dcsimg

Malware: Archive: October 2007 

10/31: Iretsim Worm Copies Itself to Removable Drives

W32.Iretsim is a worm that spreads by copying itself to removable drives.

10/31: VBS/Edibara@M Virus Executes, Creates Files

VBS/Edibara@M is a virus that once executed, creates files.

10/31: Trojan.Captchar.A Records Keystrokes

Trojan.Captchar.A is a Trojan horse that records keystrokes in order to collect captcha data, which may be used to generate accounts for legitimate Web sites.

10/31: ConHook-AH Trojan Contacts Remote Server Via HTTP

Troj/ConHook-AH is a Trojan for the Windows platform.

10/31: Proxy-Agent.bh Trojan Creates Registry Key

Proxy-Agent.bh is a Trojan that upon execution runs silently; no gui messages appear on the screen.

10/31: Nuwar.HU Worm Ends Security Processes

Nuwar.HU is a worm whose main objective is to end security processes related with antivirus and firewalls.

10/31: Trojan.Qhosts.E Modifies Hosts File

Trojan.Qhosts.E is a Trojan horse that modifies the hosts file on the compromised computer.

10/30: Backdoor.Darkmoon.F Trojan Opens Door on TCP Port

Backdoor.Darkmoon.F is a Trojan horse that opens a back door on TCP port 1328 on the compromised computer.

10/30: Expl_Pidief.D Exploit Code Arrives as Attachment

Expl_Pidief.D is exploit code that arrives as an attachment to email messages spammed by another malware or a malicious user.

ESET Updates Antivirus For Network Scanning

The company integrates its antivirus engine with a firewall to watch all traffic flowing in and out of the computer.

10/30: Rbot-GUP Worm Has Backdoor Functions

W32/Rbot-GUP is a worm with IRC backdoor functionality for the Windows platform.

10/30: Voterai.worm Disables Security Software

W32/Voterai.worm.a is a particularly damaging worm related to elections campaign in Kenya.

10/30: TmDrop-A Trojan Hits Windows

Troj/TmDrop-A is a Trojan for the Windows platform.

10/30: IRCbot-YT a Windows Trojan

Troj/IRCbot-YT is a Trojan for the Windows platform.

10/29: FlashJumper.Q Worm Copies Itself to Mapped, Removable Drives

FlashJumper.Q is a worm whose main objective is to spread and affect as many computers as possible by making copies of itself in the mapped and removable drives.

10/29: Mal/Dropper-X Trojan Installes, Executes Other Malicious Files

Mal/Dropper-X is a Trojan that installs and executes other malicious files.

10/29: Bindo Worm Copies Itself, Creates Registry Entry

W32/Bindo.worm runs silently upon execution, and no GUI messages appear on the screen.

10/29: Captchar.A Trojan Tries to Bypass CAPTCHA

Troj_Captchar.A is a Trojan that may arrive as a file downloaded by other malware.

Hacker Criminals Find An Exploit In a Fix

Adobe issues a fix to an exploit that could allow a rootkit to be installed on unsuspecting computers. The bad guys craft an exploit off that fix within a day.

10/29: Reapall.A Trojan Exploits RealPlayer Flaw

Troj_Reapall.A is a Trojan that may be hosted on a Web site and run when a user accesses the said Web site.

10/29: Expl_Pidief.C Exploits Adobe Acrobat, Reader 8.1 Flaw

Expl_Pidief.C is the Trend Micro detection for an exploit code that takes advantage of the PDF Mailto vulnerability in Adobe Acrobat and Adobe Reader 8.1.

10:29: Minera.A Worm Spreads Via Removable Drives, Shares

W32.Minera.A is a worm that spreads through removable drives and network shares.

10/29: Downloader.Hashedip Trojan Dropped by Other Trojan

Downloader.Hashedip is a Trojan horse that is downloaded by Trojan.Pidief.A.

10/26: VBS.Mondezimia!html Detects Files Infected by VBS.Mondezimia

VBS.Mondezimia!html is a detection for files infected by the VBS.Mondezimia file infector.

10/26: Racita.A Worm Copies Itself to Mapped Drives D to H

W32.Racita.A is a worm that copies itself to mapped drives D through H.

10/26: FlashJumper.Q Worm Copies Itself to Mapped, Removable Drives

FlashJumper.Q is a worm whose main objective is to spread and affect as many computers as possible by making copies of itself in the mapped and removable drives.

10/26: VB-DXQ a Downloader Trojan

Troj/VB-DXQ is a downloader Trojan for the Windows platform.

10/26: VBS.Mondezimia File Infector Targets all HTML Files

VBS.Mondezimia is VBS, html, htm, http file infector that infects recursively all html files on available drivers on the compromised computer.

10/26: Mal/EncPk-BK a Program Used by Malware Authors

Mal/EncPk-BK is a program that has been packed with a protection system typically used by malware authors.

How to Fight The Onslaught of Security Threats

One message at Interop this week? When it comes to data security, it's better to first figure out what to secure.

10/25: Autorun-G Worm Spreads to Mapped Drives

W32/Autorun-G is a worm for the Windows platform.

10/25: Sdbot-DIJ a Windows Worm

W32/Sdbot-DIJ is a worm for the Windows platform.

The Storm That Keeps Blowing

The Storm worm seems to unleash one new e-mail flood or denial of service attack every week. Why won't it go away?

10/25: JS_Feebs.SR Malicious JavaScript Arrives as Spam Mail Attachment

JS_Feebs.SR is malicious JavaScript that arrives on a system as an attachment to email messages spammed by a worm detected by Trend Micro as WORM_FEEBS.LE.

10/25: Feebs.LE Worm Uses Malicious JavaScript to Drop Copies of Itself

Worm_Feebs.LE employs a propagation technique similar to that used by certain WORM_BAGLE variants.

10/25: Noia Worm Downloads, Executes Malicious Content

W32/Noia is a worm written in Delphi that spreads via removable drives.

10/25: Trojan.Advatrix Lowers Security Settings

Trojan.Advatrix is a Trojan horse that lowers security settings on the compromised computer.

10/25: Nama.A Worm Hides Excel Documents, Copies Them

Nama.A is a worm that hides the Excel documents of the affected user and makes copies of them using the same name as the original files, but with an VBS extension.

10/24: Mdropper.WR Trojan Exploits Word Flaw

Troj_Mdropper.WR is a Trojan that is dropped by other malware.

10/24: AdClicker-FK an AdClicker Trojan

AdClicker-FK is an AdClicker Trojan.

10/24: Exploit-PDF.shell Detects File Exploiting PDF Security Flaw

Exploit-PDF.shell is a detection for a specially crafted PDF file that exploits the Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability to execute malicious code on a computer.

10/24: Naplik-A Virus Infects Executables on System

W32/Naplik-A is a virus for the Windows platform.

10/24: Trojan.Sushpy Gives False Computer Error Reports

Trojan.Sushpy is a Trojan horse that gives false reports of errors on the computer.

10/24: Flood-II Trojan Hits the Unix Platform

Troj/Flood-II is a Trojan for the UNIX platform.

CA Refreshes Security Line With An Eye On Compliance

Updated security products help monitor user access and regulatory compliance.

10/23: Infostealer.Nssearch Trojan Uploads Network Info; Files

Infostealer.Nssearch is a Trojan horse that uploads network information and files to a Web site using FTP.

10/23: Vetor-G an Executable Windows Virus

W32/Vetor-G is an executable file virus for the Windows platform.

10/23: Trojan.Pidief.A Exploits Acrobot Flaw

Trojan.Pidief.A is a Trojan horse that exploits the Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability (BID 25748) in order to lower security settings.

10/23: Sdbot.worm.gen.cn Spreads Via Different IM Platforms

W32/Sdbot.worm.gen.cn is a variant of the Sdbot family of worms.

10/23: Agent-GEP a Backdoor Trojan

Troj/Agent-GEP is a backdoor Trojan for the windows platform.

10/23: Usbwatch Worm Copies Itself to Mapped, Removable Drives

W32.Usbwatch is a worm that spreads by copying itself to mapped and removable drives.

10/22: Inject-BU a Windows Trojan

Troj/Inject-BU is a Trojan for the Windows platform.

10/22: VBS.Runauto.D Worm Copies Itself to Removable Drives

VBS.Runauto.D is a worm that spreads by copying itself to removable drives.

10/22: AutoRun-F Worm Copies Itself to Removable Devices

W32/AutoRun-F is a worm for the Windows platform that spreads by copying itself to removable devices.

Report: Carriers Need to Heed Security

Carriers are more than just highways for packets; they need to be cops, too.

10/19: Sillyban.A Worm Copies Itself to Mapped Drives

W32.Sillyban.A is a worm that spreads by copying itself to mapped drives.

10/19: Trojan.Reapall Exploits Unpatched RealPlayer Flaw

Trojan.Reapall is a Trojan horse that exploits an unpatched and previously unknown RealPlayer vulnerability in the wild.

10/19: Voterai Worm Spreads Via Removable Drives, Displays Image

W32.Voterai is a worm that spreads through removable drives and displays an image on the compromised computer.

10/19: Exploit-RealPlay.a Malicious Javascript Exploits RealPlayer Flaw

Exploit-RealPlay.a is a generic detection for malicious Javascript code that attempts to exploit an unknown buffer overflow vulnerability affecting RealPlayer 11 Beta, 10.5 or older versions via an ActiveX control plugin.

10/19: Lineag-CG a Password-Stealing Trojan

Troj/Lineag-CG is a password-stealing Trojan for the Windows platform.

10/19: Destructor.A Worm Ends Security-Related Processes

Destructor.A. is a worm that ends many processes belonging to security related programs, such as antivirus or firewalls.

10/18: Feebs-BX Worm Spreads Via File Sharing on P2P Networks

W32/Feebs-BX is a worm for the Windows platform.

10/18: Rbot-GUL Worm Targets Windows

W32/Rbot-GUL is a worm for the Windows platform.

10/18: Mal/BVWorm-C Worm Targets Windows

Mal/VBWorm-C is a worm for the Windows platform.

10/18: Dload-R Trojan Targets Windows

Troj/Dload-R is a Trojan for the Windows platform.

10/17: Expl_Pidief.A Exploits Flaw in Acrobat Software Products

Expl_Pidief.A is Trend Micro's detection for a proof-of-concept (POC) exploit of an unknown vulnerability that takes advantage of a vulnerability in certain Adobe Acrobat software products by allowing arbitrary code execution on an affected system.

10/17: PWS-Pykse a Password-Stealing Trojan Targeting Skype

PWS-Pykse is a password-stealing Trojan that targets Skype and steals username and password entered by the user.

10/17: Infostealer.Banker.E Trojan Steals Sensitive Information

Infostealer.Banker.E is a Trojan horse that steals sensitive information from the compromised computer.

10/17: Zlob-AFF Trojan Hits Windows

Troj/Zlob-AFF is a Trojan for the Windows platform

10/17: Zlob-AFG a Windows Trojan

Troj/Zlob-AFG is a Trojan for the Windows platform.

10/17: Vetor-F a Windows Executable File Virus

W32/Vetor-F is an executable file virus for the Windows platform.

10/17: Squatbot-D a Windows Trojan

Troj/Squatbot-D is a Trojan for the Windows platform.

10/17: Backdoor.Zapinit Trojan May Download Malicious Code

Backdoor.Zapinit is a Trojan horse that opens a back door and may download potentially malicious code onto the compromised computer.

10/17: Copee Trojan Kills Several AV Programs

Copee is a Trojan that does some advertising for a president candidate in Kenya.

10/16: Sdbot-DIE Worm Has IRC Backdoor Functions

W32/Sdbot-DIE is a worm with IRC backdoor functionality for the Windows platform.

10/16: Fakevir-AI a Windows Trojan

Troj/Fakevir-AI is a Trojan for the Windows platform.

10/16: Debanpass Worm Copies Itself to Drives, Steals Information

W32.Debanpass is a worm that copies itself to all drives.

10/16: Alvabrig Virus Accompanies Password-Stealer Trojans, Rootkit

W32/Alvabrig is a virus that is observed to be accompanied with some password-stealer Trojans and Generic Rootkit.A.

10/15: Niuniu!inf Detects Files Infected by Niuniu Worm

W32.Niuniu!inf is a detection for files that are infected by the W32.Niuniu worm.

10/15: Chir.b File Infector Continues to Spread

For the second time in less than a week, security vendor McAfee has issued an alert for W32/Chir.b@MM, a file infector targeted at several file formats.

10/15: Poebot-MW a Windows Worm

W32/Poebot-MW is a network worm for the Windows platform.

10/15: Nuwar.ARC Worm Purports to be eCard Sent in Spam Mail

Worm_Nuwar.ARC may be dropped by other malware.

10/15: Diazom-C a Windows Worm

W32/Diazom-C is a worm for the Windows platform.

10/12: Tesla-A Virus Targets Windows

W32/Tesla-A is a virus for the Windows platform.

10/12: Vetor-E an Executable File Virus

W32/Vetor-E is an executable file virus for the Windows platform.

10/12: Mdropper.WN Trojan Arrives as .DOC File in Email

Troj_Mdropper.WN is a Trojan that arrives as .DOC file attached to email messages spammed by another malware or a malicious user.

10/12; LCJump-B Worm Copies Itself to Mapped Drives

W32/LCJump-B is a worm for the Windows platform.

Microsoft Issues IE Security Alert

Just days after Patch Tuesday it finds a significant threat in Internet Explorer 7.

10/12: Agent-GDZ a Password-Stealing Trojan

Troj/Agent-GDZ is a password stealing Trojan for the Windows platform.

10/12: Allaple-F Worm Targets Windows

W32/Allaple-F is a worm for the Windows platform.

10/11: Niuniu Worm Spreads Via Network Shares, Infecting HTML Files

W32.Niuniu is a worm that spreads through network shares and by infecting .html files.

10/10: FakeAlert-T Trojan Shows Fake Warning Message

Similar to other malwares of this family, FakeAlert-T Trojan shows a fake warning message, alarming the user that their machine is infected or at risk.

10/10: Chir.b a File Infector Virus

W32/Chir.b@MM is a file infector virus targeted at several file formats that is able to spread also using email.

10/10: Sdbot-DIB Network Worm Has IRC Backdoor Functions

W32/Sdbot-DIB is a network worm with IRC backdoor functionality for the Windows platform.

10/10: DwnLdr-GYF Trojan Hits Windows

Troj/DwnLdr-GYF is a Trojan for the Windows platform.

10/10: ServU-EX Trojan Runs Continuously in Background

Troj/ServU-EX is a modified version of a commercial FTP application.

10/10: Trojan.Mdropper.Z Drops Malicious Files

Trojan.Mdropper.Z is a Trojan horse that drops malicious files on to the compromised computer.

10/10: Trojan.Fakeavalert Displays False Antivirus Alerts, Lowers Settings

Trojan.Fakeavalert is a Trojan horse that displays false antivirus alerts and lowers security settings on the compromised computer.

10/10: Pushdo.AD Trojan Arrives Via Spammed Hentai Emails

Troj_Pushdo.AD is a Trojan that arrives via spammed Hentai email messages.

10/9: Rbot-GUE Worm Has IRC Backdoor Functions

W32/Rbot-GUE is a worm with IRC backdoor functionality for the Windows platform.

10/9: PWS-Goldun Trojan Arrives in Bogus iPod Email Order

PWS-Goldun is a Trojan that arrives in an email claiming to be a tracking order for an iPod that was ordered online.

10/9: Trojan.Webkit!html Detects HTML Files Containing Malicious Code

Trojan.Webkit!html is a generic detection for HTML files containing malicious code to redirect users to malicious Web servers.

Storm Worm Rewrote the Botnet and Spam Game

Nasty malware in its own right, Storm also provided a cunning spam platform, and perhaps more troubling, a template for others to follow.

10/8: Pajetbin Virus Infects .Exe Files

W32.Pajetbin is a virus that infects .exe files.

10/8: Dorf-X Trojan Hits Windows

Troj/Dorf-X is a Trojan for the Windows platform.

10/8: Psyme-FJ a Script Trojan That Downloads, Executes File

Troj/Psyme-FJ is a script Trojan that attempts to silently download and execute a file from the internet.

10/5: Stemclover Worm Copies Itself to Shares, Removable Media

W32.Stemclover is a worm that copies itself to network shares and removable media.

10/5: VBS.Stemclover Worm Copies Itself to Removable Drives

VBS.Stemclover is a worm that copies itself to removable drives.

10/5: Zua Worm Modifies System Boot Up Logo, Image

W32/Zua.worm is a worm that can propagate over removable drives and modifies the system boot up logo and desktop background image.

Sun Fixes Severe Java Vulnerabilities

Holes in Java code could let malicious apps access your file system or your network without your knowledge.

10/5: BraveSentry Trojan Generates False Reports to Produce Sales

BraveSentry is a rogue security program that is designed to scan and detect malware on a computer.

10/5: Delf-EYG Trojan Downloads, Executes Remote Software

Troj/Delf-EYG is a Trojan for the Windows platform.

10/5: Viking-I Worm Hits Windows

W32/Viking-I is a worm for the Windows platform.

10/4: PWS-FireMing Trojan Modifies IE Registry Keys

PWS-FireMing is a Trojan that will modify registry keys to cause Internet Explorer to load a malicious DLL.

10/4: PWS-FireMing.dll Trojan Downloads, Executes Malicious Programs

PWS-FireMing.dll is a Trojan that will download and execute malicious programs.

10/4: Brontok-CV Worm Copies Itself to Network, Removable Drives

W32/Brontok-CV is a worm for the Windows platform.

Rise of the Weaponized Rootkit

And you thought stealth was the only trick up a rootkit’s sleeve.

10/4: Rbot-GUA Worm Spreads Via Network Shares, IM

W32/Rbot-GUA is a backdoor worm for the Windows platform.

10/4: Dabber-D Worm Contacts Remote Server Via HTTP

W32/Dabber-D is a worm for the Windows platform.

10/4: PWS-LDPinch a Password-Stealing Trojan

PWS-LDPinch is a password-stealing Trojan designed to email the encoded local passwords to the Trojan author.

10/3: Fleck.A Worm Spreads Via File Sharing; Downloads Threats

W32.Fleck.A is a worm that spreads through file-sharing networks and downloads other threats.

10/3: Badday.A Worm Lowers Security Settings

W32.Badday.A is a worm that spreads through mapped and removable drives.

10/3: HTML_Iframe.HS Opens Web Page WIth Infected Files

HTML_Iframe.HS is the Trend Micro detection for an IFRAME, which other malware can prepend to its infected files.

10/3: W32/Looked-DV a Windows Executable Virus and Metwork Worm

W32/Looked-DV is a Windows executable virus and network worm.

10/3: Yahack.A Worm Spreads Through Mapped Drives

W32.Yahack.A is a worm that spreads through mapped drives.

10/3: Mimbot.A Worm's Goal: To Infect as Many Systems as Possible

Mimbot.A.worm is a worm whose main objective is to spread and affect as many computers as possible.

Google Bolsters E-Mail Security In Apps

Integration of security features from Postini designed to make Google Apps more appealing to large customers.

10/3: Worm_Fubalca.AQ May Be Unknowingly Downloaded

Worm_Fubalca.aq may be downloaded unknowingly by a user when visiting malicious Web sites.

10/3: Agobot-AIZ Worm Spreads Via Shares, Exploing Flaws

W32/Agobot-AIZ is a worm for the Windows platform.

Report: Consumers Not as Safe Online As They Think

McAfee survey finds many computers are far less secure than their owners believe.

10/2: Virut-M Virus Infects Executable Files

W32/Virut-M is a virus for the Windows platform.

10/2: Autorun-E Worm Copies Itself to Removable Drives

W32/Autorun-E is a worm for the Windows platform.

10/2: Minerv-A Worm Targets Windows

W32/Minerv-A is a worm for the Windows platform.

10/2: Hoxe-B Worm Disables Anti-Virus Apps, Steals Passwords

W32/Hoxe-B is a worm for the Windows platform that spreads to other network computers.

10/2: IRCBot-YC Worm Has Backdoor Functionality

W32/IRCBot-YC is a worm with IRC backdoor functionality for the Windows platform.

10/1: SillyFDC-AY a Windows Worm

W32/SillyFDC-AY is a worm for the Windows platform.

10/1: Dropper-RL Trojan Hits Windows

Troj/Dropper-RL is a Trojan for the Windows platform.

10/1: Horst-JR Trojan Targets Windows

Troj/Horst-JR is a Trojan for the Windows platform.

10/1: Mal/Dropper-U Trojan Installs, Executes Other Malicious Files

Mal/Dropper-U is a Trojan that installs and executes other malicious files.

10/1: Unsafe VBS Virus Lowers Security Settings

Unsafe VBS is a virus that is triggered when using heuristic scanning option and is designed to cover VBS scripts that attempt to lower the security settings within Microsoft Internet Explorer.

Thanks, Russia: Antivirus Software Market Remains Healthy

Amid the myriad antivirus companies, two surprises emerge from under the shadows of Symantec and McAfee.

10/1: Sdbot-DHX an MSN Messenger Worm and IRC Trojan

W32/Sdbot-DHX is a MSN Messenger worm and IRC backdoor Trojan for the Windows platform.

10/1: Backdoor.Ranky.Z Trojan Opens Back Door on System

Backdoor.Ranky.Z is a Trojan horse that opens a back door on the compromised computer.