Virus alerts for Dec 2006 Current virus alerts here. |
We stock the most efficient anti virus program which checks for updates hourly.
Contact Us for a free antivirus trial to the end of this month.
Most recent malware, computer viruses, worms, Trojan horses, spyware and adware.W32.Spybot.AMTE - W32.Jhad - W32.Tanexor.A - W32.Koddro@mm - Bloodhound.Olexe - Trojan.Lydra - W32.Bakain - Trojan.Coldung - W32.Chatosky - Trojan.Dowiex!inf - W32.Pagipef.B - W32.Stration.EL@mm - W32.Memesa - Backdoor.Wualess.B - Bloodhound.Exploit. - W32.Sagevo - Trojan.Iesguide - Trojan.Daum - Trojan.Mdropper.U - Trojan.Mdropper.T - Trojan.Shipli - W32.Dizan - Trojan.Skintrim - W32.Yautoit.N - Trojan.Huanux - Bloodhound.Exploit.106 - Bloodhound.Exploit.104 - Bloodhound.Exploit.103 - Bloodhound.Exploit.102 - Bloodhound.Exploit.101 - W32.Selfish 12-11-2006 - Bloodhound.Exploit.105Confused? What is malware? Click here for the definition.W32.Spybot.AMTE December 24, 2006 W32.Spybot.AMTE is a worm that spreads through mIRC and to network shares protected by weak passwords. It also spreads by exploiting some vulnerabilities. Discovered: December 22, 2006 When W32.Spybot.AMTE is executed, it performs the following actions: 1. Copies itself as the following file: %Windir%\symtea.exe Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt. 2. Adds the value: "Microsoft"="symtea.exe" to the following registry subkeys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so that it executes whenever Windows starts. 3. Modifies the following files in order to disable Windows File Protection: * %System%\sfc.dll Note: 4. Modifies the following files in order to disable the half-open connections limit introduced with Windows XP SP2: * %System%\dllcache\tcpip.sys 5. Modifies the value: "EnableDCom" = "N" to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE to lower security settings 6. Modifies the value: "restrictanonymous" = "1" to the registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa to lower security settings 7. Opens a back door and connects to the IRC server symtec.easypwn.com on port 2007 or 666, allowing the remote attacker to perform the following actions on the compromised computer: * Copy or delete files 8. Spread by exploiting the following vulnerabilities: * The Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) 9. Attempts to spread through mIRC and to network shares protected by weak passwords. Contact Us for a free antivirus trial to the end of this month. W97M.Mxfile.M December 09, 2006W97M.Mxfile.M is a macro virus which spreads by infecting Microsoft Word documents and the global template, Normal.dot. When a document that is infected with the virus is opened or closed, the macro performs the following actions: 1. Changes the following Microsoft Word options: * Turns off screen updating to speed up the macro code. 2. Infects all open Microsoft Word documents and the Normal.dot template file with a viral macro module named ANTIMACROS. Contact Us for a free antivirus trial to the end of this month. W32.Mixor.K@mm December 04, 2006Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP W32.Mixor.K@mm is a mass-mailing worm that drops additional malware on the compromised computer. When W32.Mixor.K@mm is executed, it performs the following actions: 1. Creates the following files: * %System%\nordsys.exe Notes: 2. Adds the value: "Nord" = "%System%\nordsys.exe" to the registry subkeys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so that it runs every time Windows starts. 3. Modifies the value: "Start" = "4" in the registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess to disable the Windows firewall and the Shared Access service. 4. Gathers email addresses from the Windows Address Book by checking the file linked to the following registry subkey: HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name 5. Gathers email addresses from files with the following extensions on all fixed drives: * .htm 6. Ends security-related processes, if one of the following words is included in the window title: * mcafee 7. Uses its own SMTP engine to send itself to the email addresses that it finds. The email has the following characteristics: From: [Spoofed] Subject: * White house news! Message body: * For read this news open file Attachment: * CNN latest news.exe Contact Us for a free antivirus trial to the end of this month. Malware is software designed to infiltrate or damage a computer system, without the owner's consent. The term is a combination of "mal-" (or perhaps "malicious") and "software", and describes the intent of the creator, rather than any particular features. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and adware. In law, malware is sometimes known as a computer contaminant. Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains errors or bugs. Most Prevalent Global Malware W32.Spybot.AMTE Most Prevalent Global Malware Infostealer.Aobys |