VIRUS \ Spyware ALERTS - November 9, 2008

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadei.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadeh.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohv.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentier.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentieq.html?_log_from=rss

Category Viruses and Spyware

Type Trojan


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiep.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentieo.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentien.html?_log_from=rss

Aliases Trojan-Downloader.Win32.Agent.afzg

Category Viruses and Spyware

Type Trojan

Troj/AdClick-FA is a Trojan for the Windows platform.

Troj/AdClick-FA includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/AdClick-FA is installed the following files are created:

<Startup>\DW_Start.lnk
<System>\dwwnw64r.exe
<System>\msnav32.ax

The following registry entry is created to run dwwnw64r.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
{A0-0E-EE-E6-DW}
<System>\dwwnw64r.exe DWmmm01

http://www.sophos.com/security/analyses/viruses-and-spyware/trojadclickfa.html?_log_from=rss

Obama Malware Spam Targets Latin America

Malware criminals are continuing to attempt to exploit the intense media coverage involving the election of Barack Obama to the U.S. Presidency. A very recent spam run has already hit American online users ? now a new and different spam run targeting Latin American online users was also recently discovered.

Spammers have added some genuine global concerns in their social engineering techniques this time. Obama?s election indeed has implications for other nations besides the United States. Spammed messages, written in Spanish, carry the following message when translated in English:

More: http://blog.trendmicro.com/

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobaqu.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/JSRedir-E is a malicious JavaScript Trojan.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredire.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealejs.html?_log_from=rss

Category Viruses and Spyware

Type Malicious Behavior

Mal/Renos-D is a malicious program for the Windows platform.

Detection for members of Mal/Renos-D is behavior based. It is extremely important that customers report detections of Mal/Renos-D to Sophos and send a sample for analysis.

http://www.sophos.com/security/analyses/viruses-and-spyware/malrenosd.html?_log_from=rss

Category Viruses and Spyware

Type Worm

W32/Autorun-NY copies itself to <System>\chrome.exe and <Windows>\chrome.exe.

W32/Autorun-NY schedules itself to run every day at 9:00AM.

W32/Autorun-NY sets the following registry values:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NofolderOptions

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools

W32/Autorun-NY creates the following registry value

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo Messengger
<System>\chrome.exe

W32/Autorun-NY changes the default page, the default search page and the start page for Internet Explorer.

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunny.html?_log_from=rss

Alert ID : FrSIRT/ALRT-2008-06918
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-09


Description

Suspicious.Farfli is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.

References

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-103115-5014-99

Credits

Reported by Symantec

Alert ID : FrSIRT/ALRT-2008-06917
Aliases : N/A
Size : Varies
Rated as : Low Risk
Release Date : 2008-11-09


Description

Trojan.Pidief.D is a Trojan horse that exploits the Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability (BID 30035) to download and execute files from the Internet.

References

http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-110718-5133-99

Credits

Reported by Symantec

Alert ID : FrSIRT/ALRT-2008-06909
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-09


Description

Technical details and description are not available at this time.

References

http://www.sophos.com/security/analyses/viruses-and-spyware/trojntrootkec.html

Credits

Reported by Sophos

Alert ID : FrSIRT/ALRT-2008-06901
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2008-11-09


Description

Technical details and description are not available at this time.

References

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbhohv.html

Credits

Reported by Sophos