Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - September 30, 2005

W32/Rbot-APN

Aliases Backdoor.Win32.Rbot.ady

Type Worm

W32/Rbot-APN is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-APN spreads via file sharing on P2P networks.
W32/Rbot-APN runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.
W32/Rbot-APN spreads to other network computers by exploiting common buffer
overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP
(MS05-039) and WINS (MS04-045) and by copying itself to network shares
protected by weak passwords.

http://www.sophos.com/virusinfo/analyses/w32rbotapn.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - September 30, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - September 30, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Rbot-APP

In reply to: VIRUS ALERTS - September 30, 2005

Type Spyware Worm

W32/Rbot-APP is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-APP spreads to other network computers:
- by exploiting common buffer overflow vulnerabilities, including: LSASS
(MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and MSSQL
(MS02-039) (CAN-2002-0649)
- by copying itself to network shares protected by weak passwords
W32/Rbot-APP runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.
W32/Rbot-APP includes functionality to:
- perform port scanning
- carry out DDoS flooder attacks
- silently download, install and run new software
- steal information
The following patches for the operating system vulnerabilities exploited by
W32/Rbot-APP can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

http://www.microsoft.com/technet/security/bulletin/MS03-049.mspx

http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx

http://www.sophos.com/virusinfo/analyses/w32rbotapp.html

Collapse -
W32/Sdranck-Q

In reply to: VIRUS ALERTS - September 30, 2005

Type Worm

W32/Sdranck-Q is a multi-component network worm.
W32/Sdranck-Q drops two files in the following locations:
C:\WINNT\SYSTEM32\stuffm.exe
C:\WINNT\SYSTEM32\mstuff.exe
W32/Sdranck-Q then runs these files.
STUFFM.EXE is a backdoor Trojan detected as W32/Sdbot-Fam.
MSTUFF.EXE is a proxy Trojan detected as Troj/Ranck-Fam.
The file detected as W32/Sdbot-Fam attempts to spread W32/Sdranck-Q to network
shares with weak passwords and via network security exploits.

http://www.sophos.com/virusinfo/analyses/w32sdranckq.html

Collapse -
Troj/BankDl-K

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/Sharp-K

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/Banker-FQ

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/Dumaru-BQ

In reply to: VIRUS ALERTS - September 30, 2005

Aliases
BackDoor-CCT
Backdoor.Win32.Dumador.az

Type Spyware Trojan

Troj/Dumaru-BQ is a Trojan for the Windows platform.
Troj/Dumaru-BQ includes functionality to:
- steal confidential information
- inject its code into EXPLORER
- modify the HOSTS file
- log keystrokes
- silently download, install and run new software
- access the internet and communicate with a remote server via HTTP
Troj/Dumaru-BQ captures clipboard data and window text and sends the
information to a remote location via email.
Troj/Dumaru-BQ may also attempt to steal confidential information related to
WebMoney, Total Commander and Far Manager account details as well as TCP/IP
Interface settings, Internet Account Manager POP3 user names/passwords and
Windows user names.

http://www.sophos.com/virusinfo/analyses/trojdumarubq.html

Collapse -
W32/Rbot-APO

In reply to: VIRUS ALERTS - September 30, 2005

Type Spyware Worm

W32/Rbot-APO is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-APO spreads to other network computers by exploiting common buffer
overflow vulnerabilities, including: LSASS (MS04-011) and PNP (MS05-039).
W32/Rbot-APO runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.
W32/Rbot-APO includes functionality to:
- perform port scanning
- carry out DDoS flooder attacks
- silently download, install and run new software
- steal information
The following patches for the operating system vulnerabilities exploited by
W32/Rbot-APO can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

http://www.sophos.com/virusinfo/analyses/w32rbotapo.html

Collapse -
Troj/Multidr-EL

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/Wirefa-A

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/QHosts-J

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/Dloader-VG

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/IRCBot-AH

In reply to: VIRUS ALERTS - September 30, 2005

Aliases Backdoor.Win32.IRCBot.gi

Type Trojan

Troj/IRCBot-AH is a Trojan for the Windows platform.
Troj/IRCBot-AH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/trojircbotah.html

Collapse -
W32/Rbot-APM

In reply to: VIRUS ALERTS - September 30, 2005

Aliases
Backdoor.Win32.Rbot.adz
W32/Sdbot.worm.gen.y

Type Worm


W32/Rbot-APM is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-APM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotapm.html

Collapse -
Troj/Lootbot-B

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
W32/Rbot-APS

In reply to: VIRUS ALERTS - September 30, 2005

Aliases
Backdoor.Win32.Rbot.gen
BKDR_RBOT.BE
W32.Spybot.Worm

Type Worm

W32/Rbot-APS is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-APS spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), Veritas (CAN-2004-1172) and ASN.1 (MS04-007) and by copying itself to network shares protected by weak passwords.
W32/Rbot-APS runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32rbotaps.html

Collapse -
Troj/Lineage-AV

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/CashGrab-D

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/Protux-B

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
Troj/Rawdoor-A

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
W32/Rbot-APT

In reply to: VIRUS ALERTS - September 30, 2005

Type Spyware Worm

W32/Rbot-APT is a network worm with backdoor functionality for the Windows platform.
W32/Rbot-APT spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, ASN.1 and PnP) and using backdoors opened by other worms or Trojans.
The following patches for the operating system vulnerabilities exploited by W32/Rbot-APT can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx

W32/Rbot-APT can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-APT can be instructed by a remote user to perform a variety of tasks.

http://www.sophos.com/virusinfo/analyses/w32rbotapt.html

Collapse -
Troj/TWeb-A

In reply to: VIRUS ALERTS - September 30, 2005

Aliases Trojan-Clicker.Win32.Kiso.a

Type Trojan

Troj/TWeb-A is a Trojan for the Windows platform that sends HTTP requests to the certain websites. The request typically takes the form of an HTTP GET request, with the referer field set to a predefined website.

http://www.sophos.com/virusinfo/analyses/trojtweba.html

Collapse -
Troj/Bancos-EM

In reply to: VIRUS ALERTS - September 30, 2005

Aliases Trojan-Spy.Win32.Bancos.ha

Type Spyware Trojan

Troj/Bancos-EM is a password stealing Trojan for the Windows platform that targets particular online banking sites.
Running in the background Troj/Bancos-EM monitors a user's internet access to banking websites, in an attempt to log user activity and email the stolen details to a predefined address.

http://www.sophos.com/virusinfo/analyses/trojbancosem.html

Collapse -
XM97/Acute-B

In reply to: VIRUS ALERTS - September 30, 2005

Aliases
Virus.MSExcel.Acute.c
X97M.Sarsnan
X97M_ACUTE.D

Type Virus

XM97/Acute-B is a virus that infects Microsoft Excel files.
The virus changes the Microsoft Excel window title to "Excel" and may display the messages "Good Morning" or "HELLO".
On the 20th day of the month, XM97/Acute-B displays a message box containing the text "UPDATE ME NOW, INFECTED BY BUGGIE!"

http://www.sophos.com/virusinfo/analyses/xm97acuteb.html

Collapse -
W32/Forbot-FU

In reply to: VIRUS ALERTS - September 30, 2005

Aliases
Backdoor.Win32.Wootbot.gen
W32/Sdbot.worm.gen.bg
W32.Spybot.Worm
WORM_SPYBOT.AIC

Type Worm

W32/Forbot-FU is a worm with backdoor functionality for the Windows platform.
W32/Forbot-FU spreads to other network computers infected with Troj/Optix and to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and ASN.1 (MS04-007).
The following patches for the operating system vulnerabilities exploited by W32/Forbot-FU can be obtained from the Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx

W32/Forbot-FU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32forbotfu.html

Collapse -
Troj/Proxyser-L

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
W32/Zotob-J

In reply to: VIRUS ALERTS - September 30, 2005

Aliases
Net-Worm.Win32.Bozori.f
W32/Bozori.worm.f
W32.Zotob.K

Type Worm

W32/Zotob-J is a worm with backdoor functionality for the Windows platform.
W32/Zotob-J spreads to other network computers by exploitation of the PnP vulnerability (MS05-039).
The following patches for the operating system vulnerabilities exploited by W32/Zotob-J can be obtained from the Microsoft website:


http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

W32/Zotob-J runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32zotobj.html

Collapse -
W32/Melo-A

In reply to: VIRUS ALERTS - September 30, 2005

Collapse -
W32/Wurmark-N

In reply to: VIRUS ALERTS - September 30, 2005

Aliases
Worm.Win32.VB.ad
W32.Sinnaka.A@mm

Type Worm

W32/Wurmark-N is a mass mailing worm which sends itself as a ZIP attachment to email addresses found on the infected computer using its own SMTP engine.
W32/Wurmark-N may arrive in email with the following characteristics:
From:forged
Subject:chosen from
<none>
approved
corrected
hello
here
hi
important
improved
patched
Administration
Bad Request
Delivery Protection
Delivery Server
Encripted Mail
Error
Extended Mail
Extended Mail System
Failure
Mail Authentification
Mail Server
Notify
Protected Mail Delivery
Protected Mail Request
Protected Mail System
Secure delivery
Secure SMTP Message
SMTP Server
Status
Thank you for delivery
read it immediately
Thanks!
Message text:constructed from the following
Bad Gateway: The message has been attached.
Delivered message is attached.
Encrypted message is available.
ESMTP [Secure Mail System #334]: Secure message is attached.
First part of the secure mail is available.
Follow the instructions t read the message.
For further details see the attachment.
For more details see the attachment.
Forwarded message is available.
New message is available.
Now a new message is available.
Partial message is available. Waiting for a Response. Please read the attachment.
Please authenticate the secure message.
Please confirm my request.
Please read the attachment t get the message.
Protected Mail System Test.
Protected message is attached.
Protected message is available.
Secure Mail System Beta Test.
SMTP: Please confirm the attached message.
Waiting for authentification.
You got a new message.
You have received an extended message. Please read the instructions.
Your requested mail has been attached.
Authentication required.
I have attached your document.
Please see the attached file for details.
I have received your document. The corrected document is attached.
Please confirm the document.
Please read the attached file!
Please read the attached file!
Please read the document.
Please read the important document.
Requested file.
See the file.
Your details.
Your document is attached t this mail.
Your document is attached.
Your document.
Your file is attached.
+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com
+++ Bitdefender AntiVirus - www.bitdefender.com
+++ MC-Afee AntiVirus - www.mcafee.com
+++ Kaspersky AntiVirus - www.kaspersky.com
+++ Panda AntiVirus - www.pandasoftware.com
++++ Norman AntiVirus - www.norman.com
++++ F-Secure AntiVirus - www.f-secure.com
++++ Norton AntiVirus - www.symantec.de
Attached file:chosen from
data.zip
details.zip
document.zip
Message.zip
msg.zip
readme.zip
that contains one of the following files:
Document.txt <spaces>.exe
Delails.doc <spaces>.exe
Data.txt <spaces>.exe
Readme.txt <spaces>.exe

http://www.sophos.com/virusinfo/analyses/w32wurmarkn.html

Collapse -
Troj/Dloader-VH

In reply to: VIRUS ALERTS - September 30, 2005

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.