Lavasoft News - July 2007

New Targets in Detection (June 2007)

Name Description


Annoyware.CrazyMouse is annoyware which displays bad joke messages every time a mouse button is clicked.


DrAntispy is a rogue anti-spyware program; it displays fake warnings on a user's computer in order to attract the user to purchase its full commercial version. It may relate to Bravesentry.


ExpertAntivirus is a rogue anti-spyware program and clone of Ad-Protect; it may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.


MyglobalsearchToolbar is a toolbar which installs on the system without any privacy policy and EULA. If users choose to use MyglobalsearchToolbar, they will be redirected to their search engine page. The toolbar is also installed on all user accounts and does not provide a functional uninstaller.


SystemLiveProtect is rogue anti-spyware that tricks the user into buying the commercial version. SystemLiveProtect's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by Trojans that scare or trick the user into clicking yes.


Win32.Backdoor.Peepview is malware that can open up backdoors on a compromised computer. It may copy itself to the %system% folder and run in stealth.


Win32.P2PWorm.Agent is a worm which uses p2p technology to spread itself over the local network or Internet.


Win32.TrojanDownloader.QQHelper is designed to download other malware and adware from multiple servers or sources on the Internet.


Win32.Trojan-PSW.Coced is a Trojan that focuses mainly on stealing passwords from users. It may copy itself to the %windows% directory. The monitoring tool also runs in stealth as a process.


Win32.Adware.FWN adds an extra toolbar to your Interenet Explorer browser and shows advertisements after install. The toolbar includes a search function. Searches are also directed to This adware can track users browsing and search queries, and negatively affects the browser performance.


Win32.Backdoor.Delf allows a remote user to gain full control over an infected machine.


Win32.Backdoor.Haxdoor is a Trojan which opens several TCP ports. A malicious attacker may thereby gain unauthorized access to the infected computer.


Win32.TrojanDownloader.NewMedia will try to download and install fake alerting malware to the infected computer. It will also display links to rogue anti-spyware software.


Win32.AdWare.Boran is an Adware Dropper. It drops several dll files on the victim's computer. It also adds an Internet Explorer BHO, or Browser Helper Object. Win32.Adware.Boran installs without user consent, operates in stealth and opens up several ports making connections to advertisement websites. It may also open extra browser windows and slow down the user's surfing speed.


Win32.Backdoor.Singu is a Trojan which opens up several ports that make it possible for a malicious attacker to gain remote unauthorized access to the infected computer.


Win32.Backdoor.Snart is malware that can open up backdoors on a compromised computer.

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.


Threat Analysis (TA) Index

Home   arrow

Ad-Aware 2007 - Now Available
By the end of 2008, there will be more than one billion personal computers in use worldwide. Forrester Research Inc. predicts that the number of PCs in use will more than double by 2015. It took 27 years to reach the billion-PC mark, but it will take only five years to reach the next billion, due to advanced technology, lower prices, and emerging technology-aware populations.

Source: Forrester's "Worldwide PC Adoption Forecast to 2015"
Term of the Month
An End User License Agreement, or EULA, is a software license agreement that indicates the terms for an end user to utilize certain software. That fine-print legal jargon that makes you want to check the box next to, "Yes, I have read and accept these terms," without fully reading the text, is an official agreement between you and a software vendor.
Tech Tips
It is important to read all EULAs and privacy statements carefully before installing new software. If the EULA is hard to find or difficult to understand, reconsider installing the software. You should never install software without knowing exactly what it is. By not fully reading the EULA, you may agree to questionable activities by the software vendor, and even to installing spyware and adware on your computer. The Zlob/Smitfraud Trojan (fake codecs most notably) actually DOES include proper disclosure of what will be downloaded to your PC. Take the time to read EULAs carefully!
Helpful Homepage is the world's largest online safety, education and help group. Adults can visit the site for information on safely navigating the World Wide Web, and there are also specialty directories designed for kids. While it originally formed to help and protect Internet users of all ages,'s work has become increasingly dedicated to children, tweens, and teens.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg