VIRUS \ Spyware ALERTS - November 10, 2008

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiey.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiex.html?_log_from=rss

Alert ID : FrSIRT/ALRT-2008-06958
Aliases : N/A
Size : Varies
Rated as : Low Risk
Release Date : 2008-11-10


Description

This malicious SWF object may be downloaded from remote site(s) by the following malware:.

References

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=SWF_EXPLOIT.CR

Credits

Reported by Trend Micro

Alert ID : FrSIRT/ALRT-2008-06923
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-10


Description

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted.

References

http://vil.nai.com/vil/content/v_153330.htm

Credits

Reported by McAfee

Alert ID : FrSIRT/ALRT-2008-06957
Aliases : Troj/Keylog-KU
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-10


Description

Infostealer.Keylog.KU is a Trojan horse that gathers confidential information and may lower security settings.

References

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-111017-2529-99

Credits

Reported by Symantec

Monday, November 10, 2008

We came across a rogue today called Antivirus Professional 2008 that uses GeoIP Lookup as part of its scare tactics.

This site uses Flash and script to create the effect of an online scan, that then attempts to push an installer at the visitor.

The NoScript extension for Mozilla Firefox is an excellent way to mitigate against this kind of garbage.

More: http://www.f-secure.com/weblog/

Aliases Generic ProcKill.c

Category Viruses and Spyware

Type Trojan

Troj/Killav-DQ is a Trojan for the Windows platform.

Troj/Killav-DQ contains functionality to turn off anti-virus applications.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojkillavdq.html?_log_from=rss

Aliases Hoax.Win32.Renos.ffg
Trojan.Secup

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirhf.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirhe.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavge.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/DNSCha-D changes the DNS and DHCP settings of the local computer.

Troj/DNSCha-D contains functionality to stealth itself.

Troj/DNSCha-D copies itself to <System>\kdtge.exe.

Troj/DNSCha-D edits the following registry value

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System
kdtge.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdnschad.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbzc.html?_log_from=rss

Aliases TR/Crypt.PEPM.Gen
TrojanDownloader:Win32/Small.gen!F

Category Viruses and Spyware

Type Trojan

Troj/Dloadr-BZB is a downloader Trojan for the Windows platform.

Troj/Dloadr-BZB is a modified version of an NVIDIA Driver.

Troj/Dloadr-BYZ renames the clean NVIDIA Driver <System>\nvsvc32.exe to <System>\nvsvc32.exe.tmp and copies itself to <System>\nvsvc32.exe, thus replacing the existing NVIDIA Driver with itself.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbzb.html?_log_from=rss

Aliases Trojan-Downloader.Win32.Agent.akph
TrojanDownloader:Win32/Small.gen!F
Trojan:Win32/Meredrop
Backdoor:WinNT/Farfli.E!sys

Category Viruses and Spyware

Type Trojan

Troj/Dloadr-BYZ is a downloader Trojan for the Windows platform.

When first run Troj/Dloadr-BYZ moves itself to <System>\vssrvc.exe and creates the file <System>\usbdisk.sys.

Troj/Dloadr-BYZ is registered as a new file system driver service named "VistualPC", with a display name of "Vistual PC" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\VistualPC

The file usbdisk.sys is registered as a new system driver service named "usbdisk", with a display name of "usbdisk" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\usbdisk

Troj/Dloadr-BYZ renames the clean system file <System>\nvsvc32.exe to <System>\nvsvc32.exe.tmp and drops a new replacement file named nvsvc32.exe.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbyz.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdredz.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentifa.html?_log_from=rss

Category Adware or PUA

Type Unspecified PUA

Perfect Keylogger is a potentially unwanted application.

Perfect Keylogger has the functionality to monitor system activities such as key strokes.

http://www.sophos.com/security/analyses/adware-and-puas/perfectkeylogger.html?_log_from=rss

Category Adware or PUA

Type Hacking Tool

FindKeyXP is a potentially unwanted application.

It attempts to recover keys for Windows XP.

http://www.sophos.com/security/analyses/adware-and-puas/findkeyxp.html?_log_from=rss