HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - October 17, 2007

by Marianna Schmudlach / October 16, 2007 3:18 PM PDT

Troj/Zlob-AFF

Type Trojan

Affected operating systems Windows

Side effects Downloads code from the internet

Aliases Trojan-Downloader.Win32.Zlob.dlg
Win32/TrojanDownloader.Zlob.BGY trojan

Protection available since 17 October 2007

http://www.sophos.com/security/analyses/trojzlobaff.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - October 17, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - October 17, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Dial/Dialer-EW
by Marianna Schmudlach / October 16, 2007 3:20 PM PDT
Collapse -
Troj/Klone-N
by Marianna Schmudlach / October 17, 2007 1:12 AM PDT
Collapse -
Troj/Bckdr-QJS
by Marianna Schmudlach / October 17, 2007 1:14 AM PDT
Collapse -
Troj/Kreppe-Gen
by Marianna Schmudlach / October 17, 2007 1:16 AM PDT
Collapse -
Troj/DwnLdb-Gen
by Marianna Schmudlach / October 17, 2007 1:17 AM PDT
Collapse -
Troj/BDoor-Gen
by Marianna Schmudlach / October 17, 2007 1:18 AM PDT
Collapse -
Troj/Agent-GEK
by Marianna Schmudlach / October 17, 2007 1:20 AM PDT
Collapse -
Troj/PpDora-Gen
by Marianna Schmudlach / October 17, 2007 1:22 AM PDT
Collapse -
Troj/Agent-GDC
by Marianna Schmudlach / October 17, 2007 1:23 AM PDT
Collapse -
Troj/Iefeat-BG
by Marianna Schmudlach / October 17, 2007 1:24 AM PDT
Collapse -
Troj/Delf-EYI
by Marianna Schmudlach / October 17, 2007 1:26 AM PDT
Collapse -
Troj/Agent-GEL
by Marianna Schmudlach / October 17, 2007 1:28 AM PDT
Collapse -
Troj/Delf-EYH
by Marianna Schmudlach / October 17, 2007 1:30 AM PDT
Collapse -
VirusSchlacht Installer
by Marianna Schmudlach / October 17, 2007 1:33 AM PDT
Collapse -
Skype Stealer
by Marianna Schmudlach / October 17, 2007 2:02 AM PDT

Yesterday we added detection for a Trojan-Spy password stealer targeting Skype. The malware bills itself as Skype Defender, which sounds like a security plug-in.

Running the malware produces this dialog:

More: http://www.f-secure.com/weblog/

Collapse -
PWS-Pykse
by Marianna Schmudlach / October 17, 2007 2:07 AM PDT
Collapse -
Trojan-Spy:W32/Skyper.B
by Marianna Schmudlach / October 17, 2007 2:09 AM PDT

First Report: 2007-10-17

Alias: TSPY_SPEYK.A, Win32/Spy.Skyper.B, Trojan-Spy.Win32.Skyper.b, TR/Spy.Skyper.B, Trojan-PSW:W32/Agent.RJ

Summary
Skyper.B is a malware program that imitates Skype and attempts to steal sensitive information such as the user's Skype details and other username/password information stored in Internet Explorer.

Detailed Description
Skyper.B attempts to disguise itself as a security plug-in called Skype Defender. It is packed with UPX 3.0 and it is written with Borland Delphi.

Running the malware produces this dialog:

http://www.f-secure.com/v-descs/trojan-spy_w32_skyper_b.shtml

Collapse -
Copee
by Marianna Schmudlach / October 17, 2007 2:11 AM PDT

First Report: 2007-10-17

Description:
This is a detection for a trojan which does some advertising for a president candidate in Kenia. It kill several AV programs and applies changes to the registery in order to protect itself.

http://vil.nai.com/vil/content/v_143439.htm

Collapse -
Troj/Zlob-AFG
by Marianna Schmudlach / October 17, 2007 2:47 AM PDT
Collapse -
W32/Sdbot-DID
by Marianna Schmudlach / October 17, 2007 2:49 AM PDT

Type Worm

How it spreads Network shares

Affected operating systems Windows

Side effects Allows others to access the computer
Installs itself in the Registry
Exploits system or software vulnerabilities

Aliases W32/Sdbot.worm.gen.ci
Backdoor.Win32.SdBot.ccv

Protection available since 17 October 2007

http://www.sophos.com/security/analyses/w32sdbotdid.html

Collapse -
Troj/FakeAle-AP
by Marianna Schmudlach / October 17, 2007 2:50 AM PDT
Collapse -
Mal/DownLdr-W
by Marianna Schmudlach / October 17, 2007 2:51 AM PDT
Collapse -
W32/Feebs-BW
by Marianna Schmudlach / October 17, 2007 2:52 AM PDT
Collapse -
W32/Netsky-BR
by Marianna Schmudlach / October 17, 2007 2:54 AM PDT

Type Worm

How it spreads Email attachments

Affected operating systems Windows

Side effects Sends itself to email addresses found on the infected computer

Aliases W32/Netsky.d@MM
Win32/Netsky.D worm
Email-Worm.Win32.NetSky.d

Protection available since 17 October 2007

http://www.sophos.com/security/analyses/w32netskybr.html

Collapse -
Mal/Behav-149
by Marianna Schmudlach / October 17, 2007 2:55 AM PDT
Collapse -
Mal/Behav-150
by Marianna Schmudlach / October 17, 2007 2:56 AM PDT
Collapse -
Mal/TinyDL-K
by Marianna Schmudlach / October 17, 2007 2:58 AM PDT
Collapse -
Troj/Fortn-A
by Marianna Schmudlach / October 17, 2007 7:49 AM PDT
Collapse -
Trojan-Downloader.JS.Agent.kd
by Marianna Schmudlach / October 17, 2007 8:48 AM PDT

The New Global Storming Network

A new Storm site advertises a networking application. That site looks like this:

However, a mere visit to the site using an unpatched system will trigger an exploit to automatically download and execute a malicious file. Patched systems are protected but only if the users do not choose to download the file (with filename krackin.exe) and execute it themselves.

The webpage is detected as Trojan-Downloader.JS.Agent.kd while the file is detected as Email-Worm.Win32.Zhelatin.ke.

This is one network you wouldn't want to join, so make sure to keep your databases updated.

http://www.f-secure.com/weblog/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.