Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS ALERTS - Octobet 24, 2005

Oct 24, 2005 12:35AM PDT

Troj/Hanlo-B

Type Trojan

Aliases
Trojan-Downloader.Win32.Hanlo.b
Downloader-AGH
TROJ_DLOADER.AJQ

Troj/Hanlo-B is a Trojan for the Windows platform.
Troj/Hanlo-B includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Hanlo-B downloads the following files:
tBmp107.exe
tBmp207.exe
tBmp307.exe
tBmp407.exe
tBmp507.exe
tBmp607.exe
tBmp707.exe

http://www.sophos.com/virusinfo/analyses/trojhanlob.html

Discussion is locked

- Collapse -
W32/Cuebot-G
Oct 24, 2005 9:10AM PDT

Type Spyware Worm

W32/Cuebot-G is a worm for the Windows platform.
The worm connects to a remote IRC server and joins a predefined channel. The backdoor component then awaits commands from remote attackers. W32/Cuebot-G can then be instructed to:
- scan networks for vulnerabilities
- take part in distributed denial of service (DDoS) attacks
W32/Cuebot-G spreads to unpatched network computers vulnerable to the PnP MS05-039) vulnerability.

http://www.sophos.com/virusinfo/analyses/w32cuebotg.html

- Collapse -
WM97/Exedrop-E
Oct 24, 2005 9:11AM PDT
- Collapse -
Troj/Dloader-WR
Oct 24, 2005 9:12AM PDT
- Collapse -
Troj/ByteVeri-O
Oct 24, 2005 9:13AM PDT

Type Trojan

Side effects Exploits system or software vulnerabilities

Troj/ByteVeri-O exploits a vulnerability in the Byte Code Verify component of the Microsoft VM to run an executable file on the local computer.
Troj/ByteVeri-O takes advantage of the MS03-011 exploit.

http://www.sophos.com/virusinfo/analyses/trojbyteverio.html

- Collapse -
W32/Mytob-BZ
Oct 24, 2005 9:14AM PDT

Type Spyware Worm

W32/Mytob-BZ is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-BZ is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).
W32/Mytob-BZ harvests email addresses from files on the infected computer and from the Windows address book.

http://www.sophos.com/virusinfo/analyses/w32mytobbz.html

- Collapse -
W32/Rbot-ABU
Oct 24, 2005 9:15AM PDT

Type Spyware Worm

Aliases Backdoor.Win32.Agobot.aby

W32/Rbot-ABU is an internet worm and backdoor Trojan.
W32/Rbot-ABU spreads to other network computers by exploiting LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) and MSSQL (MS02-039) buffer overflow vulnerabilities and by copying itself to network shares protected by weak passwords.
W32/Rbot-ABU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
The worm also includes functionality to:
- steal confidential information
- carry out DDoS flooder attacks
- silently download, install and run new software
- disable other applications
- execute arbitrary commands
The following patches for the operating system vulnerabilities exploited by W32/Rbot-ABU can be obtained from the Microsoft website:
MS04-011
MS04-012
MS03-049
MS02-039

http://www.sophos.com/virusinfo/analyses/w32rbotabu.html

- Collapse -
Troj/Dloader-NA
Oct 24, 2005 9:15AM PDT
- Collapse -
Troj/Dloader-MY
Oct 24, 2005 9:16AM PDT
- Collapse -
Troj/ServU-AS
Oct 24, 2005 9:17AM PDT

Type Trojan

Aliases Backdoor.Win32.ServU-based

Troj/ServU-AS is a hacked version of a commercially available FTP server that will listen on a port for incoming commands from a remote attacker.
Troj/ServU-AS creates text files named chkdrv.vxd and tskman.dll in the current folder.

http://www.sophos.com/virusinfo/analyses/trojservuas.html

- Collapse -
W32/Rbot-ABT
Oct 24, 2005 9:18AM PDT

Type Spyware Worm

Aliases W32/Sdbot.worm.gen.ag


W32/Rbot-ABT is a Windows network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
Once installed, W32/Rbot-ABT will give a remote attacker the ablility to perform a set of functions on the infected computer.

http://www.sophos.com/virusinfo/analyses/w32rbotabt.html

- Collapse -
W32/Brontok-D
Oct 24, 2005 3:19PM PDT

Type Worm

Aliases Email-Worm.Win32.Brontok.c


W32/Brontok-D is an email worm that sends itself to the addresses gathered from the infected computer by searching files with the following extensions:
ASP, CFM, CSV, DOC, EML, HTML, PHP, TXT, WAB
W32/Brontok-D may arrive attached with the filename Kangen.exe to the email with the blank subject and following message text:
BRONTOK.A [ By: H[REMOVED]Community ]
-- Hentikan kebobrokan di negeri ini --
1. Adili Koruptor, Penyelundup, Tukang Suap, Penjudi, & Bandar NARKOBA
( Send to "NUSAKAMBANGAN")
2. Stop Free Sex, Absorsi, & Prostitusi (Go To HELL)
3. Stop (pencemaran laut & sungai), pembakaran hutan & perburuan liar.
4. SAY NO TO DRUGS !!!
-- KIAMAT SUDAH DEKAT --
Terinspirasi oleh: Elang Brontok (Spizaetus Cirrhatus) yang hampir punah[ By: H[REMOVED]unity --
!!!Akan Kubuat Mereka (VM lokal yg cengeng & bodoh) Terkapar!!!

http://www.sophos.com/virusinfo/analyses/w32brontokd.html

- Collapse -
Troj/ConHook-N
Oct 24, 2005 3:20PM PDT
- Collapse -
Troj/Dropper-BL
Oct 24, 2005 3:21PM PDT
- Collapse -
Dial/MPB-B
Oct 24, 2005 3:22PM PDT

Type Trojan

Dial/MPB-B is a dialer application used to provide access to pornographic material.
The dialer provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx".

http://www.sophos.com/virusinfo/analyses/dialmpbb.html

- Collapse -
Troj/Dloader-WS
Oct 24, 2005 3:23PM PDT
- Collapse -
Troj/Steelus-A
Oct 24, 2005 3:24PM PDT
- Collapse -
Troj/QQPass-AG
Oct 24, 2005 3:25PM PDT
- Collapse -
Troj/LegMir-BF
Oct 24, 2005 3:26PM PDT

Type Spyware Trojan

Aliases Trojan-PSW.Win32.Agent.cf

Troj/LegMir-BF is a password stealing Trojan for the Windows platform.
Troj/LegMir-BF includes functionality to access the internet and communicate with a remote server via HTTP.

http://www.sophos.com/virusinfo/analyses/trojlegmirbf.html

- Collapse -
W32/Tilebot-AI
Oct 24, 2005 3:27PM PDT

Type Spyware Worm

Aliases Backdoor.Win32.SdBot.aad

W32/Tilebot-AI is a password stealing Trojan with an IRC backdoor for the Windows platform.
W32/Tilebot-AI spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039), IMAIL Server and ASN.1 (MS04-007).
When first run W32/Tilebot-AI creates several files and registry entries.

http://www.sophos.com/virusinfo/analyses/w32tilebotai.html

- Collapse -
Troj/LegMir-BE
Oct 24, 2005 3:27PM PDT