Take me to the home page If you came to this page directly, click the icon at the left to be taken to our Home Page

 
Virus News   

 


 


High Quality Lossless Music
Music Downloads

 

March 2006

Select the links for detailed information and removal tools for the latest viruses

For a Superior AntiVirus/Internet Security solution
Use AVG. Read about it here



W32.Stavron.A 03/31/06 2
W32.Rontokbro.Z 03/31/06 2
W32.Skenkly.A 03/30/06 2
W32.Rontokbro.X 03/24/06 2
W32.Beagle.DZ 03/23/06 2
Trojan.Abwiz.F 03/23/06 2
W32.Renama.A 03/21/06 2
W32.Rontokbro.U 03/16/06 2
Trojan.Exponny 03/16/06 2
W32.Maniccum 03/07/06 2
W32.Hotmatom 03/07/06 2
W32.Spybot.AFEW 03/03/06 2
W32.Beagle.DX 03/03/06 2
W32.Beagle.DW 03/01/06 2


W32.Beagle.DW@mm
Discovered March 1, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.DW@mm is a mass-mailing worm that uses its own SMTP engine and file-sharing networks to spread. It opens a back door on the compromised computer and attempts to lower security settings. The worm also tries to download and execute remote files.

Payload Trigger: n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered form the compromised computer.
Degrades performance: Sending mass-mail may degrade system performance.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies

Read the full Symantec report here

W32.Beagle.DX@mm
Discovered March 3, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.DX@mm is a mass-mailing worm that also spreads through file-sharing networks. It opens a back door on the compromised computer, attempts to lower security settings, and tries to download and execute remote files.

Payload Trigger: n/a
Payload: Downloads and executes remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies

Read the full Symantec report here

W32.Spybot.AFEW
Discovered March 3, 2006
Systems Affected: All Windows32 Systems

W32.Spybot.AFEW is a worm that has distributed denial of service and back door capabilities. The worm spreads through AOL Instant Messenger and by exploiting vulnerabilities.

Payload Trigger: n/a
Payload: Opens a back door.
Deletes files: Deletes network shares.
Distribution
Target of infection: Exploits vulnerabilities.

Read the full Symantec report here

W32.Hotmatom
Discovered March 7, 2006
Systems Affected: All Windows32 Systems

W32.Hotmatom is a worm that spreads via MSN Hotmail and deletes files from the compromised computer.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Sends a link to a copy of itself to MSN Hotmail contacts.
Deletes files: Deletes files from the A drive and the C drive.

Read the full Symantec report here

W32.Maniccum
Discovered March 7, 2006
Systems Affected: All Windows32 Systems

W32.Maniccum is a worm that opens a back door on the compromised computer and spreads via AOL and MSN instant messenger.

Payload Trigger: n/a
Payload: Opens a back door on the compromised computer.
Compromises security settings: Disables security-related applications.
Distribution
Ports: TCP port 5190

Read the full Symantec report here

Trojan.Exponny
Discovered March 16, 2006
Systems Affected: All Windows32 Systems

Trojan.Exponny is a Trojan horse that changes the settings of the Winny file sharing software to expose all local fixed drives on the compromised computer.

Payload Trigger: n/a
Payload: Exposes all local fixed drives on the comprised computer.
Large scale e-mailing: n/a
Deletes files: n/a
Modifies files: Modifies the file "UpFolder.txt" in the directory where Winny is found and the "%Windir%\SYSTEM.INI" file.

Displays a fake message in Japanese:

Read the full Symantec report here

W32.Rontokbro.U@mm
Discovered March 16, 2006
Systems Affected: All Windows32 Systems

W32.Rontokbro.U@mm is a mass-mailing worm that causes system instability on the compromised computer.

Payload Trigger: n/a
Payload: Causes instability on the compromised computer.
Large scale e-mailing: Yes
Causes system instability: Yes
Compromises security settings: Ending security-related processes compromise security settings.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies

Email characteristics:

From: [SPOOFED]

Subject: (One of the following)

  • My Photo on Paris
  • Foto Liburanku di Bali


Message: (One of the following)

  • Hi,
    This photo was taken from my vacation on Paris, last week.
    Wishing you always remember me.

    Regards,

  • Halo Sobat,
    Ini fotoku saat liburan di Bali.
    Semoga kamu jadi ingat aku terus.

    Terima kasih,

Read the full Symantec report here

W32.Renama.A@mm
Discovered March 21, 2006
Systems Affected: All Windows32 Systems

W32.Renama.A@mm is a mass-mailing worm that responds to emails in the user's Outlook inbox.

Payload Trigger: n/a
Payload: Responds to emails in the user's Outlook inbox.

The email will have the following properties:

Subject:
One of the following:

[NAME], your name is listed in terrorism organisation..!!!

[NAME], this file from me (%s)

[NAME], Namamu termasuk dalam daftar terrorist..!!

Note: [NAME] is taken from the contents of the user's emails.

Message:
One of the following:

if you are not sure, please read attachment bellow, and please reply to me..!!!
this message is very urgent..!!!!
hope we don't have miss understanding
thank's...!!!

jika anda nggak percaya atau kurang yakin, coba baca list attachment ini..!!!
ini sangat urgent..!!!!
saya harap dengan begini kita nggak ada salah paham
thank's...!!!

This attachment contain listname of terrorist..!!!
hope you can be carrefull if you find one of them..!!!!
or you can reply this email to me after you read the attachment
thank's...!!!

Read the full Symantec report here

Trojan.Abwiz.F
Discovered March 23, 2006
Systems Affected: All Windows32 Systems

Trojan.Abwiz.F is a Trojan horse with rootkit abilities that downloads and executes remote files and sends confidential computer information to a remote attacker. The Trojan also allows a remote attacker to perform various unauthorized actions on the compromised computer.

Payload Trigger: n/a
Payload: Downloads and executes remote files and also allows a remote attacker to perform various unauthorized actions on the compromised computer.
Degrades performance: Relay spam emails.
Releases confidential info: Sends confidential computer information to a remote attacker.

Read the full Symantec report here

W32.Beagle.DZ@mm
Discovered March 23, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.DZ is a worm spreads through file-sharing networks and tries to download and execute remote files.

Payload Trigger: n/a
Payload: Downloads and executes remote files.
Compromises security settings: Attempts to end security-related processes.

Read the full Symantec report here

W32.Rontokbro.X@mm
Discovered March 24, 2006
Systems Affected: All Windows32 Systems

W32.Rontokbro.X@mm is a mass-mailing worm that lowers security settings and causes system instability.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Sends emails to addresses gathered on the compromised computer.
Compromises security settings: Deletes files and processes, some of which may be security-related.
Distribution
Subject of email: Varies
Name of attachment: Photo.zip

Email characteristics:

From: [SPOOFED]

Subject:

  • My Best Photo
  • Fotoku yg Paling Cantik

Message Body:

  • Hi,
    I want to share my photo with you.
    Wishing you all the best.
    Regards,

  • Hi,
    Aku lg iseng aja pengen kirim foto ke kamu.
    Jangan lupain aku ya !.
    Thanks,

Attachment:

Photo.zip


Displays the following text in a console window:

######################### BR[REMOVED] #########################
-- Hentikanlah kebobrokan di nege [REMOVED] il = Tu[REMOVED]plak = Nothing !!!
No[REMOVED]mdil -->> Kicked by The [REMOVED]tok
[ By J[REMOVED]t ]

Read the full Symantec report here

W32.Skenkly.A@mm
Discovered March 30, 2006
Systems Affected: All Windows32 Systems

W32.Skenkly.A@mm is a worm that opens a back door and connects to an IRC server to listen for instructions that allow the remote attacker to perform various actions on the compromised computer. The worm spreads by sending email and by using the America Online Instant Messenger (AIM).

Payload Trigger: n/a
Payload: Opens a back door on the compromised computer.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Releases confidential info: Logs keystrokes and captures screenshots.
Compromises security settings: May disable the Windows Firewall.
Distribution
Subject of email: Varies
Name of attachment: thefiles.zip

Allows a remote attacker to perform the following actions on the compromised computer:

  • Spread the worm through America Online Instant Messenger (AIM)
  • Spread the worm by sending email
  • Log keystrokes
  • Download and upload files
  • Restart the computer
  • Disable the Windows Firewall
  • Change the appearance of the Windows start button
  • Capture screenshots
  • Open a command shell on the compromised computer
  • Get information from active windows
  • List or end running processes
  • Act as a proxy server
  • Create user account and add then to the Administrators group
  • Delete user account
  • Enable or disable Windows remote desktop
  • Send the status of email sending
  • Retrieve and send the cdkey of the game call of duty from the registry entry
  • HKEY_LOCAL_MACHINE\Software\Activision\Call of Duty

Subject:
One of the following:

  • Where have you been?
  • How are you?
  • Hey
  • Check this out
  • Look at this
  • Hi again
  • Flash game
  • The pictures

Message:
One of the following:

  • Hello
    Hi,
    Please can you test this Flash movie I created?
    Thanks!
  • Hello,
    How are you doing?
    Check out this new game I found!
  • Hey!
    Here is the slideshow from my birthday!
  • Hello,
    Please can you open these files for me?
    Thanks.
  • Hey,
    I encrypted the documents you asked me to, they are attached with this e-mail.
  • Hi,
    I attached the pictures you asked for with this e-mail.
    Tell me what you think!
  • Hello,
    I attached the files you wanted.
    Please e-mail me back.
  • Hi,
    Here is the slideshow you asked for.
    Speak to you soon :)

Read the full Symantec report here

W32.Rontokbro.Z@mm
Discovered March 31, 2006
Systems Affected: All Windows32 Systems

W32.Rontokbro.Z@mm is a mass-mailing worm that lowers security settings.

Payload Trigger: n/a
Payload: n/a
Compromises security settings: Disables security-related applications and ends security-related processes.
Distribution
Subject of email: "My Best Photo" or "Fotoku yg Paling Cantik"
Name of attachment: Photo.zip

Email characteristics:

From: [SPOOFED]

Subject:

  • My Best Photo
  • Fotoku yg Paling Cantik

Message Body:

  • Hi,
    I want to share my photo with you.
    Wishing you all the best.
    Regards,

  • Hi,
    Aku lg iseng aja pengen kirim foto ke kamu.
    Jangan lupain aku ya !.
    Thanks,

Attachment:

Photo.zip

Read the full Symantec report here

W32.Stavron.A
Discovered March 31, 2006
Systems Affected: All Windows32 Systems

W32.Stavron.A is a worm that overwrites files and spreads through network shares.

Payload Trigger: n/a
Payload: Overwrites files.

Read the full Symantec report here



 
   
     
© Copyright 1999 - 2006 The Computer Wizard