file which the intruder can access via the backdoor.

http://www.sophos.com/virusinfo/analyses/trojblueyee.html

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.ahy

Troj/Banker-TY is a Trojan for the Windows platform.
The Trojan monitors internet sessions and captures keypresses entered into web forms on certain banking web sites. Stolen credentials are sent to a remote attacker via email.

http://www.sophos.com/virusinfo/analyses/trojbankerty.html