Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - May 25, 2007

by Marianna Schmudlach / May 24, 2007 12:09 PM PDT

Troj/Nofere-I

Type Trojan

Aliases Trojan-PSW.Win32.Nilage.bei
Win32/TrojanDownloader.Agent.NIG


Troj/Nofere-I is a Trojan for the Windows platform.

Troj/Nofere-I includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/Nofere-I may download and execute files from remote locations, delete registry entries and kill specified processes.

Protection available since 25 May 2007

http://www.sophos.com/security/analyses/trojnoferei.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - May 25, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - May 25, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Troj/Lineag-ANH
by Marianna Schmudlach / May 24, 2007 12:11 PM PDT
Collapse -
Troj/Yar-A
by Marianna Schmudlach / May 24, 2007 3:28 PM PDT
Collapse -
Troj/Everda-D
by Marianna Schmudlach / May 24, 2007 3:30 PM PDT
Collapse -
Cross-Platform OpenOffice Virus Proof of Concept (Badbunny)
by Marianna Schmudlach / May 24, 2007 3:36 PM PDT

Published: 2007-05-24,
Last Updated: 2007-05-24 20:08:18 UTC
by John Bambenek (Version: 1)
A virus writer sent a proof-of-concept virus called BadBunny to Sophos that uses vulnerabilities in OpenOffice to infect Windows, Linux and Mac OS X. Depending on the host operating system, the virus will perform different actions to infect the target machine. In this case, it downloads a lewd image of a scantily clad woman and a dude in a big ol' bunny suit. It's not the first or last attempt at such cross-platform virus writing (or the inclusion of bizarre graphics in malware) but the limitation of seeing much of this cross-platform work lies in the fact that few applications are widely deployed and run on multiple operating systems. Few people use OpenOffice (in comparison to MS Office) to make it worth the while of a would-be attacker looking for anything other than bragging rights. However, viruses are possible for a variety of operating systems (yes, including Mac OS X) and the day may come when those users will have to be just as vigilant as those on Windows.

http://isc.sans.org/

Collapse -
Troj/Moka-A
by Marianna Schmudlach / May 24, 2007 11:52 PM PDT
Collapse -
Troj/Dloadr-AYQ
by Marianna Schmudlach / May 24, 2007 11:53 PM PDT
Collapse -
Troj/NTRootK-BS
by Marianna Schmudlach / May 24, 2007 11:55 PM PDT
Collapse -
Troj/NTRootK-BT
by Marianna Schmudlach / May 25, 2007 12:00 AM PDT
Collapse -
Troj/Agent-FPL
by Marianna Schmudlach / May 25, 2007 12:01 AM PDT
Collapse -
Troj/Agent-FPM
by Marianna Schmudlach / May 25, 2007 12:02 AM PDT
Collapse -
Troj/Protux-F
by Marianna Schmudlach / May 25, 2007 12:04 AM PDT
Collapse -
Troj/NTRootK-BR
by Marianna Schmudlach / May 25, 2007 12:05 AM PDT
Collapse -
Troj/Dropper-OW
by Marianna Schmudlach / May 25, 2007 12:10 AM PDT
Collapse -
Troj/PSW-DV
by Marianna Schmudlach / May 25, 2007 12:11 AM PDT
Collapse -
Troj/DwnLdr-GVB
by Marianna Schmudlach / May 25, 2007 12:12 AM PDT
Collapse -
W32/Looked-DG
by Marianna Schmudlach / May 25, 2007 12:14 AM PDT
Collapse -
Troj/Psyme-EM
by Marianna Schmudlach / May 25, 2007 12:16 AM PDT

Type Trojan

Troj/Psyme-EM is a Trojan for the Windows platform.

Troj/Psyme-EM attempts to exploit the XMLHTTP and ADODB Stream vulnerability associated with Microsoft Internet Explorer to download a file from a remote website.


Protection available since 25 May 2007

http://www.sophos.com/security/analyses/trojpsymeem.html

Collapse -
Keylog-Dta
by Marianna Schmudlach / May 25, 2007 12:21 AM PDT

Type Trojan
SubType Keylogger

Overview -
This trojan is designed to logs every keystroke and stores the gathered information in temporary files.
It is a component of the BackDoor-CWW trojan.

Aliases
Trojan-Spy.Win32.KeyLogger.lp (Kaspersky)

http://vil.nai.com/vil/content/v_142311.htm

Collapse -
W32.Sachy.A
by Marianna Schmudlach / May 25, 2007 12:24 AM PDT
Collapse -
W32.Lecivio
by Marianna Schmudlach / May 25, 2007 12:26 AM PDT
Collapse -
Getting Hitched with PE_DARKSNOW
by Marianna Schmudlach / May 25, 2007 12:28 AM PDT

May 25th, 2007 by Miray Lozada
Hard-to-detect PE_VIRUT variants, with their entry point obscuring (EPO) techniques, created quite a buzz last April. Before PE_VIRUT stole the scene, however, there was another file infector that may not have made as much noise as PE_VIRUT, but had an infection routine that can rival Virut?s in its complexity. Detected in the wild last February, PE_DARKSNOW employs old, new, and borrowed tactics enough to keep threat analysts on their toes. Read more about this file infector here.

http://blog.trendmicro.com/

Collapse -
BackDoor-AWQ!D12D19B7
by Marianna Schmudlach / May 25, 2007 1:40 AM PDT

Type Trojan

SubType Remote Access

BackDoor-AWQ!D12D19B7 is a multi part backdoor trojan.

It attempts to hook itself into the system by dropping autorun.inf files into the root of the systems hard drives.

It also disables several tools the system admin would use to recover from the infection.

It redirects the Com+ system to the backdoor component.

http://vil.nai.com/vil/content/v_142325.htm#threat-type

Collapse -
Bloodhound.Packed.29
by Marianna Schmudlach / May 25, 2007 5:46 AM PDT
Collapse -
Troj/Dloadr-BAA
by Marianna Schmudlach / May 25, 2007 5:51 AM PDT
Collapse -
Troj/Ciadoor-DX
by Marianna Schmudlach / May 25, 2007 5:55 AM PDT
Collapse -
Troj/PWS-ANE
by Marianna Schmudlach / May 25, 2007 5:58 AM PDT
Collapse -
Troj/Flood-IG
by Marianna Schmudlach / May 25, 2007 6:00 AM PDT
Collapse -
W32/SillyFD-AF
by Marianna Schmudlach / May 25, 2007 6:04 AM PDT
Collapse -
Troj/Dloadr-AYR
by Marianna Schmudlach / May 25, 2007 6:06 AM PDT
Collapse -
Downloader-BCG
by Marianna Schmudlach / May 25, 2007 8:50 AM PDT

Type Trojan

SubType Downloader

Overview -
This detection is for a downloader trojan. Recent variants come in the form of a DOC file which purports to be from the Better Business Bureau, pertaining to a customer complaint. The DOC file contains an EXE file - if this EXE file is double-clicked, it may attempt to download a file from a remote location. It will not run automatically upon opening the DOC file.

Characteristics

Downloader-BCG is a downloader trojan, which attempts to get a file from a remote site.

Recent variants come by email which has an attached DOC file which purports to be from the Better Business Bureau, pertaining to a customer complaint.

The text received may be like the following:

Dear Mr./Mrs. (This name will vary)

You have received a complaint in regards to your business services. The complaint was filled by Mr. James Jackson on 5/21/2007

Complaint Case Number: 084215052
Complaint Made by Consumer Mr. James Jackson
Complaint Registered Against: Company Target Analysis Group Inc
Date: 5/21/2007
Instructions on how to resolve this complaint as well as a copy of the original complaint are attached to this email.

Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:
- Claims based on product liability;
- Claims for personal injuries;
- Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.
The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.

The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.