W32.HLLW.Oror.D@mm is a variant of W32.HLLW.Oror@mm. This worm attempts to spread through email, mIRC, KaZaA, network shares, and mapped drives. It tries to end and remove various security products from the infected computer. This threat is is compressed with UPX. The uncompressed size is about 160 KB.
Symantec presently gives the worm an overall low threat rating. For more information, visit this Symantec page.
Klez Back in Different Variants
F-Secure issued several alerts on four viruses Wednesday.
The first is for Klez.H, a new version of the Klez worm that began circulating from various parts of Asia on April 17, 2002. A week after its discovery Klez.H is still globally spread and F-Secure is giving it a level two (serious) ranking, due to the large number of infections.
This worm, like its previous versions, sends e-mail messages with randomly named attachments and subject fields. The Klez.H variant is very close to Klez.E, F and G worm variants. (Note: MessageLabs is rating the Klez.H variant as the most prevalent virus for the week. Visit MessageLabs to find out more.) Read about the differences F-Secure's Virus Research Team found in Klez.H variant compared to previous versions and view a screenshot of what the Klez messages could look like here.
Klez.E also is out, and is another variant of the Klez worm that was first discovered on Jan. 17, 2002. The worm is "version 2.0," according to its author's classification and has several new features compared with the older variants. But the worm still has bugs that remained from previous versions.
Read about the differences from the original version on this F-Secure page.
The third virus is Klez, a mass-mailer worm that drops a polymporphic EXE virus called ElKern. F-Secure has produced an online video showing step-by-step instructions for how to get rid of the Klez worm.
And an alert has been issued for Blitzdung, a mass-mailing worm that tries to send itself to all users found from the Yahoo! Messenger log file as well as on any IRC channel that the user visits.
In addition to spreading itself, the worm copies itself to windows root directory, tries to drop Elkern.C virus and Y3KRat backdoor and on certain dates tries to overwrite windows system files. Blitzdung is considered to be a low threat since it relies on the existence of Yahoo! messenger and older version of WinZip utilities so the worm is not capable of spreading from most systems.
For more information on Blitzdung, visit this F-Secure page.
Valentine Virus AdwareDropper-A Circulating
AdwareDropper-A is an Adware-dropping Trojan, according to McAfee, which is giving the Trojan a low risk rating.
When run, it installs a Macromedia Flash "card," and three Adware DLL files that are Internet Explorer Browser Helper Objects, designed to display advertisements, track the URLs visited on the system, capture typed search strings, and alter the browser's default start page.
These DLL files are not considered to be malicious, but are likely used for marketing purposes. As the main installer executable does not contain any end-user license agreement, it is considered malicious. The following message is believed to have been spammed to a number of users.
From: cupid@valentines-ecard.com
Body:
CLICK HERE TO DOWNLOAD YOUR CARD
"You have been sent a Valentines card from Secret admirer. Please click the link below to view it. You will require flash to view it properly."
For removal instructions visit this McAfee Web page.
Egrof Trojan Reported
Egrof is a Trojan that saves the data of the users of the America Online (AOL) instant messaging service in a file, according to Panda Software. The data it captures is the user name and password. An attacker could use this information to access the connection accounts of affected users.
Egrof uses various means to spread, including e-mail messages with an infected document, computer networks, CD-ROMs, Internet downloads, FTP and floppy disks.
For more information, check this Panda Software page.
Compiled by Esther Shein.
Loading Comments...