Click your ruby slippers together 3 times and repeat "There's no place like home, there's no place like home, there's no place like home..." If you came to this page directly, click the icon at the left to be taken to our Home Page

 
Virus News   

 


 


High Quality Lossless Music
Music Downloads

 

August 2006

Select the links for detailed information and removal tools for the latest viruses

For a Superior AntiVirus/Internet Security solution
Use AVG. Read about it here



W32.Stration.D 08/29/06 2
W32.Spybot.AKNO 08/28/06 2
W32.Womble.A 08/28/06 2
W32.Stration.C 08/27/06 2
Trojan.Linkoptimizer 08/24/06 2
W32.Spybot.AKKC 08/22/06 2
W32.Stration.B 08/20/06 2
W32.Randex.GEL 08/18/06 2
W32.Stration.A 08/18/06 2
W32.Toyep.A 08/16/06 2
W32.Wargbot 08/12/06 2
W32.Hocgaly.A 08/02/06 2






W32.Hocgaly.A@mm
Discovered August 2, 2006
Systems Affected: All Windows32 Systems

W32.Hocgaly.A@mm is a mass-mailing worm that gathers email addresses from the compromised computer. It may also perform a denial of service attack against predetermined Web sites.

Payload: Performs a denial of service attack against predetermined Web sites.
Large Scale E-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Distribution Level: Low
Subject of Email: Varies
Name of Attachment: Varies
Size of Attachment: Varies

Read the full Symantec report here

W32.Wargbot
Discovered August 12, 2006
Systems Affected: All Windows32 Systems

W32.Wargbot is a network-aware worm that opens an IRC back door on the compromised computer. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS06-040). The Trojan may download a copy of Backdoor.Ranky.X.

Payload: Opens a back door on the compromised computer.
Distribution Level: High
Target of Infection: Unpatched computers with vulnerability described in MS06-040.

Listens for commands, which may allow a remote attacker to perform some of the following actions on the compromised computer:

Launch denial of service attacks
Scan IP addresses to find computers to attack
Download and execute remote files
Send a message using AOL Instant Messenger (if it's running)
Remotely run the command prompt shell, which allows the attacker to run any command

May receive commands to download a file from [http://]media.pixpond.com/l9rd[REMOVED]. The downloaded file is a copy of Backdoor.Ranky.X, which listens for commands from a remote attacker on a random port and sends the IP address of the compromised computer to a server on the yu.haxx.biz domain.

Attempts to spread by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS06-040) once it receives the appropriate command. The exploit code affects computers using the Windows 2000 operating system.

Read the full Symantec report here

W32.Toyep.A@mm
Discovered August 16, 2006
Systems Affected: All Windows32 Systems

W32.Toyep.A@mm is a mass-mailing worm that downloads other threats onto the compromised computer.

Payload: Downloads a remote file.
Distribution Level: High
Subject of Email: Varies
Name of Attachment: message.zip, data.zip, logfile.zip

Read the full Symantec report here

W32.Stration.A@mm
Discovered August 18, 2006
Systems Affected: All Windows32 Systems

W32.Stration.A@mm is a mass-mailing worm that gathers email addresses from the compromised computer.

Payload: Sends a copy of itself as an email attachment.
Distribution Level: Medium.

Read the full Symantec report here

W32.Randex.GEL
Discovered August 18, 2006
Systems Affected: All Windows32 Systems

W32.Randex.GEL is a network-aware worm that opens an IRC back door on the compromised computer. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS06-040).

Read the full Symantec report here

W32.Stration.B@mm
Discovered August 20, 2006
Systems Affected: All Windows32 Systems

W32.Stration.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer.

Payload: Sends a copy of itself to email addresses gathered from the compromised computer and downloads a remote file.
Distribution Level: Medium
Subject of Email: Varies
Name of Attachment: Varies.

Read the full Symantec report here

W32.Spybot.AKKC
Discovered August 22, 2006
Systems Affected: All Windows32 Systems

W32.Spybot.AKKC is a network-aware worm that opens a back door on the compromised computer and has distributed denial of service capabilities. The worm spreads to network shares and by exploiting vulnerabilities.

Payload: Opens a back door and performs denial of service attacks.
Distribution Level: Medium
Ports: TCP port 21972
Target of Infection: Computers that do not have up to date patches installed.

Read the full Symantec report here

Trojan.Linkoptimizer
Discovered August 24, 2006
Systems Affected: All Windows32 Systems

Trojan.Linkoptimizer is a detection for a family of Trojan horse programs that use rootkit and stealthing techniques to hide their presence. The Trojan may download and display pop-up advertisements.

Read the full Symantec report here

W32.Stration.C@mm
Discovered August 27, 2006
Systems Affected: All Windows32 Systems

W32.Stration.C@mm is a mass-mailing worm that gathers email addresses from the compromised computer. The worm also downloads files and may lower security settings.

Payload: Gathers email addresses, downloads files, and may lower security settings.
Large Scale E-mailing: Emails itself as an attachment.
Compromises Security Settings: Disables some firewalls.
Distribution Level: High
Subject of Email: Varies
Name of Attachment: Varies
Size of Attachment: Varies

Read the full Symantec report here

W32.Womble.A@mm
Discovered August 28, 2006
Systems Affected: All Windows32 Systems

W32.Womble.A@mm is a mass-mailing worm that gathers email addresses from the compromised computer.

Read the full Symantec report here

W32.Spybot.AKNO
Discovered August 28, 2006
Systems Affected: All Windows32 Systems

W32.Spybot.AKNO is a network-aware worm that opens a back door on the compromised computer. It also spreads to network shares protected by weak passwords and by exploiting vulnerabilities.

Payload: Opens a back door and exploits remote vulnerabilities.
Distribution Level: Medium.

Read the full Symantec report here

W32.Stration.D@mm
Discovered August 29, 2006
Systems Affected: All Windows32 Systems

W32.Stration.D@mm is a mass-mailing worm that gathers email addresses from the compromised computer. The worm also downloads files from remote computers.

Payload: Downloads files on to the compromised computer.
Large Scale E-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Distribution Level: High
Subject of Email: Varies.
Name of Attachment: Varies.

Read the full Symantec report here


 
   
     
© Copyright 1999 - 2006 The Computer Wizard