Lavasoft News - March 2007

New Targets in Detection (February 2007)

Name Description
AdArmor

AdArmor is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then asks the user to purchase a registered version to remove those reported threats.

ADWareBazooka

ADWareBazooka is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then asks the user to purchase a registered version to remove those reported threats.

Adware.DropSpam

Adware.DropSpam is software which claims to protect the user from spam, but it drops and executes some suspicious files on the user's hard drive. Processes run in stealth. After a few minutes a message asks the user to update. If the user chooses to update, the system becomes unstable and this can generate a lot of pop-ups. Adware.DropSpam also installs a toolbar in stealth and some unwanted URL links on the desktop.

Adware.MDH

When Adware.MDH ( MyDailyHoroscope ) is executed , it will show the user a horoscope in a small window. The installation does not include any license agreement or privacy policy. The process which shows the horoscope cannot be disabled and will start every time the user restarts the computer.

Adware.SmartShopper

Adware.Smartshopper drops files in stealth into the system32 folder. Some of the files hook themselves into the Internet Explorer process. It also creates unwanted shortcuts on the user's desktop.

AntiviralGolden

AntiviralGolden is a rogue anti-spyware application. It gives the impression of carrying out a full system scan and exaggerates the results to trick the user into buying the software. AntiviralGolden is also known as AdwareDelete and AntivirusGolden.

Backdoor.AnalFTP

Backdoor.AnalFTP is a tool which allows users to control machines from remote locations. If a user wants to control a computer, it just puts the AnalFTP server application on it. He is then able to control the computer remotely.

BreakSpyware

BreakSpyware is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

FixerAntispy

FixerAntispy is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

HackTool.LaunchinIE

Hacktool.LaunchinIE will allow HTML pages to start any application on the user’s machine without showing any security warnings.

Hacktool.Netmon

Hacktool.Netmon is a network monitoring tool that can be used to monitor and report browser behavior.

HitVirus

HitVirus is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

RazeSpyware

RazeSpyware is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

RemedyAntiSpy

RemedyAntiSpy is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SpyAnalyst

SpyAnalyst is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SpyIBlock

SpyIBlock is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SpyOfficer

SpyOfficer is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SpywareDisinfector

SpywareDisinfector is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Win32.Backdoor.Gunbot

Win32.Backdoor.Gunbot will open up a backdoor on the infected machine. It will then try to contact an IRC server.

Win32.Backdoor.IRCBot

Win32.Backdoor.IRCBot opens up a backdoor on the infected computer. It will then try to contact an IRC server using an IRC client like mIRC.

Win32.Backdoor.IRCZapchast

Win32.Backdoor.IRCZapchast opens up a backdoor on the infected computer. It will then try to contact an IRC server using an IRC client like mIRC.

Win32.Backdoor.Poebot

Win32.Backdoor.Poebot is malware that can open up backdoors on a compromised computer.

Win32.Hacktool.Keyfinder

The program acquires serial keys for registered applications that are installed on the PC. In certain circumstances this could be done remotely and without the victim's knowledge.

Win32.Sality

Win32.Sality drops malicious DLLs and executable files into the system32 folder. Then it automatically executes some of the dropped files and makes them run in stealth for the user. Win32.Sality can also appear as a virus.

Win32.TrojanDownloader.ISTBar

Win32.TrojanDownloader.ISTBar connects to the Internet surreptitiously and downloads and installs files to the user's PC without his/her knowledge or consent.

Win32.TrojanDownloader.Nurech

TrojanDownloader.Nurech retrieves and installs additional files.

Win32.Trojan.Horst

Win32.Trojan.Horst is a Trojan that will try to open up a backdoor on the infected computer. It may also try to download additional files.

Win32.TrojanPWS.Lmir

Win32.TrojanPWS.Lmir is a password stealing Trojan. It monitors keystrokes and mouse clicks to collect login information. This information is then transmitted to a remote homepage.

Win32.TrojanPWS.StealPass

Win32.TrojanPWS.StealPass is a Trojan that focuses mainly on stealing password information from users and monitoring keystrokes and sending them to a remote host.

Win32.TrojanPWS.WOW

Win32.TrojanPWS.WOW is a Trojan that focuses mainly on stealing login information for World of Warcraft games by monitoring keystrokes and sending them to a remote host.

Win32.TrojanSpy.BZub

Win32.TrojanSpy.BZub is a Trojan that steals login and credit card information. It normally loads itself as a Browser Helper Object.

TAI - Threat Assessment Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

 

Threat Analysis (TA) Index

Home   arrow

 
Ad-Aware SE + Firewall - 30% off! Buy Ad-Aware SE + Lavasoft Personal Firewall bundle today and get up to 30% off! *Offers ends March 15th, 2007. All purchases will be eligible for a free update to Ad-Aware 2007
Stats
One of the so-called "fathers of the Internet" claims 100-150 million of the 600 million online computers are virus-infected components in botnet networks of PCs under control of hackers. Read who said it and what other predictions he makes in our story, "Battling the Botnet Pandemic."
Botnet
Term of the Month
Botnet, shortened from roBOT NETwork, is a network of compromised PCs. It is a type of Remote Control Software, specifically a collection of software robots, or 'bots', which run autonomously. Botnets have been used for sending spam remotely, installing more spyware without consent, and for other illicit purposes.

Educate yourself by reading more terms in our Spyware Glossary.
Tech Tips
Having up-to-date firewall, anti-virus and anti-spyware programs is key in keeping your computer safe, but be prepared in the event of a system crash. Back up your files! Along with confidential documents, think of all those personal photos you may have stored on your PC. Don't lose them! Copy them onto a removable disc and store them in a safe place. It may seem like simple advice, but many computer users don't have any back ups at all.
Letters to the Editor
Many of you who wrote to us feel the so-called "spyware" teacher shouldn't be put behind bars and that malware is the real criminal in this case. Stay tuned to this story as sentencing is handed down March 2. In the meantime, read a few of your letters here (some have been shortened due to space limitations).
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
Page footer
http://www.lavasoft.com http://www.lavasoft.com https://secure.element5.com/esales/checkout.html?quickbuy=1&productid=511863&affiliate=LAV003newsjan07-en https://secure.element5.com/esales/checkout.html?quickbuy=1&productid=511866&affiliate=LAV003newsjan07-en http://www.lavasoft.com/download_and_buy/volume_licensing.php