Lavasoft News - January 2008 Lavasoft News - January 2008


New Targets in Detection December 2007

AdwarePatrol

AdwarePatrol is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

AdwarePro

AdwarePro is rogue anti-spyware. It exploits the name “Ad-Aware.” AdwarePro also displays false positives with the aim to trick the user into buying the commercial version.

AdwareRemover

AdwareRemover is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

AdwareRemover2007

AdwareRemover2007 is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

AntiSpyPro

AntiSpyPro is rogue anti-spyware and a clone of IEDefender; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

AntivirusProtection

AntivirusProtection is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Cleanator

Cleanator is rogue anti-errorware that tricks the user into buying the commercial version. Cleanator’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

DeusCleaner

DeusCleaner is rogue anti-spyware that tricks the user into buying the commercial version. DeusCleaner’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

DoctorAdware

DoctorAdware is rogue anti-spyware and a clone of DoctorAdwarePro; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

DoctorAdwarePro

DoctorAdwarePro is rogue anti-spyware that tricks the user into buying the commercial version. DoctorAdwarePro’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by Trojans that scare / trick the user into clicking yes.

DrProtection

DrProtection is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

ErrorDigger

ErrorDigger is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

ErrorInspector

ErrorInspector is rogue anti-errorware that tricks the user into buying the commercial version. ErrorInspector's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

ETDSecurityScanner

ETDSecurityScanner is rogue anti-spyware that tricks the user into buying the commercial version. ETDSecurityScanner's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

GuardCenter

GuardCenter is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

LiveAntispy

LiveAntispy is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

MacroVirus

MacroVirus is rogue anti-spyware. It detects files based on name and location, potentially generating many false positives. SpywareBot's GUI is a clone of SpywareBot.

MalwareDestructor

MalwareDestructor is a rogue anti-spyware application; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

OnlineGuard

OnlineGuard is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Pestbot

PestBot is rogue anti-spyware and a clone of SpywareXP; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

RegistryCleanerXP

RegistryCleanerXP may be a rogue registry cleaner/ FraudTool application that can display exaggerated registry error warnings in the form of pop-ups. The pop-ups may look similar to Windows notifications, tricking the user into believing that the warnings are real and originate from Windows.

SmartAntiSpyware

SmartAntiSpyware is rogue anti-spyware that tricks the user into buying the commercial version. SmartAntiSpyware's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

VirusProtect

VirusProtect is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

VsSpy

VsSpy is rogue anti-spyware and a clone of RaptorDefence; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Win32.Backdoor. KolMat

Win32.Backdoor.KolMat opens a backdoor that may allow a remote user to take control of the infected system.

Win32.Backdoor. Small

Win32.Backdoor.Small installs a backdoor service on the infected computer allowing the attacker to gain control of the compromised system.

Win32.Trojan. AdClicker

Win32.Trojan.AdClicker is a Trojan that will visit certain web pages in the background to simulate users clicking on ads.

Win32.Trojan. Inject

Win32.Trojan.Inject is malware that injects itself into legitimate processes. It may run behind processes as svchost.exe, iexplorer.exe and rundll32.exe. While running protected by another process, it may contact remote domains to download more malware. Its purpose is to hide itself from the visible processes and infect the user’s system.

Win32.Trojan. Pushdo

Win32.Trojan.Pushdo is a Trojan that is often installed through downloaders. It is known to come with rootkit components that are used to hide its presence.

Win32.Trojan. Searches

Win32.Trojan.Searches copies itself to the root and runs continuously as a process in stealth, giving no clue of its functionality to the user.

Win32.Trojan. Shutdowner

Win32.Trojan.Shutdowner will attempt to shutdown the infected machine without the user’s permission.

Win32.TrojanDropper. Frijoiner

Win32.TrojanDropper.Frijoiner will drop additional files on the infected system. These files are often other Trojans or downloaders.

Win32.TrojanSpy. Broker

Win32.TrojanSpy.Broker will try to monitor and steal log-in information on the infected machine. It is also known to install a rootkit to help hide its presence.

Win32.TrojanSpy. Graball

Win32.TrojanSpy.Graball will try to monitor and steal log-in information on the infected machine.

Win32.TrojanSpy. Pophot

Win32.TrojanSpy.Pophot will try to monitor and steal login information on the infected machine. It will also try to open Chinese web pages.

Win32.Virus.Kies

Win32.Virus.Kies is a virus that infects selected executable files. If infected by Win32.Virus.Kies, you will need to run an anti-virus program to clear it.

Win32.Virus.Trats

Win32.Virus.Trats is a virus that infects selected executable files. If infected by Win32.Virus.Trats, you will need to run an anti-virus program to clear it.

WinZix

WinZix is a compression program that makes the user aware of the fact that it will show advertisements from time to time. This version of WinZix includes an unwanted installation of Lop. The Lop infection causes system instability, hijacks Internet Explorer, and guards processes to prevent the user from killing it manually. It may cause auto-updates and operate in stealth.

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

Threat Analysis (TA) Index



  Home
Lavasoft Registry Tuner - $29.95 More Info Buy Now
By the Numbers
500Percent increase in Trojan tools and code used to steal passwords, log keyboard strokes, and infect users with malware during the first half of 2007.
Source: Microsoft’s Security Intelligence Report, IT News
Term of Month Term of Month
Your computer’s registry is a database integrated into certain operating systems that stores information (including user preferences, settings and license information) about hardware and software installed on your PC.
Source: Anti-Spyware Coalition Glossary
Tips & Tactics
Spam filters certainly make our online lives easier. But how can you be sure to filter out only the junk and not your favorite newsletters or other good mail? Read More.
5 Star Quality Award
Ad-Aware 2007 received FileCluster’s 5 Star Quality Award after being tested on performance, ease-of-use, functionality, and user feedback. See more awards landed by Lavasoft products.
Spyware Education Center Lavasoft Blog Support Center

Lavasoft AB Lilla Bommen 1, 411 04 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com