Lavasoft News - November 2007 http://www.lavasoft.com

New Targets in Detection (October 2007)

Adware.Adssite

Adware.Adssite is adware that often comes bundled with other adware. It runs a process at all times and causes pop-ups even when the user is not surfing the Internet.

Adware.Rond

Adware.Rond is an adware application which is installed without the user's consent or knowledge. The application launches pop-up advertisements and can intrude on normal browsing activity by redirecting search queries.

Awola

Awola is rogue anti-spyware that tricks the user into buying the commercial version. Awola's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking yes.

FakeAlert AntispyStorm

FakeAlert AntispyStorm contains files that are dropped on the infected machine just to trigger hits in rogue applications. FakeAlert AntispyStorm will also give fake alarms about infections.

Hacktool.XpCracker

Hacktool.XpCracker is a tool that can be used to guess users’ login passwords on XP systems.

MalwareMonitor

MalwareMonitor is rogue anti-spyware and a clone of SpyShredder; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

MalWarrior

MalWarrior is rogue anti-spyware that tricks the user into buying the commercial version. MalWarrior's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking yes.

RaptorDefence

RaptorDefence is rogue anti-spyware that tricks the user into buying the commercial version. RaptorDefence's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking yes.

SafeStrip

SafeStrip is rogue anti-spyware that tricks the user into buying the commercial version. SafeStrips's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking yes.

SmartFixer

SmartFixer is a rogue anti-spyware application.  It may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Spy-Kill

Spy-Kill is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SpywareLocker

SpywareLocker is rogue anti-spyware and a clone of MalwareStopper; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SystemDefender

SystemDefender is rogue anti-spyware that tricks the user into buying the commercial version. SystemDefender's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking yes.

Trojan.BAT.KillFiles

Trojan.BAT.KillFiles may drop a trigger executable file in the system folder which will start with help of a number of bash scripts. The result is that Windows restarts automatically and the user’s desktop may be full of unwanted files. The malware applies this procedure every time the user logs in the OS.

VirusRanger

VirusRanger is rogue anti-spyware that tricks the user into buying the commercial version. VirusRanger's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking yes.

WebSpyShield

WebSpyShield is rogue anti-spyware that tricks the user into buying the commercial version. WebSpyShield's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking yes.

Win32.Adware.Rabio

Win32.Adware.Rabio installs without showing any EULA and runs in stealth. It also displays advertisements.

Win32.Backdoor.EggDrop

Win32.Backdoor.EggDrop copies itself to the system folder. The malware is running as a process in stealth, constantly trying to open TCP ports on the compromised computer.

Win32.Backdoor.Nepoe

Win32.Backdoor.Nepoe is an application that gives its author unauthorized access to your computer. It copies itself to the system32 directory and is running as a process in stealth, constantly trying to open up TCP ports.

Win32.BadJoke.DeleteWindows

Win32.BadJoke.DeleteWindows is an executable file which simulates the removal of the Windows directory.

Win32.Trojan.Bankpatch

Win32.Trojan.Bankpatch is a Trojan that can steal confidential information from an infected computer. Specific Windows DLL files, wininet.dll and kernel32.dll, may also be modified by this Trojan that runs as a hidden process on the infected machine.

Win32.Trojan.Conycspa

Win32.Trojan.Conycspa is a Trojan Horse program that opens several ports on the infected computer. Once installed it generates excessive network traffic. It may also download other malware and compromise system security.

Win32.Trojan.Tibs

Win32.Trojan.Tibs is a Trojan Horse program that runs in stealth and opens ports on the infected computer, leaving it open for a remote attacker. It compromises system security and may come with rootkit capabilities.

XPAntivirus 

XPAntivirus is rogue anti-spyware that tricks the user into buying the commercial version. XPAntivirus's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking yes.

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

 

Threat Analysis (TA) Index



Home   arrow

 
Lavasoft Ad-Aware Pro - Only $26.95
By the Numbers

78%
Percentage of consumer PCs in the U.S. that are not protected (defined as having up-to-date anti-virus, anti-spyware, and a correctly configured firewall)

93%
Percentage of PC users who believe they are protected

Source: National Cyber Security Alliance and McAfee Inc. study
Term of the Month
Rogue security software masquerades as a helpful security program, but uses malware or malicious tools to advertise or compel users to pay for the removal of non-existent spyware. Rogue software makers often use social engineering to trick consumers into buying their fraudulent anti-spyware or anti-virus products.

Source: wikipedia.org
Tech Tips
You have anti-spyware, anti-virus, and a firewall, so your computer must be secure, right? Wrong. Unless this software is enabled, updated, and properly configured, you are not protected from online threats. According to a recent industry survey, consumers overestimate PC safety – see our "By the Numbers" section for the stats. Make sure to maintain your security software; check that your security applications are both enabled and configured correctly. Keep in mind, the security software that was included with your PC when you purchased it may be a trial version that will expire if you fail to buy a subscription.

Privacy Toolbox Lands Editor's Choice

Lavasoft Privacy Toolbox was selected as an Editor’s Choice product by Military Embedded Systems magazine for its September/October 2007 issue.

Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
Page footer http://www.lavasoft.com