Lavasoft News - August 2007 http://www.lavasoft.com

New Targets in Detection (July 2007)

Adware.Delf

Adware.Delf installs without user consent. Adware.Delf installs a component that loads with iexplore.exe a BHO, or Browser Helper Object. When a user starts Internet Explorer, Adware.Delf connects to several URLs and thereby causes unnecessary network traffic. Adware.Delf may collect and disclose data about the user's surfing habits.

Adware.Oemji

Adware.Oemji is an adware application that replaces the default search engine in Internet Explorer to Oemji’s own search engine. Adware.Oemji installs itself as a BHO, or Browser Helper Object. Thereby it adds an Internet Explorer toolbar.

Adware.TTC

Adware.TTC is adware which contains no license agreement and privacy policy. It also hooks itself into Internet Explorer and may cause unwanted advertising for the user.

DioCleaner

DioCleaner is rogue anti-spyware and a clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

ErrorDoctor

ErrorDoctor is rogue anti-errorware that tricks the user into buying the commercial version. ErrorDoctor’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by Trojans that scare or trick the user into clicking yes.

MagicAntiSpy

MagicAntiSpy is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

MalwareAlarm

MalwareAlarm is rogue anti-spyware and a clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SpyCrush

SpyCrush is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SpyCut

SpyCut is rogue anti-spyware and a clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

SpyShredder

SpyShredder is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Trojan.BAT.TimeReset

Trojan.BAT.TimeReset changes the date on a user’s computer without permission.  It drops a bat script which executes itself and modifies the date.

VirusHeal

VirusHeal is a rogue anti-spyware application. The program states it will remove spyware but, instead, installs malware. The user is made to believe the application is a legitimate program that removes viruses. If the user restarts the computer, VirusHeal automatically scans the user's hard drive. The threats found by the scan can only be removed if the user buys the application.

VirusProtectPro

VirusProtectPro is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Win32.Adware.AdMoke

Win32.Adware.Admoke may drop files on a user’s system. It does not display a EULA or privacy policy, and causes unwanted pop-ups.

Win32.AdWare.Cinmus

Win32.Adware.Cinmus is a Chinese adware program that, once installed, makes connections to Chinese ad sites. It installs, operates in stealth, and makes Internet connections without user consent.

Win32.Backdoor.Powerspider

Win32.Backdoor.Powerspider Trojan is an application that gives its author unauthorized access to your computer.

Win32.Keylogger.SaveKeys

Win32.Keylogger.SaveKeys is monitoring software which is used to log keystrokes and paths of the programs that are opened and closed by a computer user.

Win32.PWS.Hook

Win32.PWS.Hook uses image file execution options to hijack legitimate programs, and may contact suspicious domains for downloading malicious files.

Win32.TrojanDownloader.Tiny

Win32.TrojanDownloader.Tiny connects to bad HTTP domains, and then downloads and installs files to the user's PC without their knowledge or consent.

Win32.TrojanPWS.WebMoner

Win32.TrojanPWS.WebMoner is a Russian-based password stealer. It's known to be installed through exploited websites. Links to these websites have been seen spammed over ICQ.

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

 

Threat Analysis (TA) Index


Home   arrow

 
GreenPrint GreenPrint Buy GreenPrint Home for $35
Stats
The global IT industry accounts for 2 percent of the world's carbon dioxide emissions - the same amount produced by the world's aviation industry, Gartner statistics show. Over the next 5 years, technology companies will be met with growing financial, environmental and legislative pressure to become more environmentally sustainable, according to a Gartner analyst.

Source: CNET News.com

herdsman with computers
Term of the Month
A bot herder is a hacker who installs malicious software on a PC without the knowledge of the computer user, with the ultimate goal of controlling thousands of compromised machines. Once hackers install their software, they are capable of controlling the infected computers remotely. After they have compromised enough computers, bot herders have a robot network, or botnet, under their command.

Source: www.fbi.gov
Tech Tips
How can you help fight the botnet battle, and make sure that your PC does not end up under a bot herder’s control? Contributing to the problem is the large number of home users whose computers do not have adequate protection and are easy prey for botnet operators. It is critical that home users install up-to-date firewalls, anti-virus and anti-spyware software, in addition to being cautious when going online. If you have been a victim of cyber crime, you can also file a complaint online through the Internet Crime Complaint Center.
Helpful Homepages
Electronic waste or e-waste is one of the fastest growing waste problems. So before you buy that new PC, think about what to do with the old one. Visit www.computertakeback.com or www.earth911.org to find out more about recycling your electronics. The Computer TakeBack Campaign focuses on requiring consumer electronics manufacturers to take responsibility for the life cycle of their products, while Earth 911 offers community-specific environmental information for consumers looking to live more responsibly.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
Page footer http://www.lavasoft.com
http://www.lavasoft.com GreenPrint