March 2008

New Targets in Detection (February 2008)

Adware.Easybar  Adware.Easybar installs without displaying a EULA or Privacy Policy. Adware.Easybar may cause pop-ups.
Adware.Shopcenter  Adware.Shopcenter installs without displaying a EULA or PP. It then operates in stealth and may display advertisement based on search terms. Adware.Shopcenter performs automatic updates without notifying the user.
AntiSpyCheck  AntiSpyCheck is rogue anti-spyware that tricks the user into buying the commercial version. AntiSpyCheck's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes.
AntiSpyKit  AntiSpyKit is a rogue anti-spyware and clone of AntiVirusGolden; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.
AntiSpywareBoss  AntiSpywareBoss is rogue anti-spyware that tricks the user into buying the commercial version. AntiSpywareBoss's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes.
AntiVirusPro2008  AntiVirusPro2008 is a rogue anti-spyware and clone of MalwarePro; it may give exaggerated threat reports on the compromised computer and thenthe user to purchase a registered version to remove those reported threats.
MalwareCore  MalwareCore is a rogue anti-spyware and clone of MalwareWipe; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.
SaliarAR  SaliarAR is rogue anti-spyware that tricks the user into buying the commercial version. SaliarAR's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes.
SecureCleaner SecureCleaner is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.
SpyKillerPro  SpyKillerPro is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.
SpyRemover  SpyRemover is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.
SpywareIsolator  SpywareIsolator is rogue anti-spyware that tricks the user into buying the commercial version. SpywareIsolator's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes.
SpywarePro  SpywarePro is a rogue anti-spyware and clone of MalwarePro; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.
Toolbar.iWon  Tolbar.iWon is a search toolbar which is installed directly into the Internet Explorer browser without any EULA or Privacy Policy. The toolbar is designed to make the user access iWon sites from anywhere on the Internet. iWon is installed on all user accounts and may open up unwanted iWon pop-up windows when closing down the current browser.
Win32.Backdoor.ADMDNews Win32.Backdoor.ADMDNews will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.Akbot  Win32.Backdoor.Akbot opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.AntiPC Win32.Backdoor.AntiPC is a program that can give an remote attacker unauthorized access to an infected machine, thus compromising system security.
Win32.Backdoor.Assasin  Win32.Backdoor.Assasin is a malware application that can open up backdoors on a compromised computer.
Win32.Backdoor.Bionet  Win32.Backdoor.Bionet will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.Bionix Win32.Backdoor.Bionix will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.Brabot  Win32.Backdoor.Brabot opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.CmjSpy Win32.Backdoor.CmjSpy will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.DarkMoon  Win32.Backdoor.DarkMoon will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.Death  Win32.Backdoor.Death opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.DsBot Win32.Backdoor.DsBot opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Emogen  Win32.Backdoor.Emogen opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.F_Door  Win32.Backdoor.F_Door is a program that can give a remote attacker unauthorized access to an infected machine, thus compromising system security.
Win32.Backdoor.FreeWeb Win32.Backdoor.FreeWeb opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Fripod Win32.Backdoor.Fripod opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Ishbot  Win32.Backdoor.Ishbot opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Jaan Win32.Backdoor.Jaan opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Kbot Win32.Backdoor.Kbot opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Nether  Win32.Backdoor.Nether opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.NetMetro  Win32.Backdoor.NetMetro will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.NetSphere  Win32.Backdoor.NetSphere will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.Notpa Win32.Backdoor.Notpa will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.Rustock  Win32.Backdoor.Rustock opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Skrat Win32.Backdoor.Skrat will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.SpecTroj  Win32.Backdoor.SpecTroj opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Surila  Win32.Backdoor.Surila is a backdoor which opens up a several ports that makes it possible for a malicious attacker to gain remote unauthorized access to the infected computer. It is also known to drop rootkit elements on the user's machine.
Win32.Backdoor.TDS  Win32.Backdoor.TDS will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.UrlBot Win32.Backdoor.UrlBot opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.Vipdataend Win32.Backdoor.Vipdataend will open up a backdoor on the infected machine allowing remote access.
Win32.Backdoor.Zemac  Win32.Backdoor.Zemac opens a backdoor that may allow a remote user to take control of the infected system.
Win32.DoS.Fedup Win32.DoS.Fedup is a program that launches denial of service attacks on the IP address of a particular port specified by the attacker.
Win32.DoS.Nemesy Win32.DoS.Nemesy is a program that launches denial of service attacks on an IP address specified by the attacker. The attacker can configure the number, size and delay between packets being sent.
Win32.DoS.Tudon Win32.DoS.Tudon is a program that launches denial of service attacks on a URL of a particular port specified by the attacker.
Win32.DoS.VB Win32.DoS.VB is a program that launches denial of service attacks on IP addresses or URLs specified by the attacker.
Win32.Downloader.Searchpia  Win32.Downloader.Searchpia downloads malicious software from a remote server without the consent of the user.
Win32.PWS.Fakelogin  Win32.PWS.Fakelogin is a program that is designed to steal log-in information. It presents fake log-in windows, then transmits the user's ID and password back to the malware author.
Win32.Trojan.Buzus  Win32.Trojan.Buzus is malware that frequently tries to open up TCP port 6667 on the infected system. It may also install a new file in the %system folder which is running in stealth as a process, giving no clue of its functionality.
Win32.Trojan.Favadd  Win32.Trojan.Favadd is a Trojan which may open up a backdoor on the infected computer. It may also try to download additional files.
Win32.Trojan.Midgare Win32.Trojan.Midgare installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Tumac Win32.Trojan.Tumac installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Wublu Win32.Trojan.Wublu installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Vxijpg  Win32.Trojan.Vxijpg installs itself as a Trojan. It may also download additional files to the infected system.
Win32.TrojanDownloader.Axload Win32.TrojanDownloader.Axload downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Botol  Win32.TrojanDownloader.Botol downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Briss Win32.TrojanDownloader.Briss downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Dia Win32.TrojanDownloader.Dia downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Esepor  Win32.TrojanDownloader.Esepor downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Hilldoor  Win32.TrojanDownloader.Hilldoor downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Hmir  Win32.TrojanDownloader.Hmir downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Kotan Win32.TrojanDownloader.Kotan downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Livup Win32.TrojanDownloader.Livup downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Losabel  Win32.TrojanDownloader.Losabel downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.NanoDesu Win32.TrojanDownloader.NanoDesu downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.QDown Win32.TrojanDownloader.QDown downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Tiner Win32.TrojanDownloader.Tiner downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.Wimad  Win32.TrojanDownloader.Wimad downloads malicious software from a remote server without the consent of the user.
Win32.Trojan-Dropper.Cabi Win32.Trojan-Dropper.Cabi will drop and try to install additional malicious files on the system.
Win32.TrojanDropper.EESbinder  Win32.TrojanDropper.EESbinder will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.TrojanDropper.Smorph Win32.TrojanDropper.Smorph will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.TrojanDropper.Yabinder Win32.TrojanDropper.Yabinder will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.TrojanProxy.DiskMaster Win32.TrojanProxy.DiskMaster opens up the infected machine to be used as a proxy server.
Win32.TrojanProxy.Saturn  Win32.TrojanProxy.Saturn allows remote access to the computer. It may also try to contact its author using mail.
Win32.TrojanProxy.WinGater Win32.TrojanProxy.WinGater opens up the infected machine to be used as a proxy server.
Win32.Trojan-PSW.Nilage  Win32.Trojan-PSW.Nilage is a Trojan Horse program that installs to run in stealth on system startup. It can steal user passwords on the infected system, thus compromising system security.
Win32.Trojan-PSW.Vipgsm Win32.Trojan-PSW.Vipgsm is a Trojan program that installs to run in stealth. It can steal user passwords and other info on a infected system, thus compromising system security and user privacy.
Win32.TrojanPWS.HotmailHacker  Win32.TrojanPWS.HotmailHacker is a Trojan which may trick the user by displaying an error message: " MSN messenger has detected a bug within it's software (JL-32.CCS). Microsoft has repaired the error (JL-32.CSS). You may now  sign on." This statement is fake and pushes the user to log-in to MSN Messenger. The moment the victim signs in, their e-mail address and password are sent to a third party.
Win32.TrojanPWS.Jammer Win32.TrojanPWS.Jammer records your keystrokes and/or passwords, transmitting them to a remote server.
Win32.TrojanPWS.Lomaster Win32.TrojanPWS.Lomaster records your keystrokes and/or passwords, transmitting them to a remote server.
Win32.TrojanPWS.Minild Win32.TrojanPWS.Minild records your keystrokes and/or passwords, transmitting them to a remote server.
Win32.TrojanPWS.Minirat Win32.TrojanPWS.Minirat records your keystrokes and/or passwords, transmitting them to a remote server.
Win32.TrojanPWS.Mtmpas Win32.TrojanPWS.Mtmpas records your keystrokes and/or passwords, transmitting them to a remote server.
Win32.Trojan-PWS.PdPinch Win32.Trojan-PWS.PdPinch is a Trojan Horse application that can steal log-in information on an infected machine, thus compromising system security and user privacy.
Win32.TrojanPWS.Smym Win32.TrojanPWS.Smym records your keystrokes and/or passwords, transmitting them to a remote server. Win32.TrojanPWS.Smym mainly focuses on Yahoo passwords.
Win32.TrojanSpy.Qeds  Win32.TrojanSpy.Qeds is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses. Win32.TrojanSpy.Qeds has also been seen installing adware.
Win32.Virus.Adson  Win32.Virus.Adson is a virus that infects selected executable files. If infected by Win32.Virus.Adson you will need to run an anti-virus program to clear it.
Win32.Virus.Arrow  Win32.Virus.Arrow  is a virus that infects selected executable files. If infected by Win32.Virus.Arrow  you will need to run an anti-virus program to clear it.
Win32.Virus.Aspade  Win32.Virus.Aspade  is a virus that infects selected executable files. If infected by Win32.Virus.Aspade  you will need to run an anti-virus program to clear it.
Win32.Virus.Bakaver Win32.Virus.Bakaver is a virus that infects selected executable files. If infected by Win32.Virus.Bakaver you will need to run an anti-virus program to clear it.
Win32.Virus.Basket Win32.Virus.Basket is a virus that infects selected executable files. If infected by Win32.Virus.Basket you will need to run an anti-virus program to clear it.
Win32.Virus.Bayan  Win32.Virus.Bayan  is a virus that infects selected executable files. If infected by Win32.Virus.Bayan  you will need to run an anti-virus program to clear it.
Win32.Virus.Belial  Win32.Virus.Belial is a virus that infects selected executable files. If infected by Win32.Virus.Belial  you will need to run an anti-virus program to clear it.
Win32.Virus.Cream Win32.Virus.Cream is a virus that infects selected executable files. If infected by Win32.Virus.Cream you will need to run an anti-virus program to clear it.
Win32.Virus.Dream  Win32.Virus.Dream  is a virus that infects selected executable files. If infected by Win32.Virus.Dream  you will need to run an anti-virus program to clear it.
Win32.Virus.Ingax Win32.Virus.Ingax is a virus that infects selected executable files. If infected by Win32.Virus.Ingaxyou will need to run an anti-virus program to clear it.
Win32.Virus.Siller  Win32.Virus.Siller  is a virus that infects selected executable files. If infected by Win32.Virus.Siller  you will need to run an anti-virus program to clear it.
Win32.Virus.Simer Win32.Virus.Simer is a virus that infects selected executable files. If infected by Win32.Virus.Simer you will need to run an anti-virus program to clear it.
Win32.Virus.Vulcano  Win32.Virus.Vulcano  is a virus that infects selected executable files. If infected by Win32.Virus.Vulcano  you will need to run an anti-virus program to clear it.
Win32.Virus.Xorer  Win32.Virus.Xorer  is a virus that infects selected executable files. If infected by Win32.Virus.Xorer  you will need to run an anti-virus program to clear it.
Win32.Worm.AimVen Win32.Worm.AimVen is a worm  that can use AOL Instant Messenger to spread over the network.
Win32.Worm.Alcaul Win32.Worm.Alcaul is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Antinny Win32.Worm.Antinny is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Apart Win32.Worm.Apart is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Burnox Win32.Worm.Burnox is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Bymer Win32.Worm.Bymer is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.ChainSaw Win32.Worm.ChainSaw is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Collo Win32.Worm.Collo is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Datom Win32.Worm.Datom is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Deborm Win32.Worm.Deborm is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Deloder Win32.Worm.Deloder is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Doomjuice  Win32.Worm.Doomjuice is a worm that spreads itself without any user intervention.
Win32.Worm.Downloader  Win32.Worm.Downloader is a mass mailing worm that spreads itself without any user intervention. It may also download malicious software from a remote server without the consent of the user.
Win32.Worm.Duster Win32.Worm.Duster is a worm that spreads itself without any user intervention. It joins an IRC channel to await commands from a C&C server
Win32.Worm.Fasong  Win32.Worm.Fasong is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Heyya  Win32.Worm.Heyya is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Kolab  Win32.Worm.Kolab is a worm that spreads through shared folders on the network and as an e-mail attachment. It will also harvest the infected machine for new addresses.
Win32.Worm.Lovesan  Win32.Worm.Lovesan may exploit software vulnerabilities on Microsoft Windows systems.
Win32.Worm.Maldal Win32.Worm.Maldal is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Mars Win32.Worm.Mars is a worm that spreads through shared folders on the network and as an e-mail attachment. It will also harvest the infected machine for new addresses.
Win32.Worm.Notfam  Win32.Worm.Notfam spreads from computer to computer via compromised systems or exploits.
Win32.Worm.Piggi Win32.Worm.Piggi is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Prolin Win32.Worm.Prolin is a worm that spreads through shared folders on the network and as an e-mail attachment. It will also harvest the infected machine for new addresses.
Win32.Worm.Randon  Win32.Worm.Randon spreads from computer to computer via compromised systems or exploits.
Win32.Worm.Sonic Win32.Worm.Sonic is a worm copies itself to the shared folders on the Network and uses the SMTP protocol to send outgoing messages.
Win32.Worm.Ultimax Win32.Worm.Ultimax is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Witty Win32.Worm.Witty spreads from computer to computer via compromised systems or exploits.
Win32.Worm.Wogue Win32.Worm.Wogue is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Yaneth Win32.Worm.Yaneth is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.ZwQQ Win32.Worm.ZwQQ spreads from computer to computer via compromised systems or exploits.
WinXDefend  WinXDefend is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

 

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

Threat Analysis (TA) Index

 
  home
SPAMfighter Pro More Info Buy Now

28 Percentage of survey respondents who tried to remove themselves from a spammer’s list by clicking on a link within the spam message.
Source: 2007 Consumer Reports State of the Net Survey

E-mail spamming is the practice of indiscriminately sending recipients mass quantities of unwanted e-mail messages. Spam can contain phishing scams, worms, viruses and malware. Spamming is now seen in many mediums – instant messaging, blogs, mobile phones, Internet forums, and more.
Source: Wikipedia.org

Looking for information on extended language support for your favorite anti-spyware software, Ad-Aware 2007? Get the details.

“I loaded your Ad-Aware Plus and within a few minutes my computer was free of the malware, viruses and all the stuff keeping my computer from running like it should. I'm free at last!! Thank you Lavasoft, you are worth every penny I spent for your program.”
Carl (Milford, Ohio, USA)

Lavasoft AB Lilla Bommen 1, 411 04 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com