 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Troj/PDFex-V
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojpdfexv.html?_log_from=rss
Discussion is locked
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbvv.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/PhishExe-A is a script to download a malicious executable, usually seen on banking-related phishing sites.
http://www.sophos.com/security/analyses/viruses-and-spyware/malphishexea.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/batspada.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunlz.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframebg.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
Characteristics Drops more malware
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdrpagen.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Mal/RKFarfli-B is a malicious program with rootkit functionality.
http://www.sophos.com/security/analyses/viruses-and-spyware/malrkfarflib.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/maldorfs.html?_log_from=rss
Category Viruses and Spyware
Type Malicious Behavior
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/maldorfr.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunma.html?_log_from=rss
Category Viruses and Spyware
Type Worm
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autoitaa.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/FakeVir-GL is a Trojan for the Windows platform.
Troj/FakeVir-GL creates the files:
<Windows>\brastk.exe - detected as Troj/FakeVir-GL
<Windows>\karna.dat - detected as Mal/EncPk-BB
<System>\beep.sys - detected as Mal/FakeAle-C
The following registry entries are set:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
karna.da
HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
brastk
<Windows>\brastk.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakevirgl.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojqhostaa.html?_log_from=rss
Aliases Trojan-SMS.J2ME.Konov
Category Viruses and Spyware
Type Trojan
Troj/Konov-A is is a J2ME Trojan that runs on certain mobile phones.
The Trojan sends SMS messages to premium rate numbers.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojkonova.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/JSRedir-C is a malicious script embedded within a web page that attempts to redirect the user to a remote site.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirc.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojcinmusgen.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Bckdr-QPX is a Trojan for the Windows platform.
When run Troj/Bckdr-QPX copies itself to:
<Start Up>\Adobe Gamma Loader.com
<Program Files>\Microsoft Office\WINWORD.EXE
<Program Files>\mIRC\IRC Bot\services.exe
and creates the files:
<Program Files>\mIRC\IRC Bot\Anjing_Malingsia.sys - can be deleted
<Program Files>\mIRC\IRC Bot\*******.sys - can be deleted
<Program Files>\mIRC\IRC Bot\Channel_Babi.sys - can be deleted
<Program Files>\mIRC\IRC Bot\control.ini - can be deleted
<Program Files>\mIRC\IRC Bot\****.sys - can be deleted
<Program Files>\mIRC\IRC Bot\kontol.mrc - can be deleted
<Program Files>\mIRC\IRC Bot\Nama_Anjing.sys - can be deleted
<Program Files>\mIRC\IRC Bot\Nama_Babi.sys - can be deleted
<Program Files>\mIRC\IRC Bot\perampok_budaya.sys - can be deleted
<Program Files>\mIRC\IRC Bot\remote.ini - can be deleted
<Program Files>\mIRC\IRC Bot\Stupid.sys - can be deleted
<Program Files>\mIRC\IRC Bot\svchost.exe - detected as Troj/Bckdr-QPX
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbckdrqpx.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Agent-HXS is a Trojan for the Windows platform.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagenthxs.html?_log_from=rss
Category Viruses and Spyware
Type Worm
VBS/AutoRun-IT is a script worm that spreads via removable drives.
When run VBS/AutoRun-IT copies itself to <System>\prnjobt.vbe and <Root>\Mc~.vbe.
VBS/AutoRun-IT also creates the file <Root>\autorun.inf (also detected as VBS/AutoRun-IT).
http://www.sophos.com/security/analyses/viruses-and-spyware/vbsautorunit.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Iframe-BA is a malicious script within a web page that downloads other malware.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiframeba.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Troj/Gida-D is a Shockwave Flash Trojan.
When browsing a web page containing Troj/Gida-D, the Trojan will attempt to redirect the browser to another rogue web page.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojgidad.html?_log_from=rss
Category Viruses and Spyware
Type Trojan
Affected operating systems Windows
http://www.sophos.com/security/analyses/viruses-and-spyware/trojbankerent.html?_log_from=rss
Category Adware or PUA
Type Adware
Affected operating systems Windows
http://www.sophos.com/security/analyses/adware-and-puas/alottoolbar.html?_log_from=rss
Type: Trojan, Virus
Bloodhound.Exploit.209 is a heuristic detection for files attempting to exploit Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability (BID 3161
.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-101520-3112-99
Type: Trojan, Virus
Bloodhound.Exploit.210 is a heuristic detection for files attempting to exploit Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability (BID 31617).
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-101521-2736-99
Type: Trojan, Virus
Bloodhound.Exploit.211 is a heuristic definition for files that attempt to exploit Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability (BID 31705).
http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-101521-2816-99
Report warns of new threats on the horizon
Written by Iain Thomson in San Francisco
vnunet.com, 16 Oct 2008
The hacking community is outpacing the security industry, and different sectors of the IT community need to work together more closely to narrow the gap, warns a new report from the influential Georgia Tech Information Security Center (GTISC).
A GTISC panel comprising members of the government, IT specialists and academics warned in its 2008 Emerging Cyber Threats Report (PDF) that existing systems are falling behind hacking techniques, which are becoming more popular and effective.
More: http://www.vnunet.com/vnunet/news/2228330/security-industry-falling
16 October 2008
Serious Badsrc Magic
At the end of last week SophosLabs discovered that Adobe?s website was linking to a site infected with Mal/Badsrc-C. The infection had been encountered by a business partner of ours who - thankfully - had been defended from the infection by our security software.
Digging deeper, we discovered that the infected site was actually now part of the Adobe empire following an acquisition. Some of the infected webpages have subsequently been rebranded but the underlying databases serving the site are still riddled with infections.
More: http://www.sophos.com/security/blog/2008/10/1863.html
16 October 2008
You would?ve thought that most of these spammers/malware authors would have given up by now. But no?. the Anjelina (spelling, people!) Jolie malware/spam campaign continues to rumble on unabashedly.
This time, a huge spammed out malware campaign manifested itself in the form of an email with the subject line ?New anjelina jolie sex scandal? (yeah, right) and with an attachment filename of ?anjelina.exe? (detected by Sophos as Troj/FakeVir-GL).
In this instance, Troj/FakeVir-GL is a Trojan that attempts to disguise itself as a fake antivirus warning message (no less dissimilar to this Trojan or this Trojan) that pops up on the system tray of the infected computer (eagle-eyed viewers would have instantly noticed the bad spelling mistakes in the warning message).
More: http://www.sophos.com/security/blog/2008/10/1856.html
Aliases Generic FakeAlert.d
Backdoor.Win32.UltimateDefender.su
Category Viruses and Spyware
Type Trojan
Troj/FakeAV-ET is a Trojan for the Windows platform.
When Troj/FakeAV-ET is installed the following files are created:
<Current Folder>\delself.bat
<System>\brastk.exe
<System>\dllcache\beep.sys
<System>\dllcache\figaro.sys
The files beep.sys and figaro.sys are detected as Mal/FakeAle-C.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavet.html?_log_from=rss
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic