1/26: EncPk-NI Disguises Itself as Security Product--and Other Threats You Should Know About

Backdoor.Tidserv!gen2 Heuristic Detection

Backdoor.Tidserv!gen2 is a heuristic detection used to detect threats associated with the Backdoor.Tidserv family. More information can be found at this Symantec page.

W32.Qakbot!zip Downloads from Remote Server

W32.Qakbot!zip is a detection for password protected zip files that W32.Qakbot downloads from a remote server. More information can be found at this Symantec page.

W32.Zimuse.B Overwrites Master Boot Record

W32.Zimuse.B is a worm that deletes files and overwrites the master boot record of the compromised computer. More information can be found at this Symantec page.

EncPk-NI Disguises Itself as Security Product

EncPk-NI is a malicious packed executable, often pretending to be a security product. More information can be found at this Sophos page.

FakeAV-BV Affects Windows

FakeAV-BV is a program with attributes common to rogue security applications. More information can be found at this Sophos page.

Agent-MGY Installs in Registry

Agent-MGY is a Trojan for the Windows platform. It includes functionality to run automatically; start services; and create files in the <System> folder. More information can be found at this Sophos page.

Buzus-CE Creates Malicious File in System Folder

Buzus-CE is a Trojan for the Windows platform. It includes functionality to run automatically.  When installed it creates the file <System>sdra64.exe. More information can be found at this Sophos page.

DwnLdr-IAI Steals Confidential Information

DwnLdr-IAI is a Trojan for the Windows platform. It includes functionality to run automatically; steal confidential information; access the internet and communicate with a remote server via HTTP. More information can be found at this Sophos page.

DwnLdr-IAJ Copies Itself to Windows Folder

DwnLdr-IAJ is a Trojan for the Windows platform. It includes functionality to copy itself to the <WINDOWS> folder and run automatically. When installed it copies itself to the file <Windows>msa.exe. More information can be found at this Sophos page.

FakeAV-ARW Registers System Drivers

FakeAV-ARW is a Trojan for the Windows platform. It includes functionality to run automatically and register system drivers. More information can be found at this Sophos page.