Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - June 2, 2005

by Marianna Schmudlach / June 2, 2005 12:46 AM PDT

W32/Rbot-AEF
Summary

Aliases W32.Spybot.Worm


W32/Rbot-AEF is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AEF runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotaef.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - June 2, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - June 2, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-AEG
by Marianna Schmudlach / June 2, 2005 12:48 AM PDT

Type Worm

W32/Rbot-AEG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-AEG spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012) and MSSQL (MS02-039) (CAN-2002-0649) and by copying itself to network shares protected by weak passwords.
W32/Rbot-AEG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-AEG includes functionality to: steal confidential information, capture keystrokes, carry out DDoS flooder attacks and silently download, install and run new software.
The following patches for the operating system vulnerability exploited by W32/Rbot-AEG can be obtained from the Microsoft website:
LSASS (MS04-011) security vulnerability
RPC-DCOM (MS04-012) security vulnerability
MSSQL (MS02-039) (CAN-2002-0649) security vulnerability

http://www.sophos.com/virusinfo/analyses/w32rbotaeg.html

Collapse -
Troj/Banker-CZ
by Marianna Schmudlach / June 2, 2005 12:50 AM PDT

Aliases Trojan-Spy.Win32.Banker.ii
TSPY_BANCBAN.MA

Type Trojan

Troj/Banker-CZ is an internet banking Trojan.
Troj/Banker-CZ includes functionality to disable other applications, steal confidential information and capture keystrokes.

http://www.sophos.com/virusinfo/analyses/trojbankercz.html

Collapse -
Troj/Dloader-OE
by Marianna Schmudlach / June 2, 2005 12:52 AM PDT
Collapse -
Troj/Bdoor-IK
by Marianna Schmudlach / June 2, 2005 12:53 AM PDT

Aliases Backdoor.Win32.Agent.iw

Type Trojan

Troj/Bdoor-IK is a backdoor Trojan which allows a remote intruder to gain access and control over the computer via IRC channels.
Troj/Bdoor-IK includes functionality to allow a remote user to download and execute files.

http://www.sophos.com/virusinfo/analyses/trojbdoorik.html

Collapse -
W32/Mytob-M
by Marianna Schmudlach / June 2, 2005 3:43 AM PDT

Aliases Net-Worm.Win32.Mytob.bd
W32/Mydoom.gen@MM
Worm.Mytob.AS

Type Worm

W32/Mytob-M is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-M runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels, including the ability to download and execute files on the infected computer.
W32/Mytob-M can spread by sending itself as an email attachment to email addresses it harvests from the infected computer, either as an attachment with a double-extension or as a ZIP file containing a file with a double-extension. Emails sent by the worm have the following characteristics:

More: http://www.sophos.com/virusinfo/analyses/w32mytobm.html

Collapse -
Troj/CashGrab-C
by Marianna Schmudlach / June 2, 2005 11:51 AM PDT
Collapse -
WM97/Minceme-A
by Marianna Schmudlach / June 2, 2005 11:54 AM PDT

Aliases W97M_MINCER.B
VBS_MINCER.C

Type Virus

WM97/Minceme-A is a macro virus for Microsoft Word.
WM97/Minceme-A infects Word documents and template files.
WM97/Minceme-A may drop a file MINCER.EXE detected by Sophos Anti-Virus as W32/CIH-10xx.
When the file MINCER.EXE is dropped, the user is asked the following question:
"Who I love?"
If the user answers "MX" the file MINCER.EXE is uninstalled. Also, a message box is displayed containing the text "Hello,my friend!" and "SMART!".
If the user gives another answer the file MINCER.EXE is run and a message box is displayed containing the text "Bios OK?" and "Mincing DATA..." If the user takes any other action (for instance, rebooting the machine) the virus MINCER.EXE will be run automatically on startup.

http://www.sophos.com/virusinfo/analyses/wm97mincemea.html

Collapse -
Troj/LowZone-AF
by Marianna Schmudlach / June 2, 2005 11:56 AM PDT
Collapse -
W32/Rbot-AEH
by Marianna Schmudlach / June 2, 2005 11:57 AM PDT

Aliases Backdoor.Win32.SdBot.zi
W32/Sdbot.worm.gen.x
WORM_AGOBOT.APR

Type Worm

W32/Rbot-AEH is a member of the W32/Rbot family of network worms. The worm can spread via NetBIOS, to weakly protected network shares, to weakly protected Microsoft SQL servers, and to computers vulnerable to the RPC-DCOM and LSASS vulnerabilities. The following patches for the operating system vulnerabilities exploited by W32/Rbot-AEH can be obtained from the Microsoft website:
MS04-011
MS04-012
The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.
W32/Rbot-AEH can be instructed to:
Scan for remote computers to spread to
Act as an HTTP or FTP server
Terminate security software
Participate in distributed denial-of-service (DDoS) attacks
Create and delete network shares
Download and execute files

http://www.sophos.com/virusinfo/analyses/w32rbotaeh.html

Collapse -
Troj/PurScan-AA
by Marianna Schmudlach / June 2, 2005 11:59 AM PDT

Aliases Trojan-Downloader.Win32.Agent.dn
TSPY_AGENT.H
QLowZones-2

Type Trojan

Troj/PurScan-AA is a Trojan for the Windows platform.
The Trojan opens Internet Explorer and attempts to contact a remote site repeatedly. Troj/PurScan-AA alters internet security settings.


http://www.sophos.com/virusinfo/analyses/trojpurscanaa.html

Collapse -
W32/Rbot-AEM
by Marianna Schmudlach / June 2, 2005 12:01 PM PDT

Type Worm

W32/Rbot-AEM is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-AEM spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-AEM can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-AEM can be instructed by a remote user to perform various functions.

http://www.sophos.com/virusinfo/analyses/w32rbotaem.html

Collapse -
Troj/Lingosky-B
by Marianna Schmudlach / June 2, 2005 12:03 PM PDT
Collapse -
W32/Rbot-AEI
by Marianna Schmudlach / June 2, 2005 12:05 PM PDT

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.h
WORM_RBOT.BKU

Type Worm

W32/Rbot-AEI is a worm with IRC backdoor functionality for the Windows platform.
W32/Rbot-AEI runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Rbot-AEI is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command.
W32/Rbot-AEI may also spread by exploiting the following vulnerabilities for which patches can be obtained from the Microsoft website :
MS04-011
MS04-012
MS03-049
MS02-039

http://www.sophos.com/virusinfo/analyses/w32rbotaei.html

Collapse -
W32/Rbot-AEL
by Marianna Schmudlach / June 2, 2005 12:07 PM PDT

Type Worm

W32/Rbot-AEL is a worm with IRC backdoor functionality for the Windows platform.
W32/Rbot-AEL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W32/Rbot-AEL copies itself to <Windows system folder>\fufffy.exe.
W32/Rbot-AEL is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command.
W32/Rbot-AEL may also spread by exploiting the following vulnerabilities for which patches can be obtained from the Microsoft website :
MS04-011
MS04-012
MS03-007
MS02-039
MS01-059

http://www.sophos.com/virusinfo/analyses/w32rbotael.html

Collapse -
W32/Rbot-AEK
by Marianna Schmudlach / June 2, 2005 12:08 PM PDT

Type Worm

W32/Rbot-AEK is a worm with IRC backdoor functionality for the Windows platform.
W32/Rbot-AEK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W32/Rbot-AEK copies itself to <Windows system folder>\cmdzxdll.exe.
W32/Rbot-AEK is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command.
W32/Rbot-AEK may also spread by exploiting the following vulnerabilities for which patches can be obtained from the Microsoft website :
MS04-011
MS04-012
MS03-049
MS02-039

http://www.sophos.com/virusinfo/analyses/w32rbotaek.html

Collapse -
W32/Rbot-ADX
by Marianna Schmudlach / June 2, 2005 12:10 PM PDT

Aliases W32/Sdbot.EPB

Type Worm

W32/Rbot-ADX is a worm with IRC backdoor functionality for the Windows platform.
W32/Rbot-ADX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W32/Rbot-ADX copies itself to <Windows system folder>\msni32.exe.

http://www.sophos.com/virusinfo/analyses/w32rbotadx.html

Collapse -
Troj/Craften-A
by Marianna Schmudlach / June 2, 2005 12:11 PM PDT

Aliases Trojan.Win32.StartPage.xs

Type Trojan

Troj/Craften-A is a Trojan for the Windows platform.
Troj/Craften-A changes settings for Microsoft Internet Explorer, including Start Page and search settings.
Troj/Craften-A will attempt to prevent access to the MSN search website.
Troj/Craften-A may attempt to download and run a file.

http://www.sophos.com/virusinfo/analyses/trojcraftena.html

Collapse -
Troj/Chimo-C
by Marianna Schmudlach / June 2, 2005 12:14 PM PDT

Aliases Email-Worm.Win32.Bagz.j

Type Trojan

Troj/Chimo-C is a Trojan for the Windows platform.
The Trojan connects to a remote site to download configuration details. The Trojan then serves as an Email proxy, allowing remote attackers the ability to route arbitrary email anonymously through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojchimoc.html

Collapse -
Troj/Torpid-D
by Marianna Schmudlach / June 2, 2005 12:15 PM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.