| Virus alerts for Jan 2006 Current virus alerts here.  |
We stock the most efficient anti virus program which checks for updates hourly.
Contact Us for a free antivirus trial to the end of this month.
January 29 2006 W32.Antinny.AX W32.Antinny.AX is a worm that propagates through the Winny file-sharing network. The worm performs denial of service attacks on certain Web sites and steals confidential information from the compromised computer. When W32.Antinny.AX is executed, it performs the following actions: 1. Copies itself as the following: %System%\Microsoft\svchost.exe Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). 2. Adds the value: "Windows Security Manager" = "%System%\Microsoft\svchost.exe -c -ax" to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\ 3. Adds the value: "DisableSR" = "1" to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore to disable System Restore. 4. Creates the following clean file: %Windir%\svdat.m1v Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt. 5. Creates the following hidden folders: * %Temp%\4407A9BE6535\6A8C9B51993A Note: %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000). 6. Searches the Winny file-sharing network program folder and modifies the file UpFolder.txt. 7. Adds the folder %Temp%\4407A9BE6535\773232357FF9 as a shared folder in the Winny file-sharing network. 8. Captures screen shots and saves them as: %Temp%\4407A9BE6535\773232357FF9\ 9. Searches for files with the following extensions: * .doc 10. Searches for the following files in the Winny file-sharing program folder: * Nodref.txt 11. Searches for files in the following folders: * %UserProfile%\Favorites 12. Creates .zip files containing the found files and saves them as: %Temp%\4407A9BE6535\773232357FF9\[JAPANESE TEXT][USER NAME][JAPANESE TEXT].zip 13. Creates a .zip file that contains a copy of itself with randomly chosen Japanese words taken from the worm body. The worm then copies the .zip file to %Temp%\4407A9BE6535\773232357FF9. 14. Drops and executes the following file, which is a variant of Trojan.Sientok: %Temp%\sttemp.exe 15. Drops the following files: * %System%\winsm.exe 16. Creates the following service: WindowsSecurityManager 17. Creates the following registry subkeys: HKEY_LOCAL_MACHINE\SYSTEM\ 18. Checks current date periodically. If the day is Monday and the date is between the 1st and 6th of the month, it will perform a denial of service attack against the following Web sites: * [http://]www.accsjp/[REMOVED]/.or.jp Contact Us for a one month free antivirus trial. Top 10 Most Prevalent Global Malware 1. SPYW_DASHBAR.300 January 21 2006 Grow Up - WORM_GREW.A WORM_GREW.A propagates by attaching copies of itself to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine. It can then send email messages without using mailing applications (such as Microsoft Outlook). It gathers email addresses from files with certain extensions, such as DOC, PSD, RAR, and ZIP. It also propagates through network shares, by searching the network for ADMIN$ and C$ shares, where it drops a copy of itself using the file name WINZIP_TMP.EXE. It is currently spreading in-the-wild, and infecting computers that run Windows 98, ME, NT, 2000, XP, and 2003 Server. Upon execution, it drops and opens a .ZIP archive named SAMPLE.ZIP in the Windows system folder. This worm also deletes autostart registry entries, as well as associated files of several programs, most of which are related to security and antivirus applications. These routines may cause referenced programs to malfunction, effectively making the affected system more vulnerable to further attacks. In addition, it is capable of disabling the mouse and keyboard of an affected system. Contact Us for a one month free antivirus trial. Top 10 Most Prevalent Global Malware 1. SPYW_DASHBAR.300 January 15 2006 Crash - Trojan wmfcrash.b TROJ_WMFCRASH.B is a .WMF file that takes advantage of an unpatched vulnerability found in Windows Picture and Fax Viewer. It runs on Windows XP and Server 2003, and is currently spreading in-the-wild. The Windows Picture and Fax Viewer vulnerability is a zero-day exploit that is capable of remote code execution. Zero-day exploits are thus named because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may leave systems vulnerable, due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it. Once this malicious .WMF file is opened, it proceeds to launch a denial of service attack in an attempt to restart or terminate the legitimate system process EXPLORER.EXE. The said action leaves an affected user unable to navigate through Windows. After performing its routine, this Trojan terminates itself. Contact Us for a one month free antivirus trial. Top 10 Most Prevalent Global Malware 1. WORM_SOBER.G January 04 2006 Worm in the Sky - WORM_LOCKSKY.Y Worm locksky is a memory-resident worm that propagates by sending a copy of itself as an attachment to email messages. It is currently spreading in-the-wild and infecting systems that run Windows NT, 2000, XP, and Server 2003. The email that it sends has the following details: Subject: Your mail Account is Suspended It spoofs the From: field in an attempt to trick users into thinking that the spammed email is from a trusted source. It bypasses an affected system's firewall thereby effectively lowering system security. This worm checks for an updated copy of itself by onnecting to a specific Web site, and if an updates is available, ownloads the update. It also logs keystrokes and saves the gathered information. Upon execution, it drops a copy of itself in the Windows folder, and also drops component files, and other copies of itself in the Windows system folder. Contact Us for a one month free antivirus trial. Top 10 Most Prevalent Global Malware 1. WORM_SOBER.G January 04 2006 WMF Vulnerability AntiVir, Avast!, BitDefender, Ewido, F-Secure, Fortinet, Ikarus, Kaspersky, McAfee, and NOD32 are known to detect and block the four known variants of the dangerous WMF vulnerability. If you are using other antivirus software (AVG, Microsoft AntiSpyware, Panda, Norton, Trend Micro, etc) then you are not protected against some or all variants at time of writing. Microsoft Security Advisory (912840) In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail or Instant Messenger request that takes users to the attacker's Web site. In an e-mail based attack involving the current exploit, customers would have to click on a link in a malicious e-mail or open an attachment that exploits the vulnerability. It is important to remember that this malicious attachment may not be a .wmf. It could also be a .jpg, .gif, or other format. At this point, no attachment has been identified in which a user can be attacked simply by reading mail. An attacker who successfully exploited this vulnerability could only gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing. The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available on Microsoft’s Download Center, as well as through Microsoft Update and Windows Update. Customers who use Windows’ Automatic Updates feature will be delivered the fix automatically. Based on strong customer feedback, all Microsoft’s security updates must pass a series of quality tests, including testing by third parties, to assure customers that they can be deployed effectively in all languages and for all versions of the Windows platform with minimum down time. Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and malicious attacks are being attempted, Microsoft’s intelligence sources indicate that the attacks are limited in scope and are not widespread. Customers are encouraged to keep their anti-virus software up-to-date. Customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability. Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code. Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. While we have not encountered any situation in which simply opening an email can result in attack, clicking on a link in an email could result in navigation to a malicious site. The intentional use of exploit code, in any form, to cause damage to computer users is a criminal offense. Accordingly, Microsoft continues to assist law enforcement with its investigation of the attacks in this case. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country. We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site. Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.  Top 10 Most Prevalent Global Malware 1. WORM_SOBER.G December 30 2005 Trojan.Spamlia This nasty piece of work uses your personal lists of friends and or business associates to send spam. When Trojan.Spamlia executed, it performs the following actions: 1. Obtains all email addresses from the Windows Address Book and saves them to %Temp%\~BG. Note: %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000). 2. May also obtain SMTP Display Name, SMTP Email Address, and SMTP Server information from the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\[RANDOM] 3. Sends SPAM email to all email addresses gathered from the Windows Address Book. Some of the emails contains the following characterstics: Subject: Subject: Subject: Subject: Note: * [SMTP DISPLAY NAME] is the SMTP Display Name gathered from the registry entry listed above. * [http://]www.nice-movie-laugh.com/[REMOVED] 4. Deletes itself and %Temp%\~BG. Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area. Top 10 Most Prevalent Global Malware 1. WORM_SOBER.G
|