Lavasoft News - April 2007

New Targets in Detection (April 2007)

Name Description

Adware.Padsys

Adware.Padsys will show pop-up advertisements based on the user’s surfing habits. It may use rootkit technology to hide itself.

Adware.WebBuying

Adware.WebBuying displays pop-ups when the user is surfing the net. It runs as a stand alone process in the background and may also install a BHO.

SpyDawn

SpyDawn is a rogue anti-spyware and clone of SpywareQuake; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

Win32.Backdoor.VanBot

Win32.Backdoor.VanBot installs a backdoor service on the infected computer. This backdoor lets the attacker gain full control of the compromised system.

Win32.Backdoor.VB

Win32.Backdoor.VB is a Trojan that will try to open up a backdoor on the infected computer. It will then try to contact the backdoor's author.

Win32.TrojanDownloader.Obfuscated

Win32.TrojanDownloader.Obfuscated connects to the internet surreptitiously and downloads and installs files to a user’s PC without his/her knowledge or consent.

AdProtect

AdProtect is a rogue anti-spyware and clone of Virus Blast; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

ErrorProtector

ErrorProtector is a clone of SystemDoctor; it may give exaggerated error reports on the compromised computer and then ask the user to purchase a registered version to remove those reported errors.

UltimateCleaner

Ultimate Cleaner is a rogue privacy cleaner that tricks the user into buying the commercial version. Ultimate Cleaner's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking the 'Yes' option.

Win32.Backdoor.BeastDoor

Win32.Backdoor.BeastDoor hides itself in the system folder and operates in stealth. It opens a backdoor that may allow a remote user to take control of the infected system.

Win32.Backdoor.Ranky

Win32.Backdoor.Ranky hides itself in the system folder and operates in stealth. It opens a backdoor that may allow a remote user to take control over the infected system.

Win32.Backdoor.SubSeven

Win32.Backdoor.SubSeven opens a backdoor that may allow a remote user to take control over the infected system.

Win32.TrojanSpy.Proagent

Win32.TrojanSpy.Proagent will try to steal passwords from messenger clients, e-mail clients, ftp clients and Internet Explorer. It will also monitor and log key strokes. All this stolen information will then be sent to the Trojan's author via e-mail.

VirusRescue

VirusRescue is rogue anti-errorware that tricks the user into buying the commercial version. VirusRescue's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements and is often seen along with Win32:TrojanDownloader.Zlob.

NeospaceInternetSecurity

Neospace Internet Security is a rogue anti-spyware that tricks the user into buying the commercial version. Neospace Internet Security's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking ‘Yes’.

Win32.Worm.Zhelatin

Win32.Worm.Zhelatin can automatically attach spam to e-mails and forum posts. The worm uses the Windows layered service provider for monitoring the outgoing traffic. It then waits for the user to send an e-mail or instant message and attaches spam to it.

Win32.Backdoor.Wisdoor

Win32.Backdoor.Wisdoor opens up a backdoor on the infected machine. This allows remote access to the machine.

Win32.BadJoke.FakeDel

Win32.BadJoke.FakeDelete tricks the user into deleting legitimate Windows files. It can appear as a folder icon and could ask the user to delete, e.g. The Windows folder.

CurePcSolutions

CurePcSolutions is a rogue anti-spyware that tricks the user into buying the commercial version. CurePcSolutions' distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare/trick the user into clicking ‘Yes’.

Win32.Trojan.PSW.Magania

Win32.TrojanPWS.Magania is a password stealing program that hooks itself into the Windows login procedure.

TAI - Threat Assessment Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

 

Threat Analysis (TA) Index


Home   arrow

 
Free Registry Booster Scan from Uniblue. The scan will remove a limited number of errors on your PC. To remove all errors, Registry Booster can be purchased for $29.95 (get System Tweaker as a bonus).
Net Stats
The world generated 161 billion gigabytes of data in 2006, according to a new study by technology research firm IDC. That is 3 million times the information in all the books EVER written. Or picture this - 12 stacks of books that each reach from the Earth to the sun. That is a good chunk of photos, videos, e-mail, web pages, instant messages, phone calls, and other digital data.
Source: IDC, AP
Polymorphism
Term of the Month
Polymorphism is a term often used today to describe 'morphing' malware. The spyware application uses a rudimentary form of polymorphism to randomize files, names and registry keys so each infected PC contains a slightly different version of the program. Read the 'computer science' definition of polymorphism at Wikipedia.
Tech Tips
If you cannot save attached files to your PC, your e-mail client may be configured to stop you from opening file attachments of a certain size or type. This is set for security reasons. If you are using Outlook Express, open the Tools menu and select Options. Click the Security tab, deselect the Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus option, and click OK. Be sure to scan the saved file for malware before opening it!
Ballot Box Poll Results
Here are the results from our latest Lavasoft.com Ballot Box poll:
How well do you read EULA's (End User License Agreements)?
I read in detail :789
I scan the text :2593
I accept without reading :5772
Go to Lavasoft.com and take our latest poll: Do you know what pharming is?
Helpful Homepage
There are countless rogue/suspect anti-spyware products and websites out there trying to fool PC users today. Lavasoft News found a great webpage listing a good number of these, including screenshots. Educate yourself at Spyware Warrior!
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
Page footer
http://www.lavasoft.com http://www.lavasoft.com