Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - July 5, 2005

W32/Mytob-DB
Summary

Aliases Net-Worm.Win32.Mytob.bi
W32.Mytob.GB@mm
WORM_MYTOB.HI

Type Worm

W32/Mytob-DB is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-DB can spread by sending itself as an email attachment to email addresses it harvests from the infected computer, either as an attachment with a double-extension or as a zip file containing a file with a double-extension. W32/Mytob-DB avoids sending emails to addresses containing certain strings in them.
W32/Mytob-DB processes the emails it has harvested by splitting them into name and domain. Once it has sent itself to the emails it has harvested, it uses a predefined list of names with the harvested domains. W32/Mytob-DB spoofs the sender, sending emails as if from one of the following at the same domain as the recipient:
support
administrator
mail
service
admin
info
register
webmaster
For example if sending itself to name@example.com, W32/Mytob-DB might send the email as if from admin@example.com.
Emails sent by the worm have characteristics from the following:

MORE; http://www.sophos.com/virusinfo/analyses/w32mytobdb.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - July 5, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - July 5, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/LegMir-AK

In reply to: VIRUS ALERTS - July 5, 2005

Collapse -
Troj/Doomed-A

In reply to: VIRUS ALERTS - July 5, 2005

Aliases SYMBOS_DOOMED.A

Type Trojan

Troj/Doomed-A is a Trojan designed to run on mobile phone devices running the Symbian operating system.
Troj/Doomed-A installs the worm Symb/Comwar-B. The Trojan also installs corrupt DLL files that may prevent the phone from running when it is rebooted.
The Trojan may arrive as a Symbian installation system file called 'Doom_2_wad_cracked_by_DFT_S60_v1.0.sis'.

http://www.sophos.com/virusinfo/analyses/trojdoomeda.html

Collapse -
Troj/HacDef-U

In reply to: VIRUS ALERTS - July 5, 2005

Aliases Backdoor.Win32.HacDef.084
HackerDefender

Type Trojan

Troj/HacDef-U is a backdoor Trojan for the Windows platform.
As well as allowing remote attackers unauthorized access to the infected computer, the Trojan is able to hide its presence by hijacking operating system calls and preventing the user from viewing files, folders, processes, services, registry entries and/or network connections.

http://www.sophos.com/virusinfo/analyses/trojhacdefu.html

Collapse -
Troj/Vidlo-Q

In reply to: VIRUS ALERTS - July 5, 2005

Aliases Trojan-Downloader.Win32.Vidlo.q
Downloader-ACS

Type Trojan

Troj/Vidlo-Q is a Trojan for the Windows platform that downloads the files hhtz.exe and 100.exe from predefined websites. These file are currently detected by Sophos's anti-virus products as Troj/Dumaru-I.
Troj/Vidlo-Q may arrive embedded with the filename Rechnung.pdf.exe in a spammed message with the following characteristics:
Subject line: "Rechnung"
Message body: "Guten Tag,
die Gesamtsumme f

Collapse -
W32/Sdbot-AAB

In reply to: VIRUS ALERTS - July 5, 2005

Aliases Trojan.Win32.Crypt.d

Type Worm

W32/Sdbot-AAB is a worm with backdoor Trojan functionality.
W32/Sdbot-AAB runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access to and control over the computer via IRC channels.
W32/Sdbot-AAB will attempt to spread to unprotected network shares.

http://www.sophos.com/virusinfo/analyses/w32sdbotaab.html

Collapse -
W32/Rbot-AHC

In reply to: VIRUS ALERTS - July 5, 2005

Aliases Trojan.Win32.Crypt.d

Type Worm

W32/Rbot-AHC is a worm with backdoor Trojan functionality.
W32/Rbot-AHC runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access to and control over the computer via IRC channels.
W32/Rbot-AHC will attempt to spread to network shares protected by weak passwords and through a number of software vulnerabilities.

http://www.sophos.com/virusinfo/analyses/w32rbotahc.html

Collapse -
Troj/Banker-UO

In reply to: VIRUS ALERTS - July 5, 2005

Collapse -
Troj/Dloader-PT

In reply to: VIRUS ALERTS - July 5, 2005

Collapse -
Troj/Bancban-DO

In reply to: VIRUS ALERTS - July 5, 2005

Type Trojan

Troj/Bancban-DO is a Trojan for the Windows platform.
The Trojan monitors Internet Explorer sessions for visits to certain banking sites. The Trojan logs keypresses and sends stolen information to a remote user via email or through FTP.

http://www.sophos.com/virusinfo/analyses/trojbancbando.html

Collapse -
W32/Sdbot-AAD

In reply to: VIRUS ALERTS - July 5, 2005

Aliases P2P-Worm.Win32.SpyBot.fq
W32/Sdbot.worm.gen.y
W32.Spybot.Worm
WORM_SPYBOT.YZ

Type Worm

W32/Sdbot-AAD is a network worm with backdoor functionality for the Windows platform.
W32/Sdbot-AAD spreads to remote network shares protected by weak passwords and to computers already infected with the following Trojan backdoors: Troj/Kuang, Troj/Sub7, Troj/NetDevil and W32/MyDoom.
W32/Sdbot-AAD allows remote access to and control of the infected computer. The worm connects to a preconfigured IRC server and awaits commands from a remote attacker.

http://www.sophos.com/virusinfo/analyses/w32sdbotaad.html

Collapse -
Troj/Delf-KR

In reply to: VIRUS ALERTS - July 5, 2005

Type Trojan

Troj/Delf-KR is a Trojan for the Windows platform.
Troj/Delf-KR includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Delf-KR copies itself to \DriverLoad\svchost.exe.


http://www.sophos.com/virusinfo/analyses/trojdelfkr.html

Collapse -
W32/Mytob-DC

In reply to: VIRUS ALERTS - July 5, 2005

Aliases Net-Worm.Win32.Mytob.t
W32/Mytob.gen@MM
W32.Mytob.AH@mm
WORM_MYTOB.GG

Type Worm

W32/Mytob-DC is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-DC runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-DC spreads by exploiting computers vulnerable to the LSASS (MS04-011) exploit and by sending itself as an email attachment. Emails sent by the worm have the following characteristics:
Subject:
Error
Status
Server Report
Mail Transaction Failed
Mail Delivery System
hello
Good day
Body:
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The original message was included as an attachment.
Here are your banks documents.
Attachment filenames:
body
message
test
data
file
text
readme
document

http://www.sophos.com/virusinfo/analyses/w32mytobdc.html

Collapse -
Troj/Feutel-K

In reply to: VIRUS ALERTS - July 5, 2005

Collapse -
Troj/Minidr-A

In reply to: VIRUS ALERTS - July 5, 2005

Aliases Trojan-Downloader.Win32.Small.ait

Type Trojan

Troj/Minidr-A is a Trojan for the Windows platform.
The Trojan drops a file to the current user's temporary folder and then runs it. The Trojan then deletes itself after running the dropped file.

http://www.sophos.com/virusinfo/analyses/trojminidra.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.