Click your ruby slippers together 3 times and repeat "There's no place like home, there's no place like home, there's no place like home..." If you came to this page directly, click the icon at the left to be taken to our Home Page

 
Virus News   

 


 

 

September 2005

Select the links for detailed information and removal tools for the latest viruses

Looking for a better AntiVirus / Spyware solution?
We use AVG Professional. Download it here




W32.Alcra.D 9/28/05 2
W32.Magflag.A 9/28/05 2
Backdoor.Hesive 9/27/05 2
W32.Mydoom.CI 9/26/05 2
W32.Netsky.AN 9/26/05 2
W32.Suclove.A 9/25/05 2
W32.Erkez.F 9/25/05 2
W32.Autex.C 9/24/05 2
W32.Rontokbro 9/23/05 2
W32.Lanieca.I 9/22/05 2
W32.Mytob.JS 9/21/05 2
W32.Ahker.N 9/20/05 2
W32.Peerload.A 9/18/05 2
W32.P2load.A 9/18/05 2
W32.Looked.F 9/18/05 2
W32.Lanieca.H 9/18/05 2
W32.Dafet.A 9/16/05 2
W32.Pexmor 9/16/05 2
W32.Iberio 9/16/05 2
W32.Mytob.JN 9/15/05 2
W32.Mytob.JM 9/14/05 2
W32.Esbot.D 9/14/05 2
W32.Kelvir.II 9/14/05 2
VBS.Inker.B 9/13/05 2
W32.Starimp 9/12/05 2
W32.Beagle.CG 9/12/05 2
Trojan.Tooso.N 9/12/05 2
W32.Mytob.JI 9/09/05 2
Trojan.Tooso.M 9/09/05 2
W32.Bobax!gen 9/08/05 2
W32.Spybot.WON 9/07/05 2
W32.Bobax.AJ 9/07/05 2
W32.Spybot.WOE 9/06/05 2

W32.Spybot.WOE
Discovered September 06, 2005
Systems Affected: All Windows32 Systems

W32.Spybot.WOE is a worm with back door capabilities that can be used to launch a distributed denial of service attack. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

Payload Trigger: n/a
Payload: Opens a back door and allows a remote attacker to have unauthorized access to the compromised computer.
Distribution
Ports: TCP ports 139, 445, 1427, 4654, 65528, 65529.

Read the full Symantec report here

W32.Bobax.AJ@mm
Discovered September 07, 2005
Systems Affected: All Windows32 Systems

W32.Bobax.AJ@mm is a mass-mailing worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445. The worm allows a compromised computer to be used as a covert proxy.

Payload Trigger: n/a
Payload: Downloads remote files.
Deletes files: Deletes %Temp%\~* files.
Degrades performance: Exploits a remote vulnerability which may degrade performance.
Causes system instability: Attempts to use the compromised computer as a covert proxy.
Compromises security settings: Compromises security settings by blocking access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 445

Read the full Symantec report here

W32.Spybot.WON
Discovered September 06, 2005
Systems Affected: All Windows32 Systems

W32.Spybot.WON is a worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

Payload Trigger: n/a
Payload: Opens a back door and allows a remote attacker to have unauthorized access to the compromised computer.
Degrades performance: Spreads by exploiting vulnerabilities, which may degrade the compromised computer's performance.
Compromises security settings: Modifies registry entries to disable Windows security features.
Distribution
Ports: TCP ports 135 and 445, and UDP ports 138 and 139.
Target of infection: Targets computers exposed to several common system vulnerabilities.

Read the full Symantec report here

W32.Bobax!gen
Discovered September 08, 2005
Systems Affected: All Windows32 Systems

W32.Bobax!gen is a generic detection that detects variants of W32.Bobax family of worms.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: May mass mail itself to addresses gathered from the compromised computer
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP 445. May listen on other ports as well

Read the full Symantec report here

Trojan.Tooso.M
Discovered September 08, 2005
Systems Affected: All Windows32 Systems

Trojan.Tooso.M is a Trojan horse that lowers security settings by ending processes, stopping services, removing registry entries and deleting files.

Payload Trigger: n/a
Payload: Attempts to download files from URLs.
Deletes files: Attempts to delete all instances of files, some of which are security-related.
Degrades performance: Downloading remote files may impact computer performance.
Causes system instability: Attempts to find the explorer.exe process and injects malware code into it.
Compromises security settings: Disables security-related processes and services.

Read the full Symantec report here

W32.Mytob.JI@mm
Discovered September 09, 2005
Systems Affected: All Windows32 Systems

W32.Mytob.JI@mm is a mass-mailing worm that opens a back door, lowers security settings, and spreads by exploiting vulnerabilities.

Payload Trigger: n/a
Payload: Opens a back door and may download and execute remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Deletes files: Deletes network shares.
Compromises security settings: Terminates security-related processes.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 36963.

Read the full Symantec report here

Trojan.Tooso.N
Discovered September 12, 2005
Systems Affected: All Windows32 Systems

Trojan.Tooso.N is a Trojan Horse program that drops and attempts to run a corrupt file intended to be malicious.

Payload Trigger: n/a
Payload: n/a
Degrades performance: Attempts to run dropped file may degrade performance.

Read the full Symantec report here

W32.Beagle.CG@mm
Discovered September 12, 2005
Systems Affected: All Windows32 Systems

W32.Beagle.CG@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of Trojan.Tooso.N. The worm also opens a back door on the compromised computer on TCP port 80 and lowers security settings.

Payload Trigger: n/a
Payload: Opens a back door.
Large scale e-mailing: Attempts to email additional security threats.
Degrades performance: Mass-mailing may degrade performance.
Compromises security settings: Deletes registry subkeys, some of which may be security-related.
Distribution
Subject of email: The subject is blank.
Name of attachment: Varies
Ports: TCP port 80

Read the full Symantec report here

W32.Starimp
Discovered September 12, 2005
Systems Affected: All Windows32 Systems

W32.Starimp is a worm that spreads through peer to peer networks, steals password details, and can download and execute remote files.

Payload Trigger: n/a
Payload: n/a
Degrades performance: Monitors Internet Explorer which may degrade performance.
Causes system instability: Injects the file mcfCC4.dll into some randomly selected processes.
Releases confidential info: Attempts to steal account details for online account access.
Distribution
Target of infection: Imesh and Kazaa

Read the full Symantec report here

VBS.Inker.B@mm
Discovered September 13, 2005
Systems Affected: All Windows32 Systems

VBS.Inker.B@mm is a mass-mailing worm that changes icons, swaps mouse buttons, and lowers computer secuirty settings.

Payload Trigger: n/a
Payload: Changes icons, swaps mouse buttons, and lowers computer secuirty settings.
Large scale e-mailing: Sends emails via Microsoft Outlook to all contacts in the Microsoft Windows Address Book.
Degrades performance: Creates a mass-mailing of itself which may clog mail servers or degrade network performance.
Compromises security settings: Lowers security settings by terminating security related processes, deleting security-related files and folders, and blocking access to security-related Web sites.
Distribution
Subject of email: Hotmail Password Finder Downloads
Name of attachment: Ipnuker.vbs

Read the full Symantec report here

W32.Kelvir.II
Discovered September 14, 2005
Systems Affected: All Windows32 Systems

W32.Kelvir.II is a worm that spreads through MSN Messenger and downloads a copy of another threat, which is a Backdoor.Sdbot variant.

Payload Trigger: n/a
Payload: Downloads a copy of another threat, which is a Backdoor.Sdbot variant.
Distribution
Target of infection: Spreads via MSN Messenger.

Read the full Symantec report here

W32.Esbot.D
Discovered September 14, 2005
Systems Affected: Windows 2000

W32.Esbot.D is a worm that exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) and opens a back door that allows a remote attacker access to the compromised computer.

Payload Trigger: n/a
Payload: Opens a back door that allows a remote attacker to have unauthorized access to the compromised computer.
Causes system instability: Spreads by exploiting vulnerabilities, which may cause system instability.
Distribution
Ports: TCP ports 9000 and 9059
Target of infection: Targets computers that can be exploited by the Microsoft Windows Plug and Play Service Vulnerability (MS05-039)

Read the full Symantec report here

W32.Mytob.JM@mm
Discovered September 14, 2005
Systems Affected: All Windows32 Systems

W32.Mytob.JM@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Payload Trigger: n/a
Payload: Downloads files
Large scale e-mailing: Uses it's own SMTP engine to email itself to addresses it has gathered.
Degrades performance: Mass-mailing may degrade performance.
Compromises security settings: Attempts to end processes and blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 3742

Read the full Symantec report here

W32.Iberio
Discovered September 16, 2005
Systems Affected: Windows 2000

W32.Iberio is a worm with back door capabilities that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

Payload Trigger: n/a
Payload: Opens a back door that allows a remote attacker to have unauthorized access to the compromised computer.
Degrades performance: Downloads remote files, which may degrade network performance.
Causes system instability: Spreads by exploiting vulnerabilities, which may degrade the compromised computer's performance.
Distribution
Target of infection: The Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

Read the full Symantec report here

W32.Mytob.JN@mm
Discovered September 15, 2005
Systems Affected: All Windows32 Systems

W32.Mytob.JN@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Uses its own SMTP engine to email a copy of itself to email addresses it finds.
Compromises security settings: Attempts to end processes and blocks access to security-related Web sites.
Distribution
Subject of email: Account Alert
Ports: TCP port 4891

Read the full Symantec report here

W32.Pexmor@mm
Discovered September 16, 2005
Systems Affected: All Windows32 Systems

W32.Pexmor@mm is a mass-mailing worm that sends a copy of itself as an email attachment using its own SMTP engine.

Payload Trigger: n/a
Payload: Creates a mass-mailing of itself, which may clog mail servers or degrade system and network performance.
Large scale e-mailing: Sends a copy of itself as an email attachment using its own SMTP engine.
Distribution
Subject of email: Curiosidades en la red
Name of attachment: bailando.vbe

Read the full Symantec report here

W32.Dafet.A
Discovered September 16, 2005
Systems Affected: All Windows32 Systems

W32.Dafet.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039).

Payload Trigger: n/a
Payload: Attempts to download and executeds a variant of Backdoor.Trojan.
Degrades performance: Downloading remote files may degrade network performance.
Causes system instability: Spreads by exploiting vulnerabilities, which may cause system instability.
Distribution
Target of infection: Targets computers that can be exploited by the Microsoft Windows Plug and Play Service Vulnerability (MS05-039).

Read the full Symantec report here

W32.Lanieca.H@mm
Discovered September 18, 2005
Systems Affected: All Windows32 Systems

W32.Lanieca.H@mm is a mass-mailing worm that uses its own SMTP engine to send itself to addresses it gathers from the compromised computer. The worm also logs keystrokes and steals various passwords.

Payload Trigger: n/a
Payload: n/a
Releases confidential info: Logs key strokes. Collects password information.
Distribution
Subject of email: Varies
Name of attachment: Varies with .zip file extension

Read the full Symantec report here

W32.Looked.F
Discovered September 18, 2005
Systems Affected: All Windows32 Systems

W32.Looked.F is a worm that spreads through network shares and attempts to infect .exe files. It also lowers security settings and downloads and executes a remote file.

Payload Trigger: n/a
Payload: Lowers security settings and infects .exe files.
Distribution
Target of infection: Infects .exe files.

Read the full Symantec report here

W32.P2load.A
Discovered September 18, 2005
Systems Affected: All Windows32 Systems

W32.P2load.A is a worm that spreads through file-sharing networks, such as Kazaa, eMule, Shareaza, and iMesh.

Payload Trigger: n/a
Payload: Modifies the hosts file
Compromises security settings: Modifies the hosts file
Distribution
Target of infection: File-sharing networks

Read the full Symantec report here

W32.Peerload.A
Discovered September 18, 2005
Systems Affected: All Windows32 Systems

W32.Peerload.A is a worm that spreads through file-sharing networks, such as Kazaa, eMule, Shareaza, and iMesh.

Payload Trigger: n/a
Payload: Modifies the hosts file
Compromises security settings: Modifies the hosts file
Distribution
Target of infection: File-sharing networks

Read the full Symantec report here

W32.Ahker.N@mm
Discovered September 20, 2005
Systems Affected: All Windows32 Systems

W32.Ahker.N@mm is a mass-mailing worm that sends a copy of itself to email addresses gathered from the compromised computer and performs a denial of service attack against the www.cnn.com domain.

Payload Trigger: Performs a denial of service attack against the www.cnn.com domain.
Payload: n/a
Large scale e-mailing: Emails itself to addresses it has gathered on the compromised computer
Distribution
Subject of email: Varies
Name of attachment: Mini-Game.zip

Read the full Symantec report here

W32.Mytob.JS@mm
Discovered September 21, 2005
Systems Affected: All Windows32 Systems

W32.Mytob.JS@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Payload Trigger: n/a
Payload: Downloads and executes remote files.
Large scale e-mailing: Spreads by mass-mailing itself to addressed gathered on the compromised computer.
Compromises security settings: Stops processes and blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 6667

Read the full Symantec report here

W32.Lanieca.I@mm
Discovered September 22, 2005
Systems Affected: All Windows32 Systems

W32.Lanieca.I@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it gathers from the compromised computer. It logs keystrokes and steals various passwords.

Payload Trigger: n/a
Payload: Installs a keylogger and steals passwords.
Large scale e-mailing: Uses its own SMTP engine to send itself to the email addresses that it finds.
Degrades performance: Mass-mailing may degrade performance.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .zip file extension

Read the full Symantec report here

W32.Rontokbro@mm
Discovered September 23, 2005
Systems Affected: All Windows32 Systems

W32.Rontokbro@mm is a mass-mailing worm that causes system instability.

Payload Trigger: n/a
Payload:
Large scale e-mailing: Sends a mass-mailing of itself.
Modifies files: Overwrites the c:\autoexec.bat file.
Degrades performance: Mass-mailing may degrade performance.
Distribution
Subject of email: The subject of the email is left blank.
Name of attachment: Kangen.exe

Read the full Symantec report here

W32.Autex.C
Discovered September 24, 2005
Systems Affected: All Windows32 Systems

W32.Autex.C is a worm that spreads by copying itself to mapped drives on a compromised computer.

Payload Trigger: n/a
Payload: Copies itself to network shares.

Read the full Symantec report here

W32.Erkez.F@mm
Discovered September 25, 2005
Systems Affected: All Windows32 Systems

W32.Erkez.F@mm is a mass-mailing worm that sends itself to email addresses gathered from the compromised computer. It attempts to disable antivirus and security processes.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Compromises security settings: Lowers security settings by terminating processes.
Distribution
Subject of email: Varies.
Name of attachment: Varies.

Read the full Symantec report here

W32.Suclove.A@mm
Discovered September 25, 2005
Systems Affected: All Windows32 Systems

W32.Suclove.A@mm is a mass-mailing worm that uses MS Outlook to send a copy of itself to other users. It also spreads through MIRC, and opens a back door.

Payload Trigger: n/a
Payload: Opens a back door that allows a remote attacker to have unauthorized access to the compromised computer.
Large scale e-mailing: Uses MS Outlook to send a copy of the worm to all users in the Outlook address book.
Degrades performance: Creates a mass-mailing of itself, which may impact performance.
Releases confidential info: Attempts to steal confidential system information.
Distribution
Subject of email: Read my letter for you
Size of attachment: LoveLetter.doc.exe
Ports: TCP port 1111

Read the full Symantec report here

W32.Netsky.AN@mm
Discovered September 26, 2005
Systems Affected: All Windows32 Systems

W32.Netsky.AN@mm is a mass-mailing worm which also spreads through shared network folders.

Payload Trigger: n/a
Payload: Creates a mass-mailing of itself.
Large scale e-mailing: Sends itself to the email addresses found in files with certain extensions.
Degrades performance: Mass-mailing may clog mail servers or degrade network performance.
Distribution
Subject of email: Varies
Name of attachment: Varies

Read the full Symantec report here

W32.Mydoom.CI@mm
Discovered September 26, 2005
Systems Affected: All Windows32 Systems

W32.Mydoom.CI@mm is a mass-mailing worm that opens a back door and uses its own SMTP engine to spread through email.

Payload Trigger: n/a
Payload: Opens a back door on the compromised computer allowing unauthorised access to a remote attacker.
Large scale e-mailing: Sends an email to addresses gathered from the compromised computer.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 1034

Read the full Symantec report here

Backdoor.Hesive
Discovered September 27, 2005
Systems Affected: All Windows32 Systems

Backdoor.Hesive is a Trojan horse that opens a back door on the compromised computer and allows a remote attacker unauthorized access. The Trojan may arrive as a Microsoft Access file that exploits the Microsoft Jet Database Engine Malformed Database File Buffer Overflow Vulnerability (described in Bugtraq ID 12960).

Payload Trigger: n/a
Payload: Opens a back door that allows a remote attacker to have unauthorized access to the compromised computer.
Degrades performance: Downloads remote files, which may have an impact on network performance.
Releases confidential info: Allows a remote attacker to steal confidential information.
Distribution
Ports: TCP port 8088

Read the full Symantec report here

W32.Magflag.A@mm
Discovered September 28, 2005
Systems Affected: All Windows32 Systems

W32.Magflag.A@mm is a mass-mailing worm that also spreads to file sharing networks. It also downloads and executes remote files.

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Compromises security settings: Modifies a registry entry in an attempt to bypass the Windows firewall.
Distribution
Subject of email: Varies
Name of attachment: Rechnung.pdf.exe
Target of infection: Spreads through Limewire file-sharing network.

Read the full Symantec report here

W32.Alcra.D
Discovered September 28, 2005
Systems Affected: All Windows32 Systems

W32.Alcra.D is a worm that attempts to propagate through file-share network LimeWire and attempts to disable several programs on the compromised computer. It also drops a W32.Spybot.Worm variant onto the compromised computer.

Payload Trigger: n/a
Payload: Drops and runs a variant of W32.Spybot.Worm.
Modifies files: Propagation through file-share networks may impact network bandwidth.
Causes system instability: Disables or overwrites several programs.
Distribution
Target of infection: LimeWire peer-to-peer file-sharing software

Read the full Symantec report here

   
     
© Copyright 1999 - 2005 The Computer Wizard