PRODUCTS > Computer Virus Alerts - Archive

Virus alerts for Aug 2005

By the time you receive the e-mail 'virus alert' it can be too late!
We stock the most efficient anti virus program which checks for updates hourly

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Virus Alerts August 2005

August 26 2005 To JX and Beyond - WORM_MYTOB.JX

WORM_MYTOB.JX is a non-destructive, memory-resident worm that propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

Using its own SMTP mail engine makes it easier for this worm to send out email messages, while maintaining transparency on the affected system. This worm is currently spreading in-the-wild and infecting systems running Windows NT, 2000 and XP.

This worm also propagates by dropping a copy of itself in accessible network shares. It accesses an affected system by logging on using the account of the currently logged-on user. It also propagates across networks by taking advantage of the Windows LSASS vulnerability discussed in detail in Microsoft Security Bulletin MS04-011.

This worm has backdoor capabilities that open a random port, which allows a remote user to perform malicious commands on the affected machine. This routine provides remote users virtual control over affected systems, thereby compromising system security.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from August 19 to August 25, 2005)

1. WORM_NETSKY.P
2. WORM_SDBOT.BKW
3. HTML_NETSKY.P
4. JAVA_BYTEVER.A
5. WORM_SOBER.S
6. TROJ_ROOTKIT.N
7. ADW_BADBITOR.A
8. SPYW_GATOR
9. SPYW_DASHBAR.300
10. TSPY_SMALL.SN

August 26 2005 Update on MSN Worm

Worm Kelvir which crawls into Microsoft instant messenger was detected in February 2005. Now a new variant Kelvir.HI uses your own language against you.

This one actually checks your configurations to determine the language being used and then send you a nice little message in your own language. "haha I found your picture!" is the key phrase and a link goes with it. You click on the link and then your computer becomes infected.

This little worm affects Windows 95, Windows 98, Windows ME, Windows 2000, Windows NT, Windows Server 2003 and Windows XP.

It just means users of MSN's instant messaging service have to be more careful of what they do as more and more worms work their way into people's computers.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

August 19 2005 "Zotob", "Bozori", and "IRCbot" Worms

Over the past week, variants of three unique worms, "Zotob", "Bozori", and "IRCbot" started to shut down systems at several major media outlets and businesses around the world. The latest variants of Bozori even remove competing viruses like Zotob from the machines.

Larger organizations may be infected by their own employees who take their laptops home, reconnecting to the internal system the next day.

These viruses exploit the recently announced vulnerability in Microsoft Windows Plug and Play (MS05-039). They are classified as worms with bot capabilities, meaning that they have the capability to propagate via a network of “zombie” computers that have been infected without the user's knowledge. WORM_ZOTOB.D infects computer systems running Windows 95, 98, ME and 2000. WORM_RBOT.CBQ infects computer systems running Windows 98, ME, NT, 2000, XP, and Server 2003.

These two specific worms are the most prolific of six bots that are currently spreading in-the-wild. All six bots utilize the same exploit code, which was posted to a public Internet site days prior to Microsoft’s announcement. They all have the same core functionality, but have added new code functionality, such as a mass mailer as seen in WORM_ZOTOB.C. This has led to faster and more widespread proliferation around the world.

Both worms also have backdoor capabilities, and may execute commands coming from a remote malicious user. This provides remote users virtual control over affected systems, thereby compromising system security. As part of its backdoor capabilities WORM_ZOTOB.D, retrieves system information such as CPU speed and memory size. As a form of an anti-debugging technique, it also gathers Web sites from RSS feeds, then randomly sends these sites as messages in the IRC channel they are connected to. It does this in order to confuse or mislead anyone who is monitoring the IRC channel for the real IRC commands it issues.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from August 12 to August 18, 2005)

1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. TROJ_BAGLE.BI
5. WORM_SOBER.S
6. ADW_BADBITOR.A
7. SPYW_GATOR
8. TSPY_SMALL.SN
9. SPYW_DASHBAR.300
10. TROJ_DYFUCA.I

August 18 2005

12website.com has declared a Medium Risk Virus Alert to control the spread of WORM_ZOTOB.D and WORM_RBOT.CBQ. 12website.com has received several infection reports indicating that this malware is spreading in Brazil and the U.S.A.

WORM_ZOTOB.D is a memory-resident worm that drops a copy of itself in the %System%\wbev folder as WINDRG32.EXE.

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP.)

It takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. For more information regarding this vulnerability, refer to the Microsoft Security Bulletin MS05-039 found in the following Web page:

http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx

(Note: This propagation routine works only on NT-based systems (Windows NT, 2000, XP, and Server 2003), because the Microsoft Windows Plug and Play vulnerability exists only on these platforms.)

It also has backdoor capabilities, and may execute commands coming from a remote malicious user. This provides remote users virtual control over affected systems, thus compromising system security.

As a form of an anti-debugging technique, this worm also gathers Web sites from RSS feeds, then randomly sends these sites as messages in the IRC channel it is connected to. It does this in order to confuse or mislead anyone who is monitoring the IRC channel from the real IRC commands it issues.

WORM_RBOT.CBQ is a memory-resident worm that drops a copy of itself in the Windows system folder as WINTBP.EXE.

This worm also takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. This propagation routine works only on Windows NT and 2000, as the Microsoft Windows Plug and Play vulnerability exists only on these platforms.

This worm also connects to an IRC server, joins a specific channel and then sends the following messages:

• {Random} :ER DL FH
• {Random} :ER DL IF

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

August 12 2005 - Chasing CHOD - WORM_CHOD.D

WORM_CHOD.D is a non-destructive, memory-resident worm that propagates via email and MSN Messenger. It spreads via email by sending copies of itself as an attachment to email messages,by gathering addresses from the Windows registry of affected machines. It spreads via MSN Messenger by sending a URL to all available contacts in the messaging application. Once the users click the URL, they are immediately redirected to a Web site, where this worm automatically downloads itself. This worm is currently spreading in-the-wild and infecting computers running Windows ME, NT, 2000, XP and Server 2003.

Upon execution, it creates a randomly generated folder in the Windows system folder and drops files in this created folder. It also modifies a particular registry entry to disable the services used by some antivirus products.

The worm's backdoor capabilities attempt to open port 37737 to connect to a certain Internet Relay Chat (IRC) server. If it fails to open the port, it attempts to open random TCP ports. It then joins a particular IRC channel, where it waits for malicious commands from a remote malicious user. It also tries to use a password recovery tool to retrieve passwords available on an affected system. It can send the obtained information to the malicious user using its backdoor capabilities.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from August 5 to August 11, 2005)

1. HTML_NETSKY.P
2. WORM_NETSKY.P
3. JAVA_BYTEVER.A
4. ADW_BADBITOR.A
5. SPYW_GATOR
6. TSPY_SMALL.SN
7. SPYW_DASHBAR.300
8. TROJ_DYFUCA.I
9. WORM_SOBER.S
10. WORM_NETSKY.D

August 05 2005 - Snippy XIPI - WORM_XIPI.A

WORM_XIPI.A is a memory-resident worm that propagates by dropping copies of itself into shared folders of popular peer-to-peer (P2P) file sharing applications. It can also propagate by sending a copy of itself as an attachment to an email message, which it sends using its own Simple Mail Transfer Protocol (SMTP) engine. It may also email itself to random contacts found in the Microsoft Outlook address book. This worm is currently spreading in-the-wild and infecting systems that run on Windows 95, 98, ME, NT, 2000, and XP.

Upon execution, this worm drops a copy of itself in the Windows system folder as JXEF1104.EXE. It creates a .ZIP file in the folder where it was originally executed. The file name used for the .ZIP file is the same as the file name ofthe worm. The .ZIP file contains a folder, which is named after the last 3 letters of the folder that contains it (for example, if the worm is executed in the system’s Desktop, then the folders’ name is top). This folder contains a copy of the worm. Also, it creates the file JXEF_N3X763N3R47ION.TEA in the system’s root drive, which is an encrypted copy of the worm. The worm also drops files in the Windows system folder.

This worm attempts to propagate by dropping copies of itself into known shared folders of popular peer-to-peer file sharing applications. It can also propagate by sending a copy of itself as an attachment to an email message, which it sends using its own SMTP engine. It may email itself to random contacts found in the Microsoft Outlook address book.

The worm performs a stealth mechanism of injecting its code into EXPLORER.EXE, enabling it to run together with Windows Explorer. This allows its process to remain invisible under the Windows’ Task Manager.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from July 29 to August 4, 2005)

1. JAVA_BYTEVER.A
2. HTML_NETSKY.P
3. SPYW_GATOR
4. TSPY_SMALL.SN
5. SPYW_DASHBAR.300
6. WORM_NETSKY.P
7. WORM_SOBER.K
8. TROJ_DYFUCA.I
9. SPYW_WEBSEARCH.A
10. ADW_HOTBAR.A

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

12website has a maintenance program for our clients to ensure their will not be 'let down' by an inefficient computer.

Computer maintenance is necessary to keep your machine running smoothly without down time.