PRODUCTS > Computer Virus Alerts - Maintenance
Virus alerts for March 2006
Current virus alerts here.
Computer virus alert
By the time you receive the e-mail 'virus alert' it can be too late!
We stock the most efficient anti virus program which checks for updates hourly.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Latest Virus Alert Sober worm info
Netsky is still infecting computers after being first discovered in April 2004.

To remove some viruses it is advisable to turn off System Restore.

March 25 2006
Internet criminals - spyware & adware food chain.

If someone breaks into your house or car, they are a criminal!. If someone breaks into your computer are they a criminal? We say yes! Broadly defined, spyware is any software program that surreptitiously monitors and gathers user information. What was once written and installed only by malicious authors seeking to steal users' personal information, adware has emerged as a new and more prominent form of spyware. A slightly less malicious form of spyware, adware can display pop-up advertisements produced by so-called legitimate adware companies. Adware companies are well funded, to the extent that some have even discussed launching multi-million dollar IPOs.

The current mix of spyware and adware presents a compelling challenge to both computer users and security companies, because of the lack of clarity about what constitutes legitimate marketing techniques ? and is further complicated by the fact that the rules vary widely throughout the world.

A narrow definition of spyware includes programs on a user's computer that report user behavior, such as keystrokes or Web browsing history. According to this definition, some types of spyware may be used for marketing purposes, while other types are used for the purpose of criminal fraud leading to profit making.

We use both broad and narrow definitions of spyware. "A broad definition of spyware would include adware and Trojan spyware. Anything that interferes with the privacy, productivity, or security of your PC can be called spyware - with the caveat that it is non-propagating. Spyware stays on a system as long as it can without being noticed. Also, while viruses and worms are essentially about vandalism, broad-definition spyware is about monetary gain."

The story of how the money flows in the spyware cycle involves four contributors or sources. First are the advertisers themselves, and second are the agents they hire to market their products. Third in the spyware food chain is the publishers, the writers of the program 'payload', the crimeware or grayware that actually gets delivered to the user's computer. Fourth are the distributors, who often distribute multiple payloads for a variety of publishers, since they earn their money on a "per install" basis.

Spyware and adware were prevalent trends in 2005. 29 per cent of the total threat landscape for the year till February 2006 was comprised of spyware and adware. 2005 2006 also saw the use of blended threats, in which malware authors initiated multi-trojan attacks ? including worms that drop or download spyware/adware programs onto systems ? to take advantage of marketing programs that pay a small fee per installation.

The trend is likely to continue in 2006 and beyond. Adware-driven campaigns can generate significant amounts of money, and many adware companies are eager to have their products installed in as many PCs as possible. As the threat of spyware and adware continues to grow, it becomes even more critical for computer users to scan any program downloaded through the Internet - including any downloads from P2P networks (peer to peer), via the Web, or any FTP server, regardless of the source - with updated anti-virus and anti-spyware software.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from March 17 to March 23, 2006)

1. WORM_NYXEM.E
2. SPYW_DASHBAR.300
3. SPYW_GATOR.F
4. HTML_NETSKY.P
5. WORM_NETSKY.P
6. JAVA_BYTEVER.A
7. WORM_MOFEI.B
8. WORM_ANIG.A
9. EXPL_WMF.GEN
10. JAVA_BYTEVER.A-1

March 17 2006 CAB It - WORM_CXOVER.A

WORM_CXOVER.A is a destructive, proof-of-concept, cross-platform worm that affects desktop computers and mobile devices running the .NET Framework. This framework is commonly installed with Windows XP, Windows Server 2003, and mobile devices running Windows CE or Mobile Edition. (Note: On affected mobile devices running Windows CE or Mobile Edition, this worm is detected as WINCE_CXOVER.A.) This worm is currently spreading in-the-wild.

This worm uses a built-in functionality of the .NET Framework to obtain the string associated with the operating system version where it is currently running. It checks whether the substrings CE and mobile exist in the string. If found, this worm then executes its code for the mobile platform. Otherwise, it executes the code for the desktop computer.

This worm propagates from the infected desktop to the target mobile device via the Microsoft Windows? ActiveSync program. It creates a registry entry that enables it to automatically execute at every system startup. It attempts to connect to an attached mobile device, and once a connection is established, it attempts to create a copy of itself. However, the function used by this worm does not allow the creation of the copy if the Windows folder does not exist in the attached mobile device, or a file using the same file name already exists.

It attempts to copy and execute itself in the Windows folder of the attached mobile device. After successfully copying and executing itself in this location, it disconnects the attached device from the infected desktop. It also checks whether the string associated with the running operating system version contains the substring 3.0. If found, this worm attempts to delete the registry key associated with the affected mobile device. However, since the mobile device has already been disconnected from the infected desktop, this worm is unable to perform this routine.

When executed in the mobile environment, this worm deletes all files in the folder and subfolders of the My Documents folder. It then attempts to create a copy of itself in the Windows folder of the mobile device.

This worm contains the following internal string:
the crossover virus - poc - by Dr. Jul{BLOCKED}rm - The great walls of China that separated the domains between wired and wireless, desktop and handhelds have been reduce to ruble. Vxers are entering a new era of greater vx possibilities with the chance of reaching more systems around the world than ever before. The viruses of the past are nothing compared to what the future holds. 2006 marks the establishment of a New Cyberworld Order with vxers around the world united at the forefront. The time is now to prepare and defend, are you ready?

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from March 10 to March 16, 2006)

1. WORM_NYXEM.E
2. SPYW_DASHBAR.300
3. SPYW_GATOR.F
4. HTML_NETSKY.P
5. WORM_NETSKY.P
6. JAVA_BYTEVER.A
7. ADW_SLAGENT.A
8. WORM_MOFEI.B
9. ADW_TBARWIN32.A
10. EXPL_WMF.GEN

March 10 2006 CAB It - PE_ICABDI.A

PE_ICABDI.A is non-destructive proof-of-concept malware that attempts to infect Microsoft Infopath .XSN files. Infopath is an application used to develop XML-based user forms. This file infector is currently spreading in-the-wild and infecting computers running Windows 2000, XP, and Server 2003.

The malware creates a temporary folder named iCab, and then copies a target XSN file that attempts to infect in the temporary folder. The contents of the file are then extracted.

To infect the XSN file, it inserts a malicious script inside the script.js of the target XSN file. To clean up traces of its malicious routine, it then attempts to recreate the original (already infected) file, and delete iCab and all its contents. However, due to errors in its code, it is unable to perform its file infection and cleanup routines.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from March 3 to March 9, 2006)

1. WORM_NYXEM.E
2. SPYW_DASHBAR.300
3. SPYW_GATOR.F
4. HTML_NETSKY.P
5. WORM_NETSKY.P
6. ADW_SLAGENT.A
7. WORM_MOFEI.B
8. TROJ_AGENT.BCN
9. EXPL_WMF.GEN
10. JAVA_BYTEVER.A

March 03 2006 I Smell Trouble - JS_FFSNIFF.A

JS_FFSNIFF.A is non-destructive JavaScript malware embedded in a Java application. The Java application is used as a Firefox extension to monitor use of HTML forms in Web pages. Firefox is a browser that can be customized through themes and extensions.

This extension steals information entered in an HTML form that is loaded using Firefox. Information entered in an HTML form are stored in a variable in the Java code. The stored information is sent to an email address using a certain Simple Mail Transfer Protocol (SMTP) server.

This JavaScript malware is currently spreading in-the-wild and runs on Windows 98, ME, NT, 2000, XP, and Server 2003 with Firefox installed on the affected computer.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from February 24 to March 2, 2006)

1. WORM_NYXEM.E
2. SPYW_DASHBAR.300
3. SPYW_GATOR.F
4. HTML_NETSKY.P
5. WORM_NETSKY.P
6. WORM_SOBER.AG
7. JAVA_BYTEVER.A
8. ADW_SLAGENT.A
9. WORM_MOFEI.B
10. WORM_BAGLE.CL

February 02 2006 WORM_GREW.A

A new malicious worm began infecting systems last week, which promises to launch an attack on February 3rd and the 3rd of every month thereafter, according to threat researchers at antivirus and content security firm Eset. The new worm, known by such names as Nyxem, BlackMal, Mywife, and CME-24, has infected hundreds of thousands of machines over the past week, most from unsuspecting users who do not yet know they are infected.

Like most worms, WORM_GREW.A propagates via email attachments and network shares, including popular P2P file sharing services. The email method of transmission employs common social engineering techniques including the promise of pictures, pornographic content, or a joke to entice users to open the corresponding attachment.

Though this worm utilizes common propagation techniques, the code itself is anything but common. This is a destructive virus that deletes and overwrites any number of files present on a user's system, by targeting the most popular file formats - including .DOC, .XLS, .PPT, .PDF, and .ZIP, to name just a few. In addition to losing a great deal of data, this virus also renders the keyboard and mouse inoperable, thereby leaving the user's system dead in the water. This is a truly global threat, affecting computer systems in over 150 countries, to date.

Since this threat is relatively well-known to the security industry, most major security vendors - including NOD32 - detect this worm and its variants.

Eset NOD32 has specific detection for all currently-known variants of this worm, and successfully detects all new variants generically, thereby providing broad protection against this threat.

The best defense is for users to run a scan of their systems, to ensure they haven't been infected. The attack is hard-coded in the Worm, so if you haven't been infected, then there's no need to worry about the February 3rd attack, as long as you stay clean.

* Do not open any emails from those you don't know
* Do not open attachments from those you do know, if you weren't expecting an attachment from that person, or if the content of the email seems out of character for that person
* Ensure your antivirus definitions are up-to-date.
* Run a manual scan with your updated Eset NOD32 product


Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from January 27 to February 2, 2006)

1. WORM_GREW.A
2. ADW_WEBSEARCH.K
3. SPYW_DASHBAR.300
4. SPWY_GATOR.F
5. HTML_NETSKY.P
6. WORM_NETSKY.P
7. ADW_SLAGENT.A
8. EXPL_WMF.GEN
9. JAVA_BYTEVER.A
10. ADW_HOTBAR.B