VIRUS \ Spyware ALERTS - October 24, 2008

October 24, 2008

Newsflash: Sarah Palin may no longer be the most famous victim of electronic crime. French President Nicolas Sarkozy found himself a contender for that dubious title following news reports that hackers managed to steal some money from his personal bank account.

While it is not yet clear how Sarkozy?s account information was stolen, some analysts speculate that it was not a classic phishing attack. It?s more likely that Sarkozy?s credit card information was stolen at some point in time?perhaps during one of his many trips abroad?and sold as just one of the many thousands of similarly compromised accounts. This is known as carding.

More: http://blog.trendmicro.com/

Category Viruses and Spyware

Type Malicious Behavior

Affected operating systems Windows
Characteristics Drops more malware


http://www.sophos.com/security/analyses/viruses-and-spyware/malpdfexb.html

Aliases Trojan-Downloader.Win32.Agent.aknt

Category Viruses and Spyware

Type Trojan

Troj/Agent-IAD is a Trojan for the Windows platform.

When first run Troj/Agent-IAD copies itself to <Windows>\9129837.exe and creates the following file:

<Windows>\new_drv.sys

The file new_drv.sys is detected as Troj/Rootkit-DK.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiad.html

Category Viruses and Spyware

Type Trojan


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiaf.html

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbwx.html

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakealeiv.html

Category Viruses and Spyware

Type Virus


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/w32huhkc.html

Aliases Backdoor.Win32.Rbot.viy

Category Viruses and Spyware

Type Worm

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotgxe.html

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojautoitac.html

Aliases TrojanDownloader:JS/SetSlice
JS/Dldr.Small.CR.2

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsdownlp.html

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmeredropb.html

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentias.html?_log_from=rss

Category Viruses and Spyware

Type Worm

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunmt.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojzlobapt.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Troj/RKRun-Gen is a family of rootkit Trojans for the Windows platform.

Members of Troj/RKRun-Gen are often dropped as the file <System>\drivers\runtime2.sys and are usually registered as a system driver service named "runtime2" with registry entries set under:

HKLM\SYSTEM\CurrentControlSet\Services\runtime2

Members of Troj/RKRun-Gen are often installed along with a file called startdrv.exe, often found in the Temp subfolder of the Windows folder.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojrkrungen.html?_log_from=rss

Category Viruses and Spyware

Type Trojan


Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojmetajuana.html?_log_from=rss

Aliases TrojanSpy:Win32/Gimmiv.A
TrojanSpy:Win32/Gimmiv.A.dll

Category Viruses and Spyware

Type Trojan

Troj/Gimmiv-A is a Trojan for the Windows platform.

When Troj/Gimmiv-A is run, the following file is dropped:

<System>\wbem\sysmgr.dll

This file is also detected as Troj/Gimmiv-A

http://www.sophos.com/security/analyses/viruses-and-spyware/trojgimmiva.html?_log_from=rss

Aliases Win32.Agent.ais
TrojanDownloader:Win32/Renos.EN

Category Viruses and Spyware

Type Trojan

Troj/FakeAV-FJ is a Trojan for the Windows platform.

When installed, Troj/FakeAV-FJ presents the user with several popups warning of fictitious system and security problems.

Troj/FakeAV-FJ attempts to download additional code via HTTP from a remote server.

Troj/FakeAV-FJ alters the following registry entries:

HKLM\SOFTWARE\Mozilla\MSFOX\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MSFox\


http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavfj.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavfi.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdwnldrhjn.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrbwy.html?_log_from=rss

Category Viruses and Spyware

Type Trojan

Affected operating systems Windows

http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentiar.html?_log_from=rss