New Targets in Detection

New Targets in Detection – December 2007

AdwarePatrol	AdwarePatrol is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
AdwarePro	AdwarePro is rogue anti-spyware. It exploits the name “Ad-Aware.” AdwarePro also displays false positives with the aim to trick the user into buying the commercial version.
AdwareRemover	AdwareRemover is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
AdwareRemover2007	AdwareRemover2007 is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
AntiSpyPro	AntiSpyPro is rogue anti-spyware and a clone of IEDefender; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
AntivirusProtection	AntivirusProtection is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
Cleanator	Cleanator is rogue anti-errorware that tricks the user into buying the commercial version. Cleanator’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
DeusCleaner	DeusCleaner is rogue anti-spyware that tricks the user into buying the commercial version. DeusCleaner’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
DoctorAdware	DoctorAdware is rogue anti-spyware and a clone of DoctorAdwarePro; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
DoctorAdwarePro	DoctorAdwarePro is rogue anti-spyware that tricks the user into buying the commercial version. DoctorAdwarePro’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by Trojans that scare / trick the user into clicking yes.
DrProtection	DrProtection is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
ErrorDigger	ErrorDigger is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
ErrorInspector	ErrorInspector is rogue anti-errorware that tricks the user into buying the commercial version. ErrorInspector's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
ETDSecurityScanner	ETDSecurityScanner is rogue anti-spyware that tricks the user into buying the commercial version. ETDSecurityScanner's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
GuardCenter	GuardCenter is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
LiveAntispy	LiveAntispy is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
MacroVirus	MacroVirus is rogue anti-spyware. It detects files based on name and location, potentially generating many false positives. SpywareBot's GUI is a clone of SpywareBot.
MalwareDestructor	MalwareDestructor is a rogue anti-spyware application; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
OnlineGuard	OnlineGuard is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
Pestbot	PestBot is rogue anti-spyware and a clone of SpywareXP; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
RegistryCleanerXP	RegistryCleanerXP may be a rogue registry cleaner/ FraudTool application that can display exaggerated registry error warnings in the form of pop-ups. The pop-ups may look similar to Windows notifications, tricking the user into believing that the warnings are real and originate from Windows.
SmartAntiSpyware	SmartAntiSpyware is rogue anti-spyware that tricks the user into buying the commercial version. SmartAntiSpyware's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
VirusProtect	VirusProtect is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
VsSpy	VsSpy is rogue anti-spyware and a clone of RaptorDefence; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
Win32.Backdoor. KolMat	Win32.Backdoor.KolMat opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor. Small	Win32.Backdoor.Small installs a backdoor service on the infected computer allowing the attacker to gain control of the compromised system.
Win32.Trojan. AdClicker	Win32.Trojan.AdClicker is a Trojan that will visit certain web pages in the background to simulate users clicking on ads.
Win32.Trojan. Inject	Win32.Trojan.Inject is malware that injects itself into legitimate processes. It may run behind processes as svchost.exe, iexplorer.exe and rundll32.exe. While running protected by another process, it may contact remote domains to download more malware. Its purpose is to hide itself from the visible processes and infect the user’s system.
Win32.Trojan. Pushdo	Win32.Trojan.Pushdo is a Trojan that is often installed through downloaders. It is known to come with rootkit components that are used to hide its presence.
Win32.Trojan. Searches	Win32.Trojan.Searches copies itself to the root and runs continuously as a process in stealth, giving no clue of its functionality to the user.
Win32.Trojan. Shutdowner	Win32.Trojan.Shutdowner will attempt to shutdown the infected machine without the user’s permission.
Win32.TrojanDropper. Frijoiner	Win32.TrojanDropper.Frijoiner will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.TrojanSpy. Broker	Win32.TrojanSpy.Broker will try to monitor and steal log-in information on the infected machine. It is also known to install a rootkit to help hide its presence.
Win32.TrojanSpy. Graball	Win32.TrojanSpy.Graball will try to monitor and steal log-in information on the infected machine.
Win32.TrojanSpy. Pophot	Win32.TrojanSpy.Pophot will try to monitor and steal login information on the infected machine. It will also try to open Chinese web pages.
Win32.Virus.Kies	Win32.Virus.Kies is a virus that infects selected executable files. If infected by Win32.Virus.Kies, you will need to run an anti-virus program to clear it.
Win32.Virus.Trats	Win32.Virus.Trats is a virus that infects selected executable files. If infected by Win32.Virus.Trats, you will need to run an anti-virus program to clear it.
WinZix	WinZix is a compression program that makes the user aware of the fact that it will show advertisements from time to time. This version of WinZix includes an unwanted installation of Lop. The Lop infection causes system instability, hijacks Internet Explorer, and guards processes to prevent the user from killing it manually. It may cause auto-updates and operate in stealth.

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

Threat Analysis (TA) Index

Percent increase in Trojan tools and code used to steal passwords, log keyboard strokes, and infect users with malware during the first half of 2007.
Source: Microsoft’s Security Intelligence Report, IT News

Your computer’s registry is a database integrated into certain operating systems that stores information (including user preferences, settings and license information) about hardware and software installed on your PC.
Source: Anti-Spyware Coalition Glossary

Spam filters certainly make our online lives easier. But how can you be sure to filter out only the junk and not your favorite newsletters or other good mail? Read More.

Ad-Aware 2007 received FileCluster’s 5 Star Quality Award after being tested on performance, ease-of-use, functionality, and user feedback. See more awards landed by Lavasoft products.

Lavasoft AB Lilla Bommen 1, 411 04 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com