Lavasoft News - May 2007

New Targets in Detection (April 2007)

Adware.CDN

Adware.CDN is malware which can cause heavy downloading. Adware.CDN causes a lot of pop-ups and can make the system unstable.

Annoyware.Dizzy

Annoyware.Dizzy is malware that distorts the monitor's display in such a way as to render the display unreadable.

AntiSpyZone

AntiSpyZone is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

MalwareStopper

MalwareStopper is rogue anti-spyware and a clone of Spysheriff; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

PerfectCleaner

PerfectCleaner is rogue anti-spyware and a clone of SpyAway; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

PrivacyProtector

PrivacyProtector is rogue anti-spyware and a clone of DriveCleaner; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

SpyAway

SpyAway is rogue anti-spyware and a clone of SpyGuard; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

SpyLocked

SpyLocked is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

Superutilbar

Superutilbar is a toolbar that has a search engine connected to baidu.com. The installation works like a dropper; the toolbar is installed without the user's permission. Superutilbar is installed on all user accounts and does not include a functional uninstaller.

UltimateFixer

UltimateFixer is an anti-spyware application. The program states it will fix hard drive errors, optimize Windows registry and does not show any license agreement before installation. After scanning the hard drive the user is told it has over 300 critical errors even if the computer is clean. The user has to go through a paid registration before any spyware can be removed and alert warnings try to entice the user to buy UltimateFixer's software.

Win32.Backdoor.BlackHole

Win32.Backdoor.BlackHole opens a backdoor that may allow a remote user to take control of the infected system.

Win32.Backdoor.Lecna

Win32.Backdoor.Lecna opens up a backdoor on the infected computer. It will copy itself to c:\program files\internet exp1orer\iexplore.exe and start automatically at login.

Win32.Backdoor.PoisonIvy

Win32.Backdoor.PoisonIvy is malware that can open up backdoors on a compromised computer.

Win32.SpamTool.Agent

Win32.SpamTool.Agent is used to send e-mails from infected computers.

Win32.TrojanDownloader.Cryptic

Win32.TrojanDownloader.Cryptic is a downloader which installs malicious files into the system folder. It also opens the Internet Explorer browser process and makes it run in stealth.

Win32.Trojan.ExitWin

Win32.Trojan.ExitWin runs as a process in stealth and after a certain amount of time it will restart the computer.

Win32.Trojan.MancSyn

Win32.Trojan.MancSyn will install itself as a Trojan horse. It will then try to contact remote servers and try to download additional files.

Win32.TrojanProxy.Cimuz

Win32.TrojanProxy.Cimuz allows for unwanted remote access to the infected computer. It may also log and transmit keystrokes.

Win32.TrojanProxy.Dlena

Win32.Trojan.Proxy.Dlena injects files onto the computer and tries to download files.

Win32.TrojanProxy.Slaper

Win32.TrojanProxy.Slaper allows remote access to the computer. It may also try to contact its author using mail.

Win32.TrojanPWS.Maran

Win32.TrojanPWS.Maran installs a Trojan on the infected machine. It is also known to install a Layered Socket Provider (LSP) to monitor the network

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

 

Threat Analysis (TA) Index


Home   arrow

 
Roboform Pro Password Manager
Stats
These days, computer security threats are coming from all directions. Here are the top five worries keeping entrepreneurs up at night, according to a March survey by the research firm Forrester.

Viruses and worms: 73%
Spyware: 66%
Spam: 64%
Outside hackers: 57%
Identity theft: 55%

Source: inc.com
Dialer
Term of the Month
A dialer is any program that utilizes a computer's modem to make calls or access services. Users may want to remove those that dial without the user's active involvement, resulting in unexpected telephone charges and/or cause access to unintended and unwanted content. They have the ability to run in the background, hiding their presence.
Tech Tips
You are a potential target for auto-dialer if you use a phone line to connect to the Internet or leave a telephone line connected to your PC even after switching to DSL or cable Internet service. Some tips:
  • If you don't need a dial-up connection, unplug your phone from the computer.
  • Disable dialup connections. If you're using Windows, for instance, click on "Start," "Settings," "Control Panel" and then "Internet Options." Open the "Connections" tab, and make sure "Never dial a connection" is checked.
  • Update your Ad-Aware SE anti-spyware and run a full sweep of your computer.
Helpful Homepage
If you suspect your personal information has been stolen, one website will give you the answer - StolenIDSearch.com. Just input your social security or credit card number on the main page to search more than 2.3 million compromised numbers...for free.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
Page footer
http://www.lavasoft.com http://www.lavasoft.com