PRODUCTS > Computer Virus Alerts - Maintenance
Virus alerts for Sep 2005
Current virus alerts here.
Computer virus alert
By the time you receive the e-mail 'virus alert' it can be too late!
We stock the most efficient anti virus program which checks for updates hourly.

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Virus Alerts Sep 2005

September 29 2005 Email Worm - WORM_FRONTOKBRO.A

WORM_FRONTOKBRO.A is a destructive, memory-resident worm that propagates by sending a copy of itself as an attachment to email messages. The email message has a blank subject line, and the attachment Kangen.exe, which is a copy of the worm. This copy of the worm uses the Microsoft folder icon to trick users into opening it. Upon execution, it opens a Windows Explorer window in an attempt to hide its process. It then drops several copies of itself in different folders using varying file names. This worm is currently spreading in-the-wild and infecting computers running Windows 95, 98, ME, NT, 2000, XP, and Server 2003.

On computers running Windows NT, 2000, XP and Server 2003, it drops copies of itself and creates a folder in a hardcoded path under the User Profile folder.

This worm may restart the affected system when it finds a window with ".EXE" and "REGISTRY" in the title bar. It overwrites the file AUTOEXEC.BAT, which is found in C:\. This causes affected systems running on Windows 95, 98, and ME to pause during startup. The user is then required to press any key for Windows to start.

It also modifies a specific registry entry, effectively removing the Folder Options item from all Windows Explorer menus and from Control Panel. As a result, affected users cannot use the Folder Options dialog box.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from September 23 to September 29, 2005)

1. JAVA_BYTEVER.A
2. ADW_BADBITOR.A
3. HTML_NETSKY.P
4. WORM_NETSKY.P
5. SPYW_DASHBAR.300
6. TROJ_ROOTKIT.S
7. SPYW_GATOR
8. TSPY_SMALL.SN
9. TROJ_DYFUCA.I
10. PE_PARITE.A

September 24 2005 Mobile & Computer - SYMBOS_CARDTRP.A

This virus originates in Symbian Series 60 devices, but has the potential to spread to PCs - personal computers running the Microsoft Windows Operating System. There are two methods by which the mobile device can be infected:

  • Receiving the malware manually via Bluetooth or MMS
  • Downloading and installing it from the Web

SMYBOS_CARDTRP.A is destructive Symbian malware that affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. The malware is currently spreading in-the-wild and infecting the following phone models:

* Nokia 3600 * Nokia 3620 * Nokia 3650 * Nokia 3660
* Nokia 6600 * Nokia 6620 * Nokia 7610 * Nokia 7650
* Nokia N-Gage
* Panasonic X700
* Sendo X
* Siemens SX1

Here’s how it works:

Like many of its predecessors, SYMBOS_CARDTRP.A propagates via Bluetooth (within a 10 meter range). The infection then resides in the memory card of the mobile device.
This virus also overwrites normal applications installed on the affected mobile device with malformed copies, thus preventing those applications from working properly.
This malware contains the additional capability to infect Windows-based PCs from the phone. If the user inserts the infected memory card into their PCs card slot, the infection has the potential to infect the PC, then attempts to spread to other PCs from there.

SYMBOS_CARDTRP.A drops the following 4 files into the E:\ directory (commonly utilized by the memory card):

  1. fsb.exe, detected by NOD32 as BKDR_BERBEW.Q, attempts to compromise
    machines and steal password information
  2. buburuz.ICO, which masquerades as the icon file for the memory card
  3. autorun.inf, which attempts to automatically execute fsb.exe
  4. SYSTEM.exe, detected by NOD32 as WORM_WUKILL.B

When the memory card is inserted into a Windows computer, the file autorun.inf will attempt to execute fsb.exe. Also, though the file SYSTEM.exe does not contain an automatic startup routine, it has the appearance of a legitimate folder icon to lure users into executing it.
If successfully executed, the malware then launches WORM_WUKILL.B, which attempts to spread the infection to other PCs.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from September 16 to September 22, 2005)

1. ADW_BADBITOR.A
2. JAVA_BYTEVER.A
3. TROJ_BAGLE.DA
4. HTML_NETSKY.P
5. WORM_NETSKY.P
6. SPYW_GATOR
7. SPYW_DASHBAR.300
8. TSPY_SMALL.SN
9. TROJ_DYFUCA.I
10. JS_DLOADER.I

September 16 2005 File Infector - PE_LISIMA.A-O

PE_LISIMA.A-O is a destructive file infector virus, that prepends its code to every .EXE file that it finds. It may overwrite some files that it attempts to infect. It is also capable of modifying the system's HOSTS file, which prevents affected users from accessing certain Web sites, most of which are related to antivirus and security companies.

It was also found to be capable of sending files through Internet Relay Chat. This file infector may also attempt to terminate several antivirus and security-related processes and debugging tools, such as Process Explorer, Ethereal, TCPview, and bintext.

This virus is currently spreading in-the-wild and infecting computers that run on Windows 98, ME, NT, 2000, and XP.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from September 9 to September 15, 2005)

1. JAVA_BYTEVER.A
2. ADW_BADBITOR.A
3. HTML_NETSKY.P
4. SPYW_GATOR
5. WORM_NETSKY.P
6. SPYW_DASHBAR.300
7. TSPY_SMALL.SN
8. WORM_ANIG.A
9. TROJ_BAGLE.CZ
10. JS_DLOADER.I

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

September 09 2005 Caged Content - TROJ_CAGER.A

TROJ_CAGER.A is a memory-resident, non-destructive Trojan that is downloaded from the Internet, dropped by another malware, or manually installed by a user. It appears that this Trojan aims to disrupt browsing activities related to adult or mature materials. It searches the Internet Explorer browser title bar for certain keywords (such as "sex, phallus, or teen.") and when it successfully finds one of these keywords, it will minimize the current Web page and display a message box written partly in Arabic and the rest in English. If the window is left open it continues to display messages in Arabic. Eventually, it displays another message but with the mouse pointer "caged" within the message box area, although the keyboard remains functional. If the user clicks any of the buttons in the displayed messages, they are logged off of their computer.

This Trojan is currently spreading in-the-wild, and infecting computers running on Windows 98, ME, NT, 2000, and XP.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

TROJ_CAGER.A is detected and cleaned by NOD32 antivirus.

Top 10 Most Prevalent Global Malware
(from September 2 to September 8, 2005)

1. JAVA_BYTEVER.A
2. ADW_BADBITOR.A
3. HTML_NETSKY.P
4. SPYW_GATOR
5. SPYW_DASHBAR.300
6. WORM_NETSKY.P
7. JS_DLOADER.I
8. TSPY_SMALL.SN
9. TROJ_DYFUCA.I
10. TROJ_ROOTKIT.N

Hook, Line, & Sinker: Phishing Attacks Go Professional

Phishing is slowly becoming a household term, with a new scam arriving in users’ inboxes as frequently as once per week. Hurrican Katrina has also presented new opportunities for scammers to exploit many peoples' generosity in the plight that has followed.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

September 02 2005 Email Worm - WORM_SAVAGE.A

WORM_WURMARK.A is a non-destructive, memory-resident worm that propagates via email and through peer-to-peer (P2P) networks. It spreads via email by sending copies of itself with the file name TMP.ZIP to target addresses. It gathers target recipients from an affected system's Windows Address Book (WAB). This worm is currently spreading in-the-wild and infecting systems running Windows 95, 98, ME, 2000, XP, and Server 2003.

This worm also propagates by dropping a copy of itself in accessible network shares, enabling other users to download this worm. However, on systems using the P2P applications, LimeWire and eDonkey2000, this worm drops its copy in locations specific to these applications.

This worm utilizes a common social engineering technique to avoid early detection. It uses file names that usually pertain to legitimate software, such as Nero and winamp5. Thus, this worm tricks users into thinking that it is a harmless file, possibly affecting its prolonged presence on the system.

It modifies the affected system's HOSTS file by appending a list of URLs, which are related to antivirus and security applications, to the said file. It directs the said URLs to the local machine, preventing the user from accessing the listed Web sites.

This worm has backdoor capabilities that connect to a remote Web site, where it awaits for commands from a remote malicious user, such as the downloading of files that may be malicious. It then executes the said commands locally, therefore compromising the machine's security.

This worm also carries a malware retaliation routine, particularly against NETSKY, BLASTER, MYDOOM, BAGLE, and SOBIG variants. It removes the corresponding registry entries of the said variants if found on the system.

WORM_SAVAGE.A is detected and cleaned by NOD32 antivirus.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from August 25 to September 1, 2005)

1. JAVA_BYTEVER.A
2. HTML_NETSKY.P
3. ADW_BADBITOR.A
4. WORM_NETSKY.P
5. SPYW_GATOR
6. SPYW_DASHBAR.300
7. TSPY_SMALL.SN
8. JS_DLOADER.I
9. TROJ_DYFUCA.I
10. TROJ_ROOTKIT.N

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

12website has a maintenance program for our clients to ensure their will not be 'let down' by an inefficient computer.

Computer maintenance is necessary to keep your machine running smoothly without down time.