My Account

Home PHP Scripts Contact News RSS Readers Donations

Malware

	Enter your search terms Submit search form
	Web www.amigura.co.uk

Main

Security

Malware
MSNBC Security
Security Fix
Security World News
Random Feeds

Archives

| Aug 2008 | Jul 2008 | Jun 2008 | May 2008 |

Thu, 29 May 08
CRYP_TAP-2
http://feeds.feedburner.com/~r/MalwareTop10/~3/243316604/default5.asp
This virus has been renamed to MAL_VUNDO-4.

Thu, 29 May 08
CRYP_TAP
http://feeds.feedburner.com/~r/MalwareTop10/~3/237506580/default5.asp
This virus has been renamed to MAL_VUNDO.

Thu, 29 May 08
BKDR_SALITY.AE
http://feeds.feedburner.com/~r/MalwareTop10/~3/244102754/default5.asp

This backdoor program is usually dropped by PE_SALITY.AE.

Once registered, this backdoor program inserts its process in all running processes of an affected machine.

This is Trend Micro's detection for a .DLL file used by other malware programs in performing their malicious routines. One of the said routines include searching for an Internet connection by accessing a valid Microsoft Web site. If there is an Internet connection, this backdoor then attempts to download possibly malicious files from the Internet.

It opens a random port and awaits for commands, which it executes locally, from a remote malicious user.

Thu, 29 May 08
WORM_GAOBOT.DF
http://feeds.feedburner.com/~r/MalwareTop10/~3/171365963/default5.asp


This worm spreads via network shares, and takes advantage of the Windows vulnerabilities whose descriptions are found in the following Microsoft Web pages:

• Microsoft Security Bulletin MS03-039
• Microsoft Security Bulletin MS04-011

It spreads by attempting to drop a copy of itself in the target addresses' default shares. If the said shares is password-protected, it uses NetBEUI functions to gather a list of user names and passwords, as well as a list of hardcoded user names and passwords as its login credentials.

Using a random port, it connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for commands from a remote malicious user. The said commands are executed locally on affected machines. This routine compromises system security and opens the affected machine to further attacks.

It performs denial of service (DoS) attacks against target sites using different flood methods. It terminates certain processes found running in memory.

This worm is also capable of gathering and stealing Microsoft product keys and CD keys from popular gaming applications installed on affected machines.

Thu, 29 May 08
POSSIBLE_OTORUN1
http://feeds.feedburner.com/~r/MalwareTop10/~3/214177340/default5.asp
This malware has been renamed to MAL_OTORUN1.

Thu, 29 May 08
PE_TRATS.A-O
http://feeds.feedburner.com/~r/MalwareTop10/~3/215996938/default5.asp


To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

This file infector may be dropped by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

It drops another malware detected by Trend Micro as TROJ_TRATS.A.

It targets EXE files for infection. Its infection routine involves sandwiching a target file between its code and TROJ_TRATS.A's code. When an infected file is executed, normal file operation is still performed but, at the same time, the infection cycle is triggered all over again.

Thu, 29 May 08
BKDR_RBOT.EBH
http://feeds.feedburner.com/~r/MalwareTop10/~3/207213106/default5.asp


Upon execution, this memory-resident backdoor drops a copy of itself as CSRRS.EXE in the Windows system folder.

Using random TCP ports, it connects to a specific Internet Relay Chat (IRC) server to receive commands from a remote user. The said commands are executed locally on the affected computer, effectively compromising its security.

It uses a predefined list of user names and passwords to log on to target computers.

In addition, it terminates processes, which are mostly related to antivirus applications ans security programs. It also launches denial of service (DoS) attacks using different flooding methods.

Thu, 29 May 08
BKDR_IRCBOT.AGF
http://feeds.feedburner.com/~r/MalwareTop10/~3/234541026/default5.asp


This backdoor arrives as a downloaded file from the Internet. It may also arrive as a downloaded file from a peer-to-peer (P2P) network.

It drops a copy of itself as SVCHOST.EXE, disguising itself as a legitimate file to avoid easy detection. It sets its attributes to hidden and system. It also displays the following fake error message, stating that the installer is corrupted:



It connects to an Internet Relay Chat (IRC) server and joins a channel by opening a random TCP port. It then waits for commands from a remote user. The said commands are executed locally, thus compromising the affected system.

This backdoor also attempts to act as a P2P server/client to enable downloading of a copy of itself by users connected to a specified P2P network.

Sat, 3 May 08
CRYP_TAP-2
http://feeds.trendmicro.com/~r/MalwareTop10/~3/243316604/default5.asp
This virus has been renamed to MAL_VUNDO-4.

Sat, 3 May 08
CRYP_TAP
http://feeds.trendmicro.com/~r/MalwareTop10/~3/237506580/default5.asp
This virus has been renamed to MAL_VUNDO.

Sat, 3 May 08
BKDR_SALITY.AE
http://feeds.trendmicro.com/~r/MalwareTop10/~3/244102754/default5.asp

This backdoor program is usually dropped by PE_SALITY.AE.

Once registered, this backdoor program inserts its process in all running processes of an affected machine.

This is Trend Micro's detection for a .DLL file used by other malware programs in performing their malicious routines. One of the said routines include searching for an Internet connection by accessing a valid Microsoft Web site. If there is an Internet connection, this backdoor then attempts to download possibly malicious files from the Internet.

It opens a random port and awaits for commands, which it executes locally, from a remote malicious user.

Sat, 3 May 08
WORM_GAOBOT.DF
http://feeds.trendmicro.com/~r/MalwareTop10/~3/171365963/default5.asp


This worm spreads via network shares, and takes advantage of the Windows vulnerabilities whose descriptions are found in the following Microsoft Web pages:

• Microsoft Security Bulletin MS03-039
• Microsoft Security Bulletin MS04-011

It spreads by attempting to drop a copy of itself in the target addresses' default shares. If the said shares is password-protected, it uses NetBEUI functions to gather a list of user names and passwords, as well as a list of hardcoded user names and passwords as its login credentials.

Using a random port, it connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for commands from a remote malicious user. The said commands are executed locally on affected machines. This routine compromises system security and opens the affected machine to further attacks.

It performs denial of service (DoS) attacks against target sites using different flood methods. It terminates certain processes found running in memory.

This worm is also capable of gathering and stealing Microsoft product keys and CD keys from popular gaming applications installed on affected machines.

Sat, 3 May 08
POSSIBLE_OTORUN1
http://feeds.trendmicro.com/~r/MalwareTop10/~3/214177340/default5.asp
This malware has been renamed to MAL_OTORUN1.

Sat, 3 May 08
PE_TRATS.A-O
http://feeds.trendmicro.com/~r/MalwareTop10/~3/215996938/default5.asp


To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

This file infector may be dropped by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

It drops another malware detected by Trend Micro as TROJ_TRATS.A.

It targets EXE files for infection. Its infection routine involves sandwiching a target file between its code and TROJ_TRATS.A's code. When an infected file is executed, normal file operation is still performed but, at the same time, the infection cycle is triggered all over again.

Sat, 3 May 08
BKDR_RBOT.EBH
http://feeds.trendmicro.com/~r/MalwareTop10/~3/207213106/default5.asp


Upon execution, this memory-resident backdoor drops a copy of itself as CSRRS.EXE in the Windows system folder.

Using random TCP ports, it connects to a specific Internet Relay Chat (IRC) server to receive commands from a remote user. The said commands are executed locally on the affected computer, effectively compromising its security.

It uses a predefined list of user names and passwords to log on to target computers.

In addition, it terminates processes, which are mostly related to antivirus applications ans security programs. It also launches denial of service (DoS) attacks using different flooding methods.

Sat, 3 May 08
BKDR_IRCBOT.AGF
http://feeds.trendmicro.com/~r/MalwareTop10/~3/234541026/default5.asp


This backdoor arrives as a downloaded file from the Internet. It may also arrive as a downloaded file from a peer-to-peer (P2P) network.

It drops a copy of itself as SVCHOST.EXE, disguising itself as a legitimate file to avoid easy detection. It sets its attributes to hidden and system. It also displays the following fake error message, stating that the installer is corrupted:



It connects to an Internet Relay Chat (IRC) server and joins a channel by opening a random TCP port. It then waits for commands from a remote user. The said commands are executed locally, thus compromising the affected system.

This backdoor also attempts to act as a P2P server/client to enable downloading of a copy of itself by users connected to a specified P2P network.

Home | Contact | PHP Scripts | Sitemap | News | Jobs | RSS Readers | Donations

© amigura.co.uk All Rights Reserved.