Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VIRUS \ Spyware ALERTS - October 8, 2008

Oct 7, 2008 2:45PM PDT

Discussion is locked

- Collapse -
Troj/Agent-HVW
Oct 8, 2008 2:10AM PDT
- Collapse -
Troj/JSShell-B
Oct 8, 2008 7:31AM PDT
- Collapse -
Troj/Gina-AN
Oct 8, 2008 7:32AM PDT
- Collapse -
Troj/FakeAle-ID
Oct 8, 2008 7:33AM PDT
- Collapse -
Troj/Dloadr-BVC
Oct 8, 2008 7:34AM PDT
- Collapse -
Troj/Dloadr-BVB
Oct 8, 2008 7:36AM PDT
- Collapse -
Troj/Agent-HWE
Oct 8, 2008 7:36AM PDT
- Collapse -
Troj/Agent-HWD
Oct 8, 2008 7:37AM PDT
- Collapse -
Troj/Agent-HWC
Oct 8, 2008 7:38AM PDT
- Collapse -
TROJ_SMALL.MJZ and TROJ_AGENT.ARNU,
Oct 8, 2008 7:45AM PDT

Fake SSL Certificates Seen Again

Online banks use cryptographic protocols to secure the exchange of information on the Web, and hackers do not hesitate to adapt to this technology too. A new case of fake SSL (Secure Sockets Layer) certificates appeared again, following phishing threats we?ve seen last April and May (see our blog posts about fake digital certificates, rock phishing, and a similar attack on Merrill Lynch).

This time, the website of Open Banks Enterprises was faked by malware authors using Rock Phish Kit. The spoofed website, shown in the following screenshot, displays multiple banks that are included in the open bank community:

More: http://blog.trendmicro.com/

- Collapse -
W32/Autorun-LD
Oct 8, 2008 9:05AM PDT

Category Viruses and Spyware

Type Worm

W32/Autorun-LD is a worm for the Windows platform.

The worm spreads via removable media devices. W32/Autorun-LD also can be controlled by a remote attacker over IRC channels.

When run, the worm copies itself to

<Root>\RESTORE\<S-numbers>\ROX.exe

and creates the file

<Root>\RESTORE\<S-numbers>\Desktop.ini

This file is not malicious and may be deleted.

W32/Autorun-LD also creates the file autorun.inf on removable media devices. This file is detected as W32/Autorun-LD.

W32/Autorun-LD sets the following registry entry:

HKCR\.key
""
regfile

http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunld.html?_log_from=rss

- Collapse -
Troj/Iframe-BA
Oct 8, 2008 9:06AM PDT
- Collapse -
Troj/Dloadr-BVF
Oct 8, 2008 9:07AM PDT
- Collapse -
Troj/Dloadr-BVD
Oct 8, 2008 9:08AM PDT