New Targets in Detection (April 2007)
| Name |
Description |
Adware.Padsys |
Adware.Padsys will show pop-up advertisements based on the user’s surfing habits. It may use rootkit technology to hide itself. |
Adware.WebBuying |
Adware.WebBuying displays pop-ups when the user is surfing the net. It runs as a stand alone process in the background and may also install a BHO. |
SpyDawn |
SpyDawn is a rogue anti-spyware and clone of SpywareQuake; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats. |
Win32.Backdoor.VanBot |
Win32.Backdoor.VanBot installs a backdoor service on the infected computer. This backdoor lets the attacker gain full control of the compromised system. |
Win32.Backdoor.VB |
Win32.Backdoor.VB is a Trojan that will try to open up a backdoor on the infected computer. It will then try to contact the backdoor's author. |
Win32.TrojanDownloader.Obfuscated |
Win32.TrojanDownloader.Obfuscated connects to the internet surreptitiously and downloads and installs files to a user’s PC without his/her knowledge or consent. |
AdProtect |
AdProtect is a rogue anti-spyware and clone of Virus Blast; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats. |
ErrorProtector |
ErrorProtector is a clone of SystemDoctor; it may give exaggerated error reports on the compromised computer and then ask the user to purchase a registered version to remove those reported errors. |
UltimateCleaner |
Ultimate Cleaner is a rogue privacy cleaner that tricks the user into buying the commercial version. Ultimate Cleaner's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking the 'Yes' option. |
Win32.Backdoor.BeastDoor |
Win32.Backdoor.BeastDoor hides itself in the system folder and operates in stealth. It opens a backdoor that may allow a remote user to take control of the infected system. |
Win32.Backdoor.Ranky |
Win32.Backdoor.Ranky hides itself in the system folder and operates in stealth. It opens a backdoor that may allow a remote user to take control over the infected system. |
Win32.Backdoor.SubSeven |
Win32.Backdoor.SubSeven opens a backdoor that may allow a remote user to take control over the infected system. |
Win32.TrojanSpy.Proagent |
Win32.TrojanSpy.Proagent will try to steal passwords from messenger clients, e-mail clients, ftp clients and Internet Explorer. It will also monitor and log key strokes. All this stolen information will then be sent to the Trojan's author via e-mail. |
VirusRescue |
VirusRescue is rogue anti-errorware that tricks the user into buying the commercial version. VirusRescue's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements and is often seen along with Win32:TrojanDownloader.Zlob. |
NeospaceInternetSecurity |
Neospace Internet Security is a rogue anti-spyware that tricks the user into buying the commercial version. Neospace Internet Security's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking ‘Yes’. |
Win32.Worm.Zhelatin |
Win32.Worm.Zhelatin can automatically attach spam to e-mails and forum posts. The worm uses the Windows layered service provider for monitoring the outgoing traffic. It then waits for the user to send an e-mail or instant message and attaches spam to it. |
Win32.Backdoor.Wisdoor |
Win32.Backdoor.Wisdoor opens up a backdoor on the infected machine. This allows remote access to the machine. |
Win32.BadJoke.FakeDel |
Win32.BadJoke.FakeDelete tricks the user into deleting legitimate Windows files. It can appear as a folder icon and could ask the user to delete, e.g. The Windows folder. |
CurePcSolutions |
CurePcSolutions is a rogue anti-spyware that tricks the user into buying the commercial version. CurePcSolutions' distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking ‘Yes’. |
Win32.Trojan.PSW.Magania |
Win32.TrojanPWS.Magania is a password stealing program that hooks itself into the Windows login procedure. |
TAI - Threat Assessment Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point
scale, with 1 representing the lowest threat and 10 representing the
highest. The behavior of the program has more influence when assigning
TAI points than the actual technical aspects of the malware. In other
words, if the malware secretly attaches without the computer user's
full understanding and approval, then it will automatically be given
higher TAI points. A minimum TAI value of 3 is required before the
malware is put into detection. Read more on the Lavasoft Security Center
here.
Home
|
|
Net Stats
The world generated 161 billion gigabytes of data in 2006, according to a new study by technology research firm IDC. That is 3 million times the information in all the books EVER written. Or picture this - 12 stacks of books that each reach from the Earth to the sun. That is a good chunk of photos, videos, e-mail, web pages, instant messages, phone calls, and other digital data.
Source: IDC, AP
Term of the Month
Polymorphism is a term often used today to describe 'morphing' malware. The spyware application uses a rudimentary form of polymorphism to randomize files, names and registry keys so each infected PC contains a slightly different version of the program.
Read the 'computer science' definition of polymorphism at Wikipedia.
Tech Tips
If you cannot save attached files to your PC, your e-mail client may be configured to stop you from opening file attachments of a certain size or type. This is set for security reasons. If you are using Outlook Express, open the Tools menu and select Options. Click the Security tab, deselect the Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus option, and click OK. Be sure to scan the saved file for malware before opening it!
Ballot Box Poll Results
Here are the results from our latest Lavasoft.com Ballot Box poll:
How well do you read EULA's (End User License Agreements)?
| I read in detail : | 789 |
| I scan the text : | 2593 |
| I accept without reading : | 5772 |
Go to Lavasoft.com and take our latest poll: Do you know what pharming is?
Helpful Homepage
There are countless rogue/suspect anti-spyware products and websites out there trying to fool PC users today. Lavasoft News found a great webpage listing a good number of these, including screenshots. Educate yourself at Spyware Warrior!
|
