Take me to the home page If you came to this page directly, click the icon at the left to be taken to our Home Page

 
Virus News   

 


 

 

January 2006

Select the links for detailed information and removal tools for the latest viruses

For a Superior AntiVirus/Internet Security solution
Use AVG. Read about it here



W32.Antinny.AX 01/28/06 2
W32.Imav.A 01/26/06 2
W32.Sygyp.A 01/21/06 2
W32.Looksky.H 01/17/06 2
W32.Blackmal.E 01/17/06 2
W32.Feebs.J 01/16/06 2
W32.Feebs.E 01/12/06 2
W32.Feebs.D 01/11/06 2
W32.Looksky.G 01/08/06 2
W32.Loxbot.D 01/06/06 2
W32.Looksky.F 01/05/06 2
W32.Loxbot.C 01/05/06 2
Trojan.Satiloler.B 01/04/06 2

Trojan.Satiloler.B
Discovered January 04, 2006
Systems Affected: All Windows32 Systems

Trojan.Satiloler.B is a Trojan horse that attempts to steal user names, passwords, and other information from the compromised computer. It also attempts to open a proxy server on a random TCP port.

It has been reported that the Trojan is downloaded by malformed WMF files that utilize the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability (as described in BID 16074).

Payload Trigger: n/a
Payload: Attempts to steal confidential system information.
Compromises security settings: Modifies the registry to disable Windows security features.

Read the full Symantec report here

W32.Loxbot.C
Discovered January 05, 2006
Systems Affected: All Windows32 Systems

W32.Loxbot.C is a worm that opens a back door and can receive commands from a remote attacker. It lowers security settings and can spread using AOL Instant Messenger.

Payload Trigger: n/a
Payload: Opens a back door.
Compromises security settings: Disables security-related services.
Distribution
Ports: TCP port 21
Target of infection: AOL Instant Messenger

Read the full Symantec report here

W32.Looksky.F@mm
Discovered January 05, 2006
Systems Affected: All Windows32 Systems

W32.Looksky.F@mm is a mass-mailing worm that drops additional malware on the compromised computer.

Payload Trigger: n/a
Payload: Uses additionally dropped malware to log keystrokes and steal confidential information.
Large scale e-mailing: Sends a copy of the worm to all email addresses gathered from the compromised computer.
Distribution
Subject of email: Your mail Account is Suspended
Name of attachment: acc_info9.exe

Read the full Symantec report here

W32.Loxbot.D
Discovered January 06, 2006
Systems Affected: All Windows32 Systems

W32.Loxbot.D is a worm that opens a back door on the compromised computer allowing a remote attacker to issue various commands and spreads using AOL Instant Messenger. The worm also uses rootkit capabilities to hide its process in memory.

Payload Trigger: n/a
Payload: Opens a back door and allows a remote attacker to have unauthorized access to the compromised computer.
Degrades performance: Propagation may degrade network performance and resources.
Compromises security settings: Ends services which may be security related.
Distribution
Ports: TCP port 1751
Target of infection: AOL Instant Messenger

Read the full Symantec report here

W32.Looksky.G@mm
Discovered January 08, 2006
Systems Affected: All Windows32 Systems

W32.Looksky.G@mm is a mass-mailing worm that lowers security settings, opens a back door, and drops additional malware on the compromised computer.

Payload Trigger: n/a
Payload: Opens a back door and downloads remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Compromises security settings: Modifies the firewall settings.
Distribution
Subject of email: Your mail Account is Suspended
Name of attachment: acc_info9.exe or ebay_info.exe

Read the full Symantec report here

W32.Feebs.D@mm
Discovered January 11, 2006
Systems Affected: All Windows32 Systems

W32.Feebs.D@mm is a mass-mailing worm that also spreads through file-sharing networks and lowers security settings on the compromised computer.
The worm arrives as an attachment with an .HTA extension.

Payload Trigger: n/a
Payload: Lowers Security Settings.
Large scale e-mailing: Emails copies of itself to addresses found on the compromised computer.
Degrades performance: Mass emailing may degrade performance.
Releases confidential info: Stores and then sends confidential information.
Compromises security settings: Disables the Windows firewall. Attempts to end security-related processes and services.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 80.

Read the full Symantec report here

W32.Feebs.E@mm
Discovered January 12, 2006
Systems Affected: All Windows32 Systems

W32.Feebs.E@mm is a mass-mailing worm that also spreads through file-sharing networks and lowers security settings on the compromised computer.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Releases confidential info: Sends confidential information to a remote attacker.
Compromises security settings: Modifies firewall settings.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 80.

Read the full Symantec report here

W32.Feebs.J@mm
Discovered January 16, 2006
Systems Affected: All Windows32 Systems

W32.Feebs.J@mm is a mass-mailing worm that also spreads through file-sharing networks and lowers security settings on the compromised computer.

Payload Trigger: n/a
Payload: Starts a local Web server.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Deletes files: n/a
Modifies files: n/a
Degrades performance: n/a
Causes system instability: n/a
Releases confidential info: Sends confidential information to a remote attacker.
Compromises security settings: Modifies firewall settings.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 80.

Read the full Symantec report here

W32.Blackmal.E@mm
Discovered January 17, 2006
Systems Affected: All Windows32 Systems

W32.Blackmal.E@mm is a mass-mailing worm that attempts to spread through network shares and lower security settings.

Payload Trigger: 3rd day of the month
Payload: Deletes files and registry entries of security-related applications.
Large scale e-mailing: Creates a mass-mailing of itself using addresses gathered from the compromised computer.
Deletes files: Attempts to delete files associated with security-related programs.
Distribution
Subject of email: Varies.
Name of attachment: Varies.

Read the full Symantec report here

Download the removal tool here

W32.Looksky.H@mm
Discovered January 17, 2006
Systems Affected: All Windows32 Systems

W32.Looksky.H@mm is a mass-mailing worm that has keylogging capabilities.

Payload Trigger: n/a
Payload: May use dropped components to log keystrokes and steal confidential information.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Compromises security settings: Modifies the firewall settings.
Distribution
Subject of email: Your Ebay account is Suspended
Name of attachment: ebay_info.exe
Ports: TCP port 321

Read the full Symantec report here

W32.Sygyp.A@mm
Discovered January 21, 2006
Systems Affected: All Windows32 Systems

W32.Sygyp.A@mm is a mass-mailing worm that also spreads through file-sharing networks and lowers security settings on the compromised computer.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself as an email attachment to addresses gathered from the compromised computer.
Compromises security settings: Stops security-related processes, blocks access to security-related Web sites, disables the Windows firewall, and disables the Windows Security Center.
Distribution
Subject of email: Google Earth – Explore, Search and Discover
Name of attachment: GoogleEarthSetup.exe

Read the full Symantec report here

W32.Imav.A
Discovered January 26, 2006
Systems Affected: All Windows32 Systems

W32.Imav.A is a worm that spreads by sending ICQ messages that contain links to copies of the worm. The worm also disables security-related products. The worm may arrive as a .zip file downloaded from the Internet.

Payload Trigger: n/a
Payload: n/a
Deletes files: Deletes and renames files on the compromised computer.
Compromises security settings: Ends security-related services, blocks access to security-related Web sites, and deletes security-related files.
Distribution
Ports: TCP port 17940.

Read the full Symantec report here

W32.Antinny.AX
Discovered January 28, 2006
Systems Affected: All Windows32 Systems

W32.Antinny.AX is a worm that propagates through the Winny file-sharing network. The worm performs denial of service attacks on certain Web sites and steals confidential information from the compromised computer.

Payload Trigger: n/a
Payload: Performs denial of service attacks on third parties.
Releases confidential info: Captures screenshots and steals confidential information.

Read the full Symantec report here

 
   
     
© Copyright 1999 - 2006 The Computer Wizard