PRODUCTS > Computer Virus Alerts - Archive
Virus alerts for Dec 2007
Current virus alerts here.
Computer virus alert
By the time you receive the e-mail 'virus alert' it can be too late!
We stock the most efficient anti virus program which checks for updates hourly

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Most recent malware, computer viruses, worms, Trojan horses, spyware and adware.

Bloodhound.Exploit.167 W32.Pagipef.I W32.Drowor.B W32.Pagipef.I!inf W32.Drowor.B!inf W32.Likasimal Trojan.Voterai Trojan.Quimkids W32.Heular W32.Baki.C Trojan.Quimkit Backdoor.Pharvest!inf Backdoor.Pharvest W32.HLLP.Arcer W32.Dawin W32.Shangxing.A O97M.Dropper W32.Tvido.A Trojan.Astry Backdoor.Bandock.A W32.Motsys W32.Mabezat.A VBS.Invadesys.A W32.Imaut.BH Bloodhound.Exploit.166 W32.Baki.A Trojan.Pidief.B W32.Linkfars VBS.Runauto.E W32.Proyo

Confused? What is malware? Click here for the definition.

W32.Pagipef.I December 01 2007

Type: Worm
Infection Length: 45,056 bytes; 9,397 bytes
Systems Affected: Windows 98, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

The worm spreads by copying itself to local and removable drives C through F as the following file:
[DRIVELETTER]:\pagefile.pif

It also creates the following file so that it executes whenever the drive is accessed:
[DRIVELETTER]:\autorun.inf

Next, the worm ends any processes that contain the following strings:

* asm
* ida
* softice
* ollydbg
* metapad
* mozillauiwindowclass
* ieframe
* cabinetwclass
* 360

It then contacts the following Web site using a hidden instance of Internet Explorer:
[http://]js.k0102.com/ad.asp

The worm also attempts to restart the compu[REMOVED]

The worm also infects executable files on the compromised computer.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.Free trial antivirus

Recommendations

We encourage all users and administrators to adhere to the following basic security "best practices":

* Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
* If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
* Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the Current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
* Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
* Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
* Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
* Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

What is malware?

Malware is software designed to infiltrate or damage a computer system, without the owner's consent. The term is a combination of "mal-" (or perhaps "malicious") and "software", and describes the intent of the creator, rather than any particular features. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and adware. In law, malware is sometimes known as a computer contaminant.

Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains errors or bugs.

Most Prevalent Global Malware
(from September 2007 to October 2007)

Trojan.Randsom.B W32.Scrimge.G W32.Lashplay W32.Scrimge!gen Trojan.Lazdropper W32.Hauxi Infostealer.Monstres W32.Scrimge.E W32.Drowor.A!inf Trojan.Bankpatch!inf Bloodhound.Exploit.152 Bloodhound.Exploit.159 Trojan.Bankpatch W32.Drowor.A Backdoor.Ginwui.F W32.Mimbot.A Bloodhound.Exploit.148 W32.Versie.A W32.Scrimge.A W97M.Necro.A Trojan.Tarodrop.D W32.Vispat.B@mm W32.Romariory@mm W32.Imaut.AS W32.Kibtos W32.Falsu.E Trojan.Peacomm.B!inf Trojan.Virantix W32.Deletemusic Trojan.Farfli W32.Imcontactspam@mm W32.Whybo.U Linux.Backdoor.Rexob Infostealer.Winotim W32.Imautorun W32.Bratsters Trojan.Firpage

Most Prevalent Global Malware
(from 20 July 2007 to 18 August 2007)

Trojan.Randsom.B W32.Scrimge.G W32.Lashplay W32.Scrimge!gen Trojan.Lazdropper W32.Hauxi Infostealer.Monstres W32.Scrimge.E W32.Drowor.A!inf Trojan.Bankpatch!inf Bloodhound.Exploit.152 Bloodhound.Exploit.159 Trojan.Bankpatch W32.Drowor.A Backdoor.Ginwui.F W32.Mimbot.A Bloodhound.Exploit.148 W32.Versie.A W32.Scrimge.A W97M.Necro.A Trojan.Tarodrop.D W32.Vispat.B@mm W32.Romariory@mm W32.Imaut.AS W32.Kibtos W32.Falsu.E Trojan.Peacomm.B!inf Trojan.Virantix W32.Deletemusic Trojan.Farfli W32.Imcontactspam@mm W32.Whybo.U Linux.Backdoor.Rexob Infostealer.Winotim W32.Imautorun W32.Bratsters Trojan.Firpage

Most Prevalent Global Malware
(from June 2007 to July 2007)

W32.Phoney.A W97M.Mupps Bloodhound.Exploit.158 Trojan.Gpcoder.E W32.Himu.A@mm Trojan.Retvorp W32.Atnas.A W32.Fubalca.N!html W32.Fubalca.N W32.Tisandr.A@mm VBS.Pusia Trojan.Maliframe!html Bloodhound.Exploit.155 Bloodhound.Exploit.157 Bloodhound.Exploit.156 W32.Vispat.A@mm Trojan.Botvoice Trojan.Duganss!inf W32.Cassel W32.Netsky.BG@mm W32.Piffle W32.Weakling W32.Hairy.A W32.Tupofse.B!inf W32.Tupofse.B Trojan.Riler.G W32.Daxijesh Trojan.Trickanclick W32.Svich W32.Espoleo W32.Espoleo!inf W32.Pifio W32.Gexin.A Backdoor.Fonamebot W32.Amca WHS.Vred W32.Nujama.B W32.Stration!dldr W32.Schting.A XF.Helpopy W32.Chiko W32.Ogleon.A Trojan.Flogash W32.Vediance Trojan.Lhdropper W32.Fubalca.I!html W32.Fubalca.I

Most Prevalent Global Malware
(from May 2007 to June 2007)

W32.Tupofse W32.Dizan.D W32.Mubla Trojan.Tooso.S VBS.Nokrupt W32.Alnuh TIOS.Divo W32.Mumawow!gen Trojan.Smallprox Backdoor.Robofo Trojan.Packed.NsAnti W32.Dotex TIOS.Tigraa W32.Quadrule.A W32.Ganbate.A Trojan.Spoofive!html W32.Nomvar Trojan.Mpkit!html Infostealer.Banker.D Bloodhound.Packed.29 W32.Sachy.A W32.Lecivio JS.Badbunny Perl.Badbunny Ruby.Badbunny W32.Sibaru.A SymbOS.Viver.A Trojan.Perfcoo IRC.Badbunny SB.Badbunny!inf Python.Badbunny SB.Badbunny W32.Drom VBS.Lido W32.Autosky VBS.Lido!html W32.Danber W32.Rahiwi.B W32.Amend.A@mm W32.Posse W32.Naplik!inf W32.Naplik W32.Condown.A W32.Uisgon.A W32.Fubalca.E Trojan.Usbsteal W32.Mumawow.D!inf W32.Mumawow.D W32.Neela Trojan.Haradong.C W32.Popwin Backdoor.Graybird!gen W32.Kenety W32.Stration.IZ@mm W32.Pitin.C W32.Odelud Infostealer.Snifula.C Hacktool.Sipbot Bloodhound.Exploit.147 Bloodhound.Exploit.146 Bloodhound.Exploit.141 W32.Tupse W32.Lobekad!inf Backdoor.Coreflood.C Trojan.Zlob.N Bloodhound.Exploit.139 Bloodhound.Exploit.140 Bloodhound.Exploit.142 Bloodhound.Exploit.143 Bloodhound.Exploit.144 Bloodhound.Exploit.145

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.Free trial antivirus