Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 16, 2008

Oct 15, 2008 2:56PM PDT

Discussion is locked

- Collapse -
Troj/Dloadr-BVV
Oct 15, 2008 2:57PM PDT
- Collapse -
Mal/PhishExe-A
Oct 15, 2008 2:58PM PDT
- Collapse -
Bat/Spad-A
Oct 15, 2008 3:09PM PDT
- Collapse -
W32/AutoRun-LZ
Oct 15, 2008 3:15PM PDT
- Collapse -
Troj/IFrame-BG
Oct 15, 2008 3:16PM PDT
- Collapse -
Troj/DrpA-Gen
Oct 15, 2008 3:17PM PDT
- Collapse -
Mal/RKFarfli-B
Oct 15, 2008 3:18PM PDT
- Collapse -
Mal/Dorf-S
Oct 15, 2008 3:19PM PDT
- Collapse -
Mal/Dorf-R
Oct 15, 2008 3:20PM PDT
- Collapse -
W32/AutoRun-MA
Oct 15, 2008 3:59PM PDT
- Collapse -
W32/AutoIt-AA
Oct 15, 2008 4:01PM PDT
- Collapse -
Troj/FakeVir-GL
Oct 15, 2008 4:02PM PDT

Category Viruses and Spyware

Type Trojan

Troj/FakeVir-GL is a Trojan for the Windows platform.

Troj/FakeVir-GL creates the files:

<Windows>\brastk.exe - detected as Troj/FakeVir-GL
<Windows>\karna.dat - detected as Mal/EncPk-BB
<System>\beep.sys - detected as Mal/FakeAle-C

The following registry entries are set:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
karna.da

HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
brastk
<Windows>\brastk.exe

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirgl.html?_log_from=rss

- Collapse -
Troj/Qhost-AA
Oct 16, 2008 1:33AM PDT
- Collapse -
Troj/Konov-A
Oct 16, 2008 1:34AM PDT
- Collapse -
Troj/JSRedir-C
Oct 16, 2008 1:35AM PDT
- Collapse -
Troj/Cinmus-Gen
Oct 16, 2008 1:36AM PDT
- Collapse -
Troj/Bckdr-QPX
Oct 16, 2008 1:37AM PDT

Category Viruses and Spyware

Type Trojan

Troj/Bckdr-QPX is a Trojan for the Windows platform.

When run Troj/Bckdr-QPX copies itself to:

<Start Up>\Adobe Gamma Loader.com
<Program Files>\Microsoft Office\WINWORD.EXE
<Program Files>\mIRC\IRC Bot\services.exe

and creates the files:

<Program Files>\mIRC\IRC Bot\Anjing_Malingsia.sys - can be deleted
<Program Files>\mIRC\IRC Bot\*******.sys - can be deleted
<Program Files>\mIRC\IRC Bot\Channel_Babi.sys - can be deleted
<Program Files>\mIRC\IRC Bot\control.ini - can be deleted
<Program Files>\mIRC\IRC Bot\****.sys - can be deleted
<Program Files>\mIRC\IRC Bot\kontol.mrc - can be deleted
<Program Files>\mIRC\IRC Bot\Nama_Anjing.sys - can be deleted
<Program Files>\mIRC\IRC Bot\Nama_Babi.sys - can be deleted
<Program Files>\mIRC\IRC Bot\perampok_budaya.sys - can be deleted
<Program Files>\mIRC\IRC Bot\remote.ini - can be deleted
<Program Files>\mIRC\IRC Bot\Stupid.sys - can be deleted
<Program Files>\mIRC\IRC Bot\svchost.exe - detected as Troj/Bckdr-QPX

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqpx.html?_log_from=rss

- Collapse -
Troj/Agent-HXS
Oct 16, 2008 1:38AM PDT
- Collapse -
VBS/AutoRun-IT
Oct 16, 2008 1:39AM PDT
- Collapse -
Troj/Iframe-BA
Oct 16, 2008 1:40AM PDT
- Collapse -
Troj/Gida-D
Oct 16, 2008 1:41AM PDT
- Collapse -
Troj/Banker-ENT
Oct 16, 2008 1:42AM PDT
- Collapse -
Alot Toolbar
Oct 16, 2008 1:43AM PDT
- Collapse -
Bloodhound.Exploit.209
Oct 16, 2008 2:29AM PDT
- Collapse -
Bloodhound.Exploit.210
Oct 16, 2008 2:31AM PDT
- Collapse -
Bloodhound.Exploit.211
Oct 16, 2008 2:32AM PDT
- Collapse -
Security industry falling behind the hackers
Oct 16, 2008 2:34AM PDT

Report warns of new threats on the horizon

Written by Iain Thomson in San Francisco

vnunet.com, 16 Oct 2008


The hacking community is outpacing the security industry, and different sectors of the IT community need to work together more closely to narrow the gap, warns a new report from the influential Georgia Tech Information Security Center (GTISC).

A GTISC panel comprising members of the government, IT specialists and academics warned in its 2008 Emerging Cyber Threats Report (PDF) that existing systems are falling behind hacking techniques, which are becoming more popular and effective.

More: http://www.vnunet.com/vnunet/news/2228330/security-industry-falling

- Collapse -
Mal/Badsrc-C.
Oct 16, 2008 2:36AM PDT

16 October 2008

Serious Badsrc Magic
At the end of last week SophosLabs discovered that Adobe?s website was linking to a site infected with Mal/Badsrc-C. The infection had been encountered by a business partner of ours who - thankfully - had been defended from the infection by our security software.

Digging deeper, we discovered that the infected site was actually now part of the Adobe empire following an acquisition. Some of the infected webpages have subsequently been rebranded but the underlying databases serving the site are still riddled with infections.

More: http://www.sophos.com/security/blog/2008/10/1863.html

- Collapse -
Not Another Anjelina Jolie Malware Campaign
Oct 16, 2008 2:38AM PDT

16 October 2008

You would?ve thought that most of these spammers/malware authors would have given up by now. But no?. the Anjelina (spelling, people!) Jolie malware/spam campaign continues to rumble on unabashedly.

This time, a huge spammed out malware campaign manifested itself in the form of an email with the subject line ?New anjelina jolie sex scandal? (yeah, right) and with an attachment filename of ?anjelina.exe? (detected by Sophos as Troj/FakeVir-GL).

In this instance, Troj/FakeVir-GL is a Trojan that attempts to disguise itself as a fake antivirus warning message (no less dissimilar to this Trojan or this Trojan) that pops up on the system tray of the infected computer (eagle-eyed viewers would have instantly noticed the bad spelling mistakes in the warning message).

More: http://www.sophos.com/security/blog/2008/10/1856.html

- Collapse -
Troj/FakeAV-ET
Oct 16, 2008 5:42AM PDT

Aliases Generic FakeAlert.d
Backdoor.Win32.UltimateDefender.su

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-ET is a Trojan for the Windows platform.

When Troj/FakeAV-ET is installed the following files are created:

<Current Folder>\delself.bat
<System>\brastk.exe
<System>\dllcache\beep.sys
<System>\dllcache\figaro.sys

The files beep.sys and figaro.sys are detected as Mal/FakeAle-C.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavet.html?_log_from=rss