Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - March 23, 2007

by Marianna Schmudlach / March 22, 2007 3:00 PM PDT
Discussion is locked
You are posting a reply to: VIRUS ALERTS - March 23, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - March 23, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Walla-B
by Marianna Schmudlach / March 22, 2007 3:01 PM PDT
Collapse -
Troj/Psyme-EB
by Marianna Schmudlach / March 22, 2007 3:03 PM PDT
Collapse -
W32/Rbot-GJZ
by Marianna Schmudlach / March 22, 2007 3:04 PM PDT
Collapse -
W32/Chode-AA
by Marianna Schmudlach / March 22, 2007 3:06 PM PDT
Collapse -
Troj/Bifrose-TU
by Marianna Schmudlach / March 22, 2007 3:07 PM PDT
Collapse -
Win32/Lightmoon.M
by Marianna Schmudlach / March 22, 2007 3:37 PM PDT

Type: Worm
Category: Win32
Also known as W32.Lunalight@mm (Symantec), Email-Worm.Win32.VB.co (Kaspersky)


Win32/Lightmoon.M is a worm that spreads via email and network shares. It makes trivial changes to its PE header as it replicates in order to evade detection methods such as MD5 matching.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=61987

Collapse -
MultiDropper-RL
by Marianna Schmudlach / March 22, 2007 3:39 PM PDT
Collapse -
Troj/Agent-EFO
by Marianna Schmudlach / March 23, 2007 12:31 AM PDT
Collapse -
Troj/Banker-ECL
by Marianna Schmudlach / March 23, 2007 12:32 AM PDT
Collapse -
Troj/Dloadr-AVR
by Marianna Schmudlach / March 23, 2007 12:34 AM PDT
Collapse -
Troj/DwnLdr-GSO
by Marianna Schmudlach / March 23, 2007 12:35 AM PDT
Collapse -
Nurech on the Run Again.
by Marianna Schmudlach / March 23, 2007 1:02 AM PDT

It seems that the gang is monitoring the success of their trojan. As soon as the antivirus industry caught up with the first downloaded malware (Trojan-Spy.Win32.BZub.IJ), they changed it to another one. We detect the current downloaded file as Trojan-Spy:W32/BZub.IK.

The downloader itself (Trojan-Downloader:W32/Small.EJK) has been detected since morning with update 2007-03-23_02, detection of all known files thus far in 2007-03-23_03.

Here's an example of the spammed message:

http://www.f-secure.com/weblog/

Collapse -
W32.Huegone@mm
by Marianna Schmudlach / March 23, 2007 1:05 AM PDT
Collapse -
W32/HLLP.Philis.ik
by Marianna Schmudlach / March 23, 2007 1:06 AM PDT

Description:
W32/HLLP.Philis.ik is a file infecting virus. It searches for executable files on the infected machine to prepend its viral code. It is also responsible for dropping a dll file, which downloads password stealing trojans from various websites.

http://vil.nai.com/vil/content/v_141801.htm

Collapse -
W32/HLLP.Philis.il
by Marianna Schmudlach / March 23, 2007 1:08 AM PDT

Description:
W32/HLLP.Philis.il is a file infecting virus. It searches for executable files on the infected machine to prepend its viral code. It is also responsible for dropping a dll file, which downloads password stealing trojans from various websites.

http://vil.nai.com/vil/content/v_141802.htm

Collapse -
Trojan-Downloader:W32/Small.EJK
by Marianna Schmudlach / March 23, 2007 1:10 AM PDT
Collapse -
W32/VB-DOS
by Marianna Schmudlach / March 23, 2007 1:37 AM PDT

Type Worm

Aliases W32/Backdoor.AFPP
Generic BackDoor.k
Backdoor.Win32.VB.azk

W32/VB-DOS is a worm for the Windows platform which allows unauthorised remote access to the computer.

W32/VB-DOS includes functionality to access the internet and communicate with a remote server via HTTP.

Protection available since 23 March 2007

http://www.sophos.com/security/analyses/w32vbdos.html

Collapse -
Troj/Lololo-A
by Marianna Schmudlach / March 23, 2007 1:38 AM PDT
Collapse -
Troj/Dialer-DZ
by Marianna Schmudlach / March 23, 2007 1:40 AM PDT
Collapse -
W32/Looked-CR
by Marianna Schmudlach / March 23, 2007 1:42 AM PDT

Type Virus

Aliases W32/PWStealer.gen1
Trojan-PSW.Win32.Nilage.bcq

W32/Looked-CR is a prepending virus for the Windows platform.

W32/Looked-CR spreads to other network computers infecting executables.

W32/Looked-CR includes functionality to access the internet and communicate with a remote server via HTTP.

Protection available since 23 March 2007

http://www.sophos.com/security/analyses/w32lookedcr.html

Collapse -
W32/Silov-A
by Marianna Schmudlach / March 23, 2007 7:25 AM PDT
Collapse -
W32/Sohana-P
by Marianna Schmudlach / March 23, 2007 7:27 AM PDT

Type Worm

Aliases Win32/Sohanad.AE worm
WORM_SOHANAD.AA
IM-Worm.Win32.Sohanad.ae

W32/Sohana-P is a network worm for the Windows platform.

W32/Sohana-P spreads through instant messaging applications and network shares.

Protection available since 23 March 2007

http://www.sophos.com/security/analyses/w32sohanap.html

Collapse -
W32/KillAV-DO
by Marianna Schmudlach / March 23, 2007 7:30 AM PDT
Collapse -
Troj/Agent-EJR
by Marianna Schmudlach / March 23, 2007 7:32 AM PDT
Collapse -
Troj/Agent-EJS
by Marianna Schmudlach / March 23, 2007 7:33 AM PDT
Collapse -
W32/Spybot-NN
by Marianna Schmudlach / March 23, 2007 7:36 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!