12/16: Sohana Worm and More

Round-up of today's threat alerts.

High Risk Vulnerability to Adobe Reader and Acrobat

Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions. More information can be found at this Symantec page.

ProcKill-FD Adds Registry Key

ProcKill-FD is a Trojan affecting Windows. Upon execution, it drops itself to the %WINDIR%system32 directory. It then adds a registry key to execute again after reboot. More information can be found at this McAfee page.

Exploit-PDF.ag Executes Malicious Downloaded

Exploit-PDF.ag exploits a vulnerability in Adobe Reader. It drops and executes a malicious downloader currently detected as Generic Downloader.fg. More information can be found at this McAfee page.

Agent-LZE Infects Windows

Agent-LZE is a Trojan for the Windows platform. More information can be found at this Sophos page.

Bancos-BGP Communicates via Remote Server

Bancos-BGP is a Trojan for the Windows platform. It includes functionality to steal confidential information as well as access the Internet and communicate with a remote server via HTTP. More information can be found at this Sophos page.

Mdrop-CJG Trojan Affecting Windows

Mdrop-CJG is a Trojan for the Windows platform. It includes functionality to steal confidential information. More information can be found at this Sophos page.

Mdrop-CJH Steals Confidential Information

Mdrop-CJH is a Trojan for the Windows platform. It includes functionality to steal confidential information. More information can be found at this Sophos page.

AutoIt-HL Creates File in the Root Folder

AutoIt-HL is a worm for the Windows platform. It includes functionality to run automatically and steal confidential information. More information can be found at this Sophos page.

Sohana-CX Copies in Registry

Sohana-CX is a worm for the Windows platform. It includes functionality to copy itself to the Windows and System folders. More information can be found at this Sophos page.

Sohana-CY Drops Malware

Sohana-CY is a worm for the Windows platform. It includes functionality to copy itself to the Windows and System folders, run automatically, and steal confidential information. More information can be found at this Sophos page.

Loading Comments...

Comment and Contribute

Hunt is Ongoing for Conficker Authors

By eSecurityPlanet Staff

December 15, 2009

The Conficker Working Group is monitoring the botnet for signs of life.

» Read Article

12/16: Sohana Worm and More

Round-up of today's threat alerts.

High Risk Vulnerability to Adobe Reader and Acrobat

ProcKill-FD Adds Registry Key

Exploit-PDF.ag Executes Malicious Downloaded

Agent-LZE Infects Windows

Bancos-BGP Communicates via Remote Server

Mdrop-CJG Trojan Affecting Windows

Mdrop-CJH Steals Confidential Information

AutoIt-HL Creates File in the Root Folder

Sohana-CX Copies in Registry

Sohana-CY Drops Malware

Loading Comments...

Related Articles

Hunt is Ongoing for Conficker Authors

Topic Centers

Articles by Type

Contact Us

More Security

12/16: Sohana Worm and More

Round-up of today's threat alerts.

High Risk Vulnerability to Adobe Reader and Acrobat

ProcKill-FD Adds Registry Key

Exploit-PDF.ag Executes Malicious Downloaded

Agent-LZE Infects Windows

Bancos-BGP Communicates via Remote Server

Mdrop-CJG Trojan Affecting Windows

Mdrop-CJH Steals Confidential Information

AutoIt-HL Creates File in the Root Folder

Sohana-CX Copies in Registry

Sohana-CY Drops Malware

Loading Comments...

Related Articles

Hunt is Ongoing for Conficker Authors

Most Recent Alerts Articles

Topic Centers

Articles by Type

Contact Us

More Security