Click your ruby slippers together 3 times and repeat "There's no place like home, there's no place like home, there's no place like home..." If you came to this page directly, click the icon at the left to be taken to our Home Page

 
Virus News   

 


 

 

June 2006

Select the links for detailed information and removal tools for the latest viruses

For a Superior AntiVirus/Internet Security solution
Use AVG. Read about it here


W32.Kidala.E 06/23/06 2
W32.Amirecivel.E 06/22/06 2
W32.Beagle.FG 06/21/06 2
W32.Beagle.FF 06/20/06 2
Trojan.Tooso.R 06/16/06 2
W32.Beagle.FD 06/16/06 2
JS.Yamanner 06/12/06 2
W32.Timeserv 06/08/06 2
W32.Fijjy.A 06/08/06 2
W32.Sinteri.A 06/03/06 2





W32.Sinteri.A@mm
Discovered June 03, 2006
Systems Affected: All Windows32 Systems

W32.Sinteri.A@mm is a mass-mailing worm that uses stealth technology to hide itself.
Symantec Security Response is currently investigating this threat and will post more information as it becomes available.

Read the full Symantec report here

W32.Fijjy.A
Discovered June 08, 2006
Systems Affected: All Windows32 Systems

W32.Fijjy.A is a worm that spreads through network shares and downloads and executes remote files onto the compromised computer.

Payload Trigger: n/a
Payload: Downloads and executes remote files.
Distribution
Shared drives: Spreads through network shares.

Read the full Symantec report here

W32.Timeserv@mm
Discovered June 08, 2006
Systems Affected: All Windows32 Systems

W32.Timeserv@mm is a mass-mailing worm that opens a back door and sends emails to addresses gathered from the compromised computer.

Payload Trigger: n/a
Payload: Opens a back door.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Distribution
Subject of email: Microsoft Customer Support.
Name of attachment: timesrv.exe
Size of attachment: 53,248 bytes
Ports: TCP port 9999

The email has the following characteristics:

From: support@microsoft.com

Subject: Microsoft Customer Support.

Message Body:

Hello Dear.

In programm maintenance of corporation Microsoft critical vulnerabilyty has been found in processing wmf files. Programmers Microsoft have let out critical updating for Windows 98/2000/XP. We urgently recommend you and to estabilish updating. One copy of updating packet in attach for this letter.
Detalis: http://support.microsoft.com

With best regards,
Microsoft Customer Support.

Attachment: timesrv.exe

Read the full Symantec report here

JS.Yamanner@m
Discovered June 12, 2006
Systems Affected: All Windows32 Systems

JS.Yamanner@m is a worm that is written in JavaScript. It exploits a vulnerability in the Yahoo email service to send a copy of itself to the user's Yahoo email contacts.

Note:
The worm cannot run on the newest version of Yahoo Mail Beta.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to the user's Yahoo email contacts.
Distribution
Subject of email: New Graphic Site

JS.Yamanner@m performs the following actions:

  1. Arrives on the compromised computer as an HTML email containing Javascript. The email may have the following characteristics:

    From: Varies
    Subject: New Graphic Site
    Message body: Note: forwarded message attached.

  2. Once the email is opened the worm exploits a vulnerability in the Yahoo email service to run a script.
  3. Sends a copy of itself to certain email addresses gathered from the Yahoo email folders.
  4. Targets email addresses from the @yahoo.com and @yahoogroups.com domains.
  5. Contacts the following URL:
    [http://]www.av3.net/index.htm

  6. Sends a list of email addresses gathered to the above URL.

Read the full Symantec report here

W32.Beagle.FD@mm
Discovered June 16, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.FD@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of another threat, Trojan.Tooso.R. The worm also opens a back door on the compromised computer using TCP port 80 and lowers security settings.

Payload Trigger: n/a
Payload: Opens a back door on TCP port 80 which may allow the compromised computer to act as a proxy server.
Large scale e-mailing: Attempts to email a copy of another threat to the email addresses that are contained a downloaded file.
Degrades performance: Mass mailing functions may degrade performance.
Distribution
Subject of email: [RANDOM NAME]
Name of attachment: [RANDOM PERSON NAME].zip which contains the file named 16-06-2006.exe.
Ports: TCP ports 80 and 25.

Read the full Symantec report here

Trojan.Tooso.R
Discovered June 16, 2006
Systems Affected: All Windows32 Systems

Trojan.Tooso.R is a Trojan horse that downloads other risks onto the compromised computer.

Payload Trigger: n/a
Payload: Downloads other security threats onto the compromised computer.
Degrades performance: Attempts to connect to remote locations may degrade performance.
Distribution
Subject of email: varies
Name of attachment: varies

Read the full Symantec report here

W32.Beagle.FF@mm
Discovered June 20, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.FF@mm is a mass-mailing worm that uses its own SMTP engine to spread. It attempts to lower security settings. The worm may also download and execute remote files.

Read the full Symantec report here

W32.Beagle.FG@mm
Discovered June 21, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.FG@mm is a mass-mailing worm that uses its own SMTP engine to spread and may also download and execute remote files. It also attempts to lower security settings on the compromised computer.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Uses its own SMTP engine to send out emails.
Compromises security settings: Attempts to lower security settings.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 25

Read the full Symantec report here

W32.Amirecivel.E@mm
Discovered June 22, 2006
Systems Affected: All Windows32 Systems

W32.Amirecivel.E@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm requires Microsoft .Net Framework 2.0 in order to run.

Payload Trigger: n/a
Payload: Gathers email addresses from the compromised computer.
Large scale e-mailing: Sends itself to the email addresses it gathers.
Modifies files: Overwrites Notepade.exe.
Distribution
Subject of email: Varies
Name of attachment: Varies

Sends a copy of itself in an email with the following characteristics:

From:
(One of the following)

• antiblaster@yahoo.com
• avg@yahoo.com
• bill@yahoo.com
• bob@yahoo.com
• ebook@yahoo.com
• info@yahoo.com
• iraq@yahoo.com
• LongShot@yahoo.com
• mail@yahoo.com
• matt@yahoo.com
• mcafee@yahoo.com
• nod32@yahoo.com
• panda@yahoo.com
• smith@yahoo.com
• stan@yahoo.com
• steve@yahoo.com
• symantec@yahoo.com
• ted@yahoo.com
• update@yahoo.com
• YourFriend@yahoo.com

Subject:
(One of the following)

• Account notify
• do you know AmirCivil?
• Document
• E-mail account disabling warning
• Email account utilization warning.
• E-mail technical support message.
• E-mail warning
• Encrypted document
• Fax Message
• Fax Message Received
• Forum notify
• Incoming Message
• mcafee
• Message Notify
• panda
• Protected message
• symantec
• Text message
• Thank you!
• Yahoo!

Read the full Symantec report here

W32.Kidala.E@mm
Discovered June 23, 2006
Systems Affected: All Windows32 Systems

W32.Kidala.E@mm is a mass-mailing worm that opens a back door on the compromised computer. It also lowers security settings and exploits remote vulnerabilities.

Payload Trigger: n/a
Payload: Opens a back door on the compromised computer. It also lowers security settings and exploits remote vulnerabilities.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies

Read the full Symantec report here




 
   
     
© Copyright 1999 - 2006 The Computer Wizard