[chadfree] virusinfo Digest V4 #60
- From: "Mike" <mikebike@xxxxxxxxx>
- To: Computer_Help_and_Discussion@xxxxxxxxxxxxxxx, chadfree@xxxxxxxxxxxxx
- Date: Sat, 05 Mar 2005 23:14:03 -0800
virusinfo Digest Sat, 05 Mar 2005 Volume: 04 Issue: 060
In This Issue:
[virusinfo] W32/Forbot-EP
[virusinfo] Panda Weekly report on viruses and intruders - 0
[virusinfo] Panda Top Ten viruses most frequently detected b
----------------------------------------------------------------------
Date: Sat, 05 Mar 2005 09:08:32 -0800
From: "Mike" <mikebike@xxxxxxxxx>
Subject: [virusinfo] W32/Forbot-EP
From; Sophos Alert System:
Name: W32/Forbot-EP
Aliases: Backdoor.Win32.Wootbot.gen
Type: Win32 worm
Date: 5 March 2005
A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the April 2005 (3.92) release of Sophos Anti-Virus.
Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.
At the time of writing, Sophos has received a small number of
reports of this worm from the wild.
Information about W32/Forbot-EP can be found at:
http://www.sophos.com/virusinfo/analyses/w32forbotep.html
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
------------------------------
Date: Sat, 05 Mar 2005 15:08:24 -0800
From: "Mike" <mikebike@xxxxxxxxx>
Subject: [virusinfo] Panda Weekly report on viruses and intruders -=
03/04/05
From; Panda PM Virus Alerts:
- Weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
Madrid, March 4, 2005 - Today's report will focus on two worms -Bagle.BN=
and
Mytob.A-, and two Trojans -Mitglieder.BO and Tofger.AT-.
In order to infect as many computers as possible, the Bagle.BN and
Mitglieder.BO work hand in glove. Mitglieder.BO reaches computers as a file
attached to an email message, called price.zip or price2.zip, among others.
If the user runs this file, the Trojan activates and tries to connect to an
Internet address, from which it downloads the Bagle.BN worm to the=
computer.
When Bagle.BN has been installed on the computer, it sends Mitglieder.BO to
the addresses it finds in a file called EML.EXE, which is also downloaded
from the Internet. To do this, the worm uses its own SMTP engine.
Mitglieder.BO ends the processes belonging to various antivirus and=
security
applications and overwrites the Windows hosts file to prevent users from
connecting to certain web pages.
Bagle.BN opens TCP port 80 and listens for a remote connection to be
established. When this happens, it allows remote access to the infected
computer, allowing actions that compromise confidential user information or
impede the tasks carried out.
The second worm in today's report is Mytob.A, which spreads via email in a
message with variable characteristics and via the Internet. In this case,=
it
attacks random IP addresses, in which it will try to exploit the LSASS
vulnerability.
Mytob connects to an IRC server and waits for remote control commands,=
which
it will carry out on the affected computer. What's more, it deletes the
variants of other worms like Netsky, Sobig, Bagle and Blaster.
The next malicious code is the Tofger.AT Trojan, which is downloaded to the
PC when users access certain web pages, which use different exploits -like
LoadImage, ByteVerify and MhtRedir.gen- to download malware to computers.
This Trojan installs itself as a Browser Helper Object (BHO), so that it is
run whenever Internet Explorer is opened.
Tofger.AT tracks the actions carried out by users and the passwords used to
access web pages through secure HTTPS connections, which are usually used=
to
log on to secure systems like online banking. What's more, whenever it
detects certain names in the URL, it tries to capture the passwords for the
following banks: cajamadrid, bpinet, millenniumbcp, hsbc, barclays,
lloydstsb, halifax, autorize, bankofamerica; bancodevalencia, cajamar,
portal.ccm, bancaja, caixagalicia, caixapenedes, ebankinter, caixasabadell,
bes, banif, millenniumbcp, totta, bancomais, montepiogeral, bpinet,=
patagon,
lacaixa, citibank, bbvanet, banesto, e-trade and unicaja. When it has
captured this information, Tofger.AT sends it to a server.
For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
------------------------------
Date: Sat, 05 Mar 2005 15:27:41 -0800
From: "Mike" <mikebike@xxxxxxxxx>
Subject: [virusinfo] Panda Top Ten viruses most frequently detected by Pan
da
From;
Panda; Oxygen3:
"As is a tale, so is life: not how long it is,
but how good it is, is what matters."
Lucius Annaeus Seneca (2 BC - 65 AD); Roman philosopher.
- Top Ten viruses most frequently detected
by Panda ActiveScan in February -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, March 4, 2005 - According to the data gathered by Panda ActiveScan,
the free online antivirus solution, in February, Downloader.GK was the
malicious code responsible for most attacks on users' computers for the
ninth month running. It is also worth noting the prominence of the
Downloader family -with four of the top ten places- and the dominance of
Trojans in general.
Over the past month, Downloader.GK has caused just over 4.5 percent of
incidents, a significant drop with respect to the figure in January, which
was around 8.5 percent. Close up in second place came Mhtredir.gen (4.03%),
a generic detection for a family of Trojans, followed by the Shinwow.E
Trojan (3.48%), and the only two worms that appear in the ranking: Netsky.P
(3.27%) and Sdbot.ftp (3.04%).
The remaining five places in the Panda ActiveScan Top Ten for February are
occupied by the Trojans Zpachast.D, Downloader.LP, Downloader.ALQ,=
Qhost.gen
and WmvDownloader.A-, with frequency ratings ranging from 1.52 to 2.17
percent.
The following points stand out from the data collected by Panda ActiveScan
in February:
- Strong presence of the Downloader family of Trojans.
The GK variant of Downloader tops the February ranking, which also includes
three other members of the same family. This prominence could be largely=
due
to the numerous malicious actions that Downloader Trojans can take, such as
downloading other malware (adware, spyware, etc.) onto compromised systems,
making them especially useful for their creators who are therefore busy
generating new variants. In fact, this month's ranking includes two
relatively new variants: WmvDownloader.A and Downloader.ALQ, which first
appeared in mid-January and early February respectively.
- Trojan dominance.
Eight of the ten malicious code in the ranking are Trojans, as opposed to
six in January. This shows a continuation of the trend that started in June
2004, when Trojans began to take over from worms as the most frequently
detected infectors. The overriding presence of Trojans in the Panda
ActiveScan Top Ten reflects the intense activity of cyber-crooks, seeking
financial gain by exploiting the fact that Trojans can be used to steal
confidential data which can then be used fraudulently.
- Additional threats.
As was the case in January, several of the most prominent Trojans in
February download and run other types of malware, such as spyware, on=
users'
computers. The main consequence of spyware on PCs is the gathering of
information, including confidential details. If these effects are cause for
concern in home computers, in corporate environments they can result in
serious financial losses, given the time taken by IT staff to resolve the
problem and regain control of the system and the loss of productivity of
employees trying to work their way through the annoying distractions that
these programs create (redirecting websites, pop-ups, etc). More serious
still, the theft of confidential information, including passwords, means
that administrators need to keep a constant watch over each and every
computer to prevent this kind of attack.
To help as many users as possible keep their systems virus free, Panda
Software offers Panda ActiveScan, which now also detects spyware, free of
charge at http://www.pandasoftware.com. Webmasters who would like to=
include
ActiveScan on their websites can get the HTML code, free of charges, at
http://www.pandasoftware.com/partners/webmasters.
Panda Software also offers users Virus Alerts, an e-bulletin in English and
Spanish that gives immediate warning of the emergence of potentially
dangerous malicious code. To receive Virus Alerts just visit Panda
Software's website (http://www.pandasoftware.com) and complete the
corresponding form in the Virus Alerts section.
For more information about these and other malicious code, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia.
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda=
Software's
free online scanner: 1) Netsky.P; 2) Mhtredir.gen; 3) Downloader.GK; 4)
IEstart.D; 5) Shinwow.E.
------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
A Technical Support Alliance and OWTA Charter Member
------------------------------
End of virusinfo Digest V4 #60
******************************
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Was this forwarded to you? Want to subscribe? Send an email
to chadfree-request@xxxxxxxxxxxxx?Subject=subscribe.
For a complete list of email commands for our list send an email
to ecartis@xxxxxxxxxxxxx with a subject line of "info chadfree" without the
quotes.
If you wish to unsubscribe from our list send an email to;
chadfree-request@xxxxxxxxxxxxx?Subject=unsubscribe
To contact the list moderators send an email to
chadfree-moderators@xxxxxxxxxxxxx
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Other related posts:
- » [chadfree] virusinfo Digest V4 #60