Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - October 19, 2005

by roddy32 Oct 19, 2005 12:02AM PDT

W32/Fanbot-C

Type Worm

W32/Fanbot-C is a email, network and P2P worm and IRC backdoor for the Windows
platform.
W32/Fanbot-C runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.
W32/Fanbot-C will spread via email attachments to email addresses harvested
from the infected computer with the following attributes:
Subject line:
*DETECTED* Online User Violation.
Email Account Suspension.
Hello. We're Skype and we've got something we would like to share with you.
Important Notification!
Members Support.
Notice of account limitation.
Security measures.
Share Skype.
Skype for Windows 1.4 - Have you got the new Skype?'
Warning Message: Your services near to be closed.
What is Skype?
Your Account is Suspended For Security Reasons.
Your Account is Suspended.
Message text:
Dear user <string>,
It has come to our attention that your <string> User Profile ( x ) records are
out of date. For further details see the attached document.
Thank you for using <string>!
The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - www.<string>
Dear <string> Member,
We have temporarily suspended your email account <string>.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due
to an internal error within our processors.
See the details to reactivate your <string> account.
Sincerely,The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - www.<string>
Dear <string> Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages
during the recent week. If you could please take 5-10 minutes out of your
online experience and confirm the attached document so you will not run into
any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your
membership.
Virtually yours,
The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - www.<string>
Dear user <string>,
Skype is a little piece of software that lets you talk over the Internet to
anyone, anywhere for free.
And it just got even better download the latest version of Skype:
Our call quality is the best ever for talking, laughing and sharing stories.
You can forward calls on to mobiles, landlines and other Skype Names.
Make calls instantly from Outlook email or Internet Explorer with our new
toolbars.
Personalise your Skype play around with sounds, ringtones and pictures to show
the world who you are.
For further details see the attached document.
This message contains graphics. If you do not see the graphics, click here to
view.
c 2002-2005 by Skype Technologies S.A.
Legal information
In the above message bodies the <string> would be replaced by text extracted
from the harvested email addresses.
Attachments may have the following base filenames, usually with a zip extension.
account-details
account-info
account-report
document
email-details
important-details
readme
Share Skype
Skype-details
Skype-document
Skype-info
Skype-stuffs
Skype for Windows 1.4
W32/Fanbot-C also attempts to spread by exploiting the PNP (MS05-039)
vulnerability.
A patch for the operating system vulnerability exploited by W32/Fanbot-C is
available from Microsoft:

http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

http://www.sophos.com/virusinfo/analyses/w32fanbotc.html

Discussion is locked

31 - 60 of 58 Posts
- Collapse + Expand Details
- Collapse -
Troj/Mediatic-B
by Marianna Schmudlach Oct 19, 2005 12:29PM PDT

Type Trojan

Aliases Trojan-Downloader.JS.Small.ag
JS/SillyDownloader.AA
Downloader-AGC
Trojan.Downloader.Mediatickets-1

Troj/Mediatic-B is a Java Script downloader/installer for MediaTickets adware.
Troj/Mediatic-B arrives by browsing web pages containing the Troj/Mediatic-B script or links to the Troj/Mediatic-B script.
Troj/Mediatic-B attempts to exploit the CODEBASE vulnerability associated with certain versions of Microsoft Internet Explorer to download files named MediaTicketsInstaller.cab and MediaTicket.exe from a remote location.

http://www.sophos.com/virusinfo/analyses/trojmediaticb.html

- Collapse -
Troj/Dloader-WK
by Marianna Schmudlach Oct 19, 2005 12:30PM PDT
- Collapse -
Troj/Agent-FZ
by Marianna Schmudlach Oct 19, 2005 12:31PM PDT
- Collapse -
W32/Fanbot-Gen
by Marianna Schmudlach Oct 19, 2005 12:38PM PDT

Type Worm

W32/Fanbot-Gen detects members of the W32/Fanbot family of mass-mailing worms.
The worm typically has backdoor functions that allows unauthorized remote access to the infected computer via remote IRC channels.
Members of the W32/Fanbot family of worms usually attempt to register themselves as services and includes functionality to:
- carry out DDoS flooder attacks
- silently download, install and run new software
- modify the HOSTS file
- disable other applications
- injects code to other processes

http://www.sophos.com/virusinfo/analyses/w32fanbotgen.html

- Collapse -
W32/Rbot-ASI
by Marianna Schmudlach Oct 19, 2005 3:34PM PDT

Type Worm

Aliases Backdoor.Win32.Rbot.agb
WORM_SDBOT.CLP

W32/Rbot-ASI is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ASI can spread to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), PNP (MS05-039), and ASN.1 (MS04-007).
W32/Rbot-ASI runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotasi.html

- Collapse -
W32/Maibot-A
by Marianna Schmudlach Oct 19, 2005 3:35PM PDT

Type Worm

How it spreads Chat programs


W32/Maibot-A is a worm for the Windows platform.
W32/Maibot-A may spread via the AOL Instant Messenger program.
W32/Maibot-A runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.

http://www.sophos.com/virusinfo/analyses/w32maibota.html

- Collapse -
Troj/Dloader-WM
by Marianna Schmudlach Oct 19, 2005 3:36PM PDT

Type Trojan

Aliases Trojan-Spy.Win32.Banker.aau


Troj/Dloader-WM is a Trojan for the Windows platform.
Troj/Dloader-WM downloads a file from a preconfigured location to the Windows
system folder and executes it.
Troj/Dloader-WM also opens Microsoft Internet Explorer on a URL selected randomly from a list.

http://www.sophos.com/virusinfo/analyses/trojdloaderwm.html

- Collapse -
W32/Rbot-ASG
by Marianna Schmudlach Oct 19, 2005 3:37PM PDT
- Collapse -
Troj/Bancban-GG
by Marianna Schmudlach Oct 19, 2005 3:38PM PDT

Type Spyware Trojan

Aliases Trojan-Spy.Win32.Banker.aew
PWS-Banker.gen.bb

Troj/Bancban-GG is a Trojan for the Windows platform.
The Trojan steals login credentials from Internet sessions with certain banking sites. Stolen information is sent to a remote user.

http://www.sophos.com/virusinfo/analyses/trojbancbangg.html

- Collapse -
W32/Rbot-ASJ
by Marianna Schmudlach Oct 19, 2005 3:39PM PDT

Type Worm

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.aw

W32/Rbot-ASJ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ASJ spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), Veritas (CAN-2004-1172) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Rbot-ASJ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotasj.html

- Collapse -
W32/Rbot-ASK
by Marianna Schmudlach Oct 19, 2005 3:40PM PDT

Type Worm

Aliases Backdoor.Win32.Rbot.gen
W32/Gaobot.worm.gen.e
WORM_RBOT.CIM

W32/Rbot-ASK is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ASK spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Rbot-ASK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotask.html

- Collapse -
Troj/HconKit-A
by Marianna Schmudlach Oct 19, 2005 3:40PM PDT
- Collapse -
Troj/GWGhost-S
by Marianna Schmudlach Oct 19, 2005 3:41PM PDT
- Collapse -
Troj/HelpCon-F
by Marianna Schmudlach Oct 19, 2005 3:42PM PDT

Type Trojan

Aliases Exploit.VBS.Phel.be

Troj/HelpCon-F exploits a cross-zone scripting vulnerability in Internet Explorer in order to download and execute a file from a remote location.
The patch for the vulnerability exploited by Troj/HelpCon-F can be obtained from the Microsoft website:
MS05-001

http://www.sophos.com/virusinfo/analyses/trojhelpconf.html

- Collapse -
W32/Dref-G
by Marianna Schmudlach Oct 19, 2005 3:43PM PDT
- Collapse -
Troj/HacDef-X
by Marianna Schmudlach Oct 19, 2005 3:44PM PDT
- Collapse -
W32/Sdbot-AED
by Marianna Schmudlach Oct 19, 2005 3:45PM PDT

Type Worm

Aliases Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.h

W32/Sdbot-AED is a worm for the Windows platform.
W32/Sdbot-AED spreads via file sharing on P2P networks and to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007).
W32/Sdbot-AED drops files detected as Troj/HacDef-X.

http://www.sophos.com/virusinfo/analyses/w32sdbotaed.html

- Collapse -
Troj/LowZone-AQ
by Marianna Schmudlach Oct 19, 2005 3:46PM PDT
- Collapse -
Troj/Tompai-B
by Marianna Schmudlach Oct 19, 2005 3:47PM PDT
- Collapse -
W32/Sdbot-ZY
by Marianna Schmudlach Oct 19, 2005 3:48PM PDT

Type Spyware Worm

Aliases Backdoor.Win32.SdBot.abc

W32/Sdbot-ZY is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ZY spreads by copying itself to network shares protected by weak passwords.
W32/Sdbot-ZY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Sdbot-ZY includes functionality to:
- steal confidential information
- carry out DDoS flooder attacks
- silently download, install and run new software, including updates of its software

http://www.sophos.com/virusinfo/analyses/w32sdbotzy.html

- Collapse -
Troj/HacDef-T
by Marianna Schmudlach Oct 19, 2005 3:50PM PDT

Type Trojan

Aliases Backdoor.Win32.HacDef.073.b
Trojan.HacDef.073.B
HackerDefender.gen.c
Trojan.Hackdef.084-prog
BKDR_HACDEF.73.B

Troj/HacDef-T is a backdoor Trojan for the Windows platform.
As well as allowing unauthorized remote access to the victim's computer, Troj/HacDef-T is able to hide information about the victim's system including files, folders, processes, services and registry entries.

http://www.sophos.com/virusinfo/analyses/trojhacdeft.html

- Collapse -
W32/Sdbot-ZZ
by Marianna Schmudlach Oct 19, 2005 3:50PM PDT

Type Worm

Side effects Allows others to access the computer
Downloads code from the internet
Installs itself in the Registry

W32/Sdbot-ZZ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ZZ spreads by copying itself to network shares protected by weak passwords.
W32/Sdbot-ZZ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Sdbot-ZZ includes functionality to silently download, install and run new software, including updates of its software.

http://www.sophos.com/virusinfo/analyses/w32sdbotzz.html

- Collapse -
Troj/Wollf-A
by Marianna Schmudlach Oct 19, 2005 3:52PM PDT

Type Spyware Trojan


Aliases Backdoor.Win32.Wollf.a

Troj/Wollf-A is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Wollf-A includes functionality to:
- create a FTP/Telnet server
- sniff network packets
- steal confidential information
- provide a proxy server
- display message boxes
- create/delete folders and files
- shutdown/reboot Windows on the infected computer
- inject its code into other processes
- disable other applications and services
- silently download, install and run new software, including updates of its software

http://www.sophos.com/virusinfo/analyses/trojwollfa.html

- Collapse -
Troj/Cifond-A
by Marianna Schmudlach Oct 19, 2005 3:52PM PDT

Type Trojan

Aliases Trojan-Downloader.Win32.Small.aon


Troj/Cifond-A is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/Cifond-A includes functionality to access the internet and communicate with a remote server via HTTP and to disable other software, including anti-virus, firewall and security related applications.

http://www.sophos.com/virusinfo/analyses/trojcifonda.html

- Collapse -
Troj/Videx-A
by Marianna Schmudlach Oct 19, 2005 3:53PM PDT
- Collapse -
Troj/Multidr-SD
by Marianna Schmudlach Oct 19, 2005 3:54PM PDT

Type Trojan

Side effects Drops more malware

Troj/Multidr-SD is a Trojan dropper.
When executed Troj/Multidr-SD will create and run the following two files.
0.exe - detected by Sophos as W32/Sdbot-ABD
10.exe - detected by Sophos as W32/Kelvir-AL

http://www.sophos.com/virusinfo/analyses/trojmultidrsd.html

- Collapse -
W32/Sdbot-ABD
by Marianna Schmudlach Oct 19, 2005 3:55PM PDT

Type Worm

Aliases Backdoor.Win32.SdBot.abd

W32/Sdbot-ABD is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ABD runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Sdbot-ABD spreads by copying itself to network shares protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32sdbotabd.html

- Collapse -
Troj/Lineage-Y
by Marianna Schmudlach Oct 19, 2005 3:56PM PDT

Type Spyware Trojan

Aliases TSPY_LINEAGE.BB
Trojan-PSW.Win32.Lineage.gx

Troj/Lineage-Y is a password stealing Trojan for the Windows platform that
attempts to steal passwords associated with the online game called "Lineage".
Troj/Lineage-Y modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore preventing normal access to these sites.

http://www.sophos.com/virusinfo/analyses/trojlineagey.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info