Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - October 27, 2005

by roddy32 Oct 26, 2005 8:58PM PDT

Discussion is locked

1 - 30 of 37 Posts
- Collapse + Expand Details
- Collapse -
Troj/Lineage-BB
by roddy32 Oct 26, 2005 8:59PM PDT
- Collapse -
Troj/Dloader-XC
by roddy32 Oct 26, 2005 9:15PM PDT
- Collapse -
W32/Sdbot-AEL
by roddy32 Oct 26, 2005 9:16PM PDT

Type Worm

Aliases
IM-Worm.Win32.Opanki.ac
W32/Opanki.worm
W32.Allim

W32/Sdbot-AEL is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AEL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Sdbot-AEL may attempt to spread via AOL Instant Messenger.

http://www.sophos.com/virusinfo/analyses/w32sdbotael.html

- Collapse -
Troj/Mire-A
by roddy32 Oct 26, 2005 9:20PM PDT
- Collapse -
Troj/Bancban-GS
by roddy32 Oct 26, 2005 9:22PM PDT
- Collapse -
W32/Rbot-ATK
by roddy32 Oct 26, 2005 9:27PM PDT

Type Worm

Aliases
Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.ac

W32/Rbot-ATK is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-ATK spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), MSSQL (MS02-039) (CAN-2002-0649), PNP (MS05-039) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Rbot-ATK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotatk.html

- Collapse -
W32/WarPigs-E
by roddy32 Oct 26, 2005 9:28PM PDT

Type Worm

Aliases
Backdoor.Win32.SpyBoter.ci
W32/Spybot.worm
Trojan.Spy.Goldun.CI-2
WORM_SPYBOT.GEN


W32/WarPigs-E is a worm and IRC backdoor Trojan for the Windows platform.
W32/WarPigs-E spreads to other network computers infected with Troj/NetDevil and to other network computers by exploiting common buffer overflow vulnerabilities, including PNP (MS05-039).
W32/WarPigs-E runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32warpigse.html

- Collapse -
Troj/Lineage-BC
by roddy32 Oct 26, 2005 9:31PM PDT
- Collapse -
Troj/CashGrab-G
by roddy32 Oct 26, 2005 9:32PM PDT
- Collapse -
W32/Sdbot-ZM
by roddy32 Oct 27, 2005 12:57AM PDT

Type Spyware Worm

Aliases Backdoor.Win32.SdBot.yx

W32/Sdbot-ZM is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities.
W32/Sdbot-ZM connects to a predetermined IRC channel and awaits further commands from remote users.

http://www.sophos.com/virusinfo/analyses/w32sdbotzm.html

- Collapse -
Troj/Delbot-E
by roddy32 Oct 27, 2005 12:59AM PDT
- Collapse -
W32/Mytob-BN
by roddy32 Oct 27, 2005 1:02AM PDT

Type Worm

Aliases Net-Worm.Win32.Mytob.t

W32/Mytob-BN is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-BN is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-BN harvests email addresses from files on the infected computer and from the Windows address book as well as the Microsoft Internet Account Manager.
W32/Mytob-BN also appends the HOSTS file to deny access to security related websites.
The following patch for the operating system vulnerability exploited by W32/Mytob-BN can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.sophos.com/virusinfo/analyses/w32mytobbn.html

- Collapse -
W32/Mytob-BO
by roddy32 Oct 27, 2005 3:19AM PDT

Type Worm

W32/Mytob-BO is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-BO runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-BO is capable of spreading through email. Email sent by W32/Mytob-BO has the following properties:
Subject line chosen from:
'Your Account is Suspended'
'*DETECTED* Online User Violation'
'Your Account is Suspended For Security Reasons'
'Warning Message: Your services near to be closed.'
'Important Notification'
'Members Support'
'Security measures'
'Email Account Suspension'
'Notice of account limitation'
<random characters>
Message text chosen from:
'Dear <company name> Member,
We have temporarily suspended your email account <email address>.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your <company name> account.
Sincerely,The <company name> Support Team
+++ Attachment: No Virus (Clean)
+++ <company name> Antivirus - <web address>'
'Dear <company name> Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.
Virtually yours,
The <company name> Support Team
+++ Attachment: No Virus found
+++ <company name> Antivirus - <web address>'
'Dear user <username>,
You have successfully updated the password of your <company name> account.
If you did not authorize this change or if you need assistance with your account, please contact <company name> customer service at: <email address>
Thank you for using <company name>!The <company name> Support Team
+++ Attachment: No Virus (Clean)
+++ <company name> Antivirus - <web address>'
'Dear user <username>,
It has come to our attention that your <company name> User Profile ( x ) records are out of date. For further details see the attached document.
Thank you for using <company name>!
The <company name> Support Team
+++ Attachment: No Virus (Clean)
+++ <company name> Antivirus - <web address>'
The attached file consists of any of the following base names followed by the extension ZIP:
'important-details'
'account-details'
'email-details'
'account-info'
'document'
'readme'
'account-report'
'updated-password'
'email-password'
'new-password'
'password'
'approved-password'
'account-password'
'accepted-password'
<random characters>
The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is PIF, SCR, EXE or ZIP.
W32/Mytob-BO harvests email addresses from files on the infected computer and from the Windows address book.

http://www.sophos.com/virusinfo/analyses/w32mytobbo.html

- Collapse -
W32/Mytob-BP
by roddy32 Oct 27, 2005 3:21AM PDT

Type Worm

W32/Mytob-BP is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-BP runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-BP also includes functionality to silently download, install and run new software.
W32/Mytob-BP harvests email addresses from files on the infected computer and from the Windows address book.
W32/Mytob-BP modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore preventing normal access to these sites.
Sophos's anti-virus products include Genotype ? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Mytob-BP (detected as W32/MyDoom-Gen) since version 3.92.

http://www.sophos.com/virusinfo/analyses/w32mytobbp.html

- Collapse -
W32/Mytob-BM
by roddy32 Oct 27, 2005 3:23AM PDT

Type Worm

W32/Mytob-BM is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-BM spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: RPC-DCOM (MS04-012) and LSASS (MS04-011) and by copying itself to network shares protected by weak passwords.
W32/Mytob-BM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Mytob-BM harvests email addresses from files on the infected computer and from the Windows address book as well as the Microsoft Internet Account Manager.
The following patches for the operating system vulnerabilities exploited by W32/Mytob-BM can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

http://www.sophos.com/virusinfo/analyses/w32mytobbm.html

- Collapse -
Troj/Inor-V
by roddy32 Oct 27, 2005 3:30AM PDT
- Collapse -
Troj/Stinx-D
by roddy32 Oct 27, 2005 3:31AM PDT

Type Trojan

Aliases
Backdoor.Win32.IRCBot.v
W32/Brepibot

Troj/Stinx-D is a backdoor Trojan for the Windows platform.
Troj/Stinx-D runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.
Troj/Stinx-D can be instructed to delete, execute, and download and execute
files.
Troj/Stinx-D will also try and circumvent the Windows Firewall if it is
present.

http://www.sophos.com/virusinfo/analyses/trojstinxd.html

- Collapse -
Troj/Hiddl-C
by roddy32 Oct 27, 2005 3:34AM PDT

Type Trojan

Aliases
Trojan-Downloader.Win32.Small.bta
Downloader-AEC


Troj/Hiddl-C is a downloader Trojan for the Windows platform.
Troj/Hiddl-C will download and execute files from a predefined URL to <System> \SVSHOTC.EXE.

http://www.sophos.com/virusinfo/analyses/trojhiddlc.html

- Collapse -
Troj/Dloader-XG
by roddy32 Oct 27, 2005 3:36AM PDT
- Collapse -
Troj/Dloader-XH
by roddy32 Oct 27, 2005 3:39AM PDT
- Collapse -
Troj/ProDoor-A
by roddy32 Oct 27, 2005 3:41AM PDT

Type Trojan

Troj/ProDoor-A is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/ProDoor-A runs a SOCKS proxy server, allowing a remote attacker to route internet traffic through the infected computer.

http://www.sophos.com/virusinfo/analyses/trojprodoora.html

- Collapse -
Troj/Agent-ES
by roddy32 Oct 27, 2005 3:44AM PDT
- Collapse -
W32/Codbot-AH
by roddy32 Oct 27, 2005 3:53AM PDT

Type Worm

Aliases
Backdoor.Win32.Codbot.az
W32/Sdbot.worm.gen.as

W32/Codbot-AH is a worm and IRC backdoor Trojan for the Windows platform.
W32/Codbot-AH spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), IMAIL Server and ASN.1 (MS04-007).
W32/Codbot-AH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32codbotah.html

- Collapse -
W32/Rbot-ATS
by roddy32 Oct 27, 2005 3:55AM PDT

Type Worm

Aliases
Packed.Win32.CryptExe
W32.Spybot.Worm

W32/Rbot-ATS is a worm for the Windows platform.
W32/Rbot-ATS may spread by copying itself to network shares with no passwords or by exploiting any of the following vulnerabilities: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049), WebDav (MS03-007), IIS5SSL (MS04-011), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039), ASN.1 (MS04-007).

http://www.sophos.com/virusinfo/analyses/w32rbotats.html

- Collapse -
Troj/Dloader-XI
by roddy32 Oct 27, 2005 3:57AM PDT

Type Trojan

Aliases
Worm.Win32.VB.ar
W32/Downloader.TPA
Trojan-Downloader.Win32.Banload.bf
Downloader-ACR trojan

Troj/Dloader-XI is a downloader Trojan for the Windows platform.
Troj/Dloader-XI includes functionality to access the internet and communicate with a remote server via HTTP.


http://www.sophos.com/virusinfo/analyses/trojdloaderxi.html

- Collapse -
W32/Rbot-ATT
by Marianna Schmudlach Oct 27, 2005 10:34AM PDT

Type Worm

Aliases Backdoor.Win32.Rbot.aeu

W32/Rbot-ATT is a worm and IRC backdoor Trojan for the Windows platform.


W32/Rbot-ATT spreads:


- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix

- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007)

- by copying itself to network shares protected by weak passwords


W32/Rbot-ATT runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotatt.html

- Collapse -
W32/Rbot-ATU
by Marianna Schmudlach Oct 27, 2005 11:18AM PDT

Type Worm

Aliases Backdoor.Win32.Rbot.aeu

W32/Rbot-ATU is a worm and IRC based backdoor Trojan for the Windows platform.


W32/Rbot-ATU spreads:


- to other network computers infected with: Troj/Kuang, Troj/Sub7, Troj/NetDevil, W32/MyDoom, W32/Bagle and Troj/Optix

- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), WebDav (MS03-007), IIS5SSL (MS04-011) (CAN-2003-0719), UPNP (MS01-059), Veritas (CAN-2004-1172), Dameware (CAN-2003-1030), PNP (MS05-039) and ASN.1 (MS04-007)

- by copying itself to network shares protected by weak passwords


W32/Rbot-ATU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotatu.html

- Collapse -
W32/Sdbot-AEN
by Marianna Schmudlach Oct 27, 2005 11:19AM PDT

Type Worm

Aliases Backdoor.Win32.SdBot.gen
W32/Sdbot.worm.gen.bz
Backdoor.SDBot.Gen
WORM_SDBOT.CCR

W32/Sdbot-AEN is a worm and IRC backdoor Trojan for the Windows platform.


W32/Sdbot-AEN spreads to other network computers by exploiting common buffer

overflow vulnerabilities, including PNP (MS05-039).


W32/Sdbot-AEN runs continuously in the background, providing a backdoor server

which allows a remote intruder to gain access and control over the computer via

IRC channels.


http://www.sophos.com/virusinfo/analyses/w32sdbotaen.html

- Collapse -
W32/Agobot-TX
by Marianna Schmudlach Oct 27, 2005 11:20AM PDT

Type Worm

Aliases Backdoor.Win32.Agobot.nq
W32/Gaobot.worm.gen.d
W32.HLLW.Gaobot.gen
WORM_AGOBOT.AQY

W32/Agobot-TX is a worm and IRC backdoor Trojan for the Windows platform.


W32/Agobot-TX spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012) and PNP (MS05-039) and by copying itself to network shares protected by weak passwords.


W32/Agobot-TX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32agobottx.html

- Collapse -
Troj/Dloader-XK
by Marianna Schmudlach Oct 27, 2005 11:21AM PDT
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info