دسته
آمار وبلاگ
تعداد بازدید : 85629
تعداد نوشته ها : 1081
تعداد نظرات : 722
Rss
طراح قالب

MicroWorld Virus Alerts

Name : Win32.Nurech.ac
Type : Trojan Downloader
How it spreads : Internet downloads
Prevalence : High
Affected operating systems : Windows
Aliases : Troj/DwnLdr-GAT
Date of surface : 29 jan 2007
Win32.Nurech.ac is a Trojan Downloader infecting Windows platform all round the world.

Win32.Nurech.ac includes following functionality:
1.To download code from the internet.
2.To leave non-infected files on computer.
3.To access the internet and communicate with a remote server via HTTP.
For more information on Win32.Nurech.ac virus click here

Name : Win32.SdBot.bcf
Type : Worm
How it spreads : Network shares, Emails
Prevalence : Medium
Affected operating systems : Windows
Aliases : W32/Sdbot-CXO
Date of surface : 27 jan 2007
Win32.SdBot.bcf is a Backdoor worm infecting windows platform with following functionality:
1.To enable remote access.
2.To allow others to access the computer.
3.To install itself in the Registry.
For more information on Win32.SdBot.bcf virus click here

Name : Win32.Agent.bet
Type : Tojan downloader
How it spreads : Emails, Internet downloads
Prevalence : High
Affected operating systems : Windows
Aliases : Trojan.Peacomm, Troj/DwnLdr-FYD, TROJ_SMALL.EDW
Date of surface : 20 jan 2007
Win32.Agent.bet rides on a mass mailing Trojan coming with smart subject lines along with attachments like FullClip.exe, Full Story.exe, Video.exe and Read More.exe.
For more information on Win32.Agent.bet virus click here

Name : Win32.Fujack.i
Type : Virus
How it spreads : Network shares, Internet browsing
Prevalence : Medium
Affected operating systems : Windows
Aliases : W32/Fujacks-I, WORM_FUJACKS.OF
Date of surface : 16 Jan 2007
Win32.Fujack.i is a Virus infecting Windows platform all round the world.It even has a backdoor functionality.

Its additional functionaliy include:
1.To acces the internet.
2.To communicate with a remote server via HTTP.
3.To download code from internet.
4.To drop more malware.
5.To steal information.
6.To install itself in the registry.
7.To open links to websites.
For more information on Win32.Fujack.i virus click here

Name : Lokkest
Type : worm
How it spreads : emails, Chat windows
Prevalence : High
Affected operating systems : windows
Aliases : N/A
Date of surface : 6 jan 2007
Lokkest is a mass-mailing worm that gathers email addresses from the compromised computer.

It Gathers email addresses from files with the following extensions:

1).jsp
2).php
3).txt
4).asp
5).shtm
6).htm

Uses its own SMTP engine to send a copy of itself to the gathered email addresses.

The email has the following characteristics:

Subject:
One of the following:
-hey remember me?
-You have 1 day left
-Re: Details
-Your IP was logged
-Re: Thank you


Message:
One of the following:
-just look it
-Details are in the attached document.
-Information about you
-Something about you
-Take it, and mail me back to tell what you think about it!


Attachment:
One of the following with .scr extension:
-picture2393.jpg
-maildocument.doc
-document.doc
-log.txt
- my_picture.jpg
-picture_pack.rar
-maildocument.rar
-document.rar
- logfile.rar
-zipfile.rar


Spreads through Yahoo! Messenger, AOL Instant Messenger, MSN Messenger, and ICQ.

Attempts to stop the following services:

1.Panda Antivirus
2.Norton AntiVirus Auto Protect Service
3.Mcshield

Closes windows that contain any of the following strings:

-Ad-aware
-spyware
-hijack
-kav
-norton
-mcafee
-f- pro
-lockdown
-firewall
-blackice
-avg
-vsmon
-zonea
-spybot
-nod32
-reged
-avp
-troja
-viru
-anti

The worm attempts to modify the TCPIP.SYS driver of Windows XP SP2 machine in the following folders:

%Systemdir%\drivers\TCPIP.SYS
% Systemdir%\dllcache\TCPIP.SYS
%Windir%\ServicePackFiles\i386\TCPIP.SYS
For more information on Lokkest virus click here


 
 

دسته ها :
پنج شنبه هفدهم 12 1385
X