April 2008
New Targets in Detection (March 2008)

Adware.AdImage Adware.AdImage is of Korean origin. It installs without displaying a EULA or Privacy Policy. Adware.AdImage may cause pop-up advertisements.
Adware.Cashplus  Adware.Cashplus installs itself as a browser extension. Adware.Cashplus may cause pop-up advertisements.
Adware.Deskbar Adware.Deskbar installs itself as a Browser Helper Object (BHO). It may cause pop-up advertisements.
Adware.Dpoint Adware.Dpoint is of Korean origin. It will install itself and replace the links field in Explorer / Internet Explorer. Adware.Dpoint may cause pop-up advertisements.
Adware.E404  Adware.E404 installs itself as a Browser Helper Object (BHO). It may monitor user surfing habits and cause pop-ups.
Adware.Katzu  Adware.Katzu installs without displaying a EULA or Privacy Policy. It is installed as a Browser Helper Object (BHO). Adware.Katzu may cause pop-up or pop-under advertisements.
Adware.MicroBillSystems Adware.MicroBillSystems is used as a paying system mostly for adult oriented sites. After a short while, it will display multiple pop-ups trying to force the user to register.
Adware.Sweetbar Adware.Sweetbar installs itself as a Browser Helper Object (BHO). It may cause pop-up advertisements.
AdwareBot  AdwareBot is a rogue anti-adware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports, then ask the user to purchase a registered version to remove those reported threats.
AntiSpyware  AntiSpyware is a rogue anti-spyware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
AntispywareBot  AntispywareBot is a rogue anti-spyware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.
AntiTrojanPro AntiTrojanPro is rogue anti-spyware and a clone of MalwarePro; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
DoctorVaccine  DoctorVaccine is rogue anti-spyware that tricks the user into buying the commercial version. DoctorVaccine's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
ErrorKiller  ErrorKiller is a rogue repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated error reports, then ask the user to purchase a registered version to remove those reported errors.
ErrorSmart  ErrorSmart is a rogue registry repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
ErrorSweeper  ErrorSweeper is a rogue error repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
EvidenceEraser  EvidenceEraser is a rogue application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
MalwareBot  MalwareBot is a rogue anti-spyware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports, then ask the user to purchase a registered version to remove those reported threats.
PrivacyControl  PrivacyControl is a rogue privacy application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated privacy threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
PrivacyRedeemer  PrivacyRedeemer is rogue anti-spyware that tricks the user into buying the commercial version. PrivacyRedeemer's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
RegClean  RegClean is a rogue registry application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports on the compromised computer, then ask the user to purchase a registered version to remove the reported damage.
RegistryBot  RegistryBot is a rogue registry application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated error reports, then ask the user to purchase a registered version to remove those reported errors.
RegistryCleanFix  RegistryCleanFix is a rogue registry repair application; it may give exaggerated error reports, then ask the user to purchase a registered version to remove those reported errors.
RegistryClear  RegistryClear  is a rogue registry repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports, then ask the user to purchase a registered version to repair the reported damage.
RegistrySmart  RegistrySmart is a rogue registry application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated reports on the computer, then ask the user to purchase a registered version to remove those reported items.
RegRecall  RegRecall is a rogue registry application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports on the compromised computer, then ask the user to purchase a registered version to remove the reported damage.
RegSweep  RegSweep is a rogue registry repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports, then ask the user to purchase a registered version to repair the reported damage.
SearchAndDestroy  SearchAndDestroy is rogue anti-spyware and a clone of MalwarePro; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
SpyBurner  SpyBurner is a rogue anti-spyware application and clone of SpyAway; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
SpyDestroyPro  SpyDestroyPro is rogue anti-spyware that tricks the user into buying the commercial version. SpyDestroyPro's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
SpyMaxx  SpyMaxx is rogue anti-spyware and a clone of AntiSpyStorm; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
SpySnipe  SpySnipe is a rogue anti-spyware and clone of SpywareIsolator; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
SpywareRemover  SpywareRemover is a rogue anti-spyware application published by C-NetMedia; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
SpywareStop  SpywareStop is a rogue anti-spyware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports, then ask the user to purchase a registered version to remove those reported threats.
SpyWatchE  SpyWatchE is rogue anti-spyware and a clone of TheSpyBot; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats.
TheSpyBot  TheSpyBot is rogue anti-spyware that tricks the user into buying the commercial version. TheSpyBot's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
UnigrayAntiVirus UnigrayAntiVirus is rogue anti-spyware that tricks the user into buying the commercial version. UnigrayAntiVirus's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes. UnigrayAntiVirus has been seen spreading by Win32.Trojan.MonaGrey.
Win32.AdWare.FindFM Win32.AdWare.FindFM installs an Internet Explorer toolbar loaded as a BHO, Browser Helper Object. The Internet Explorer homepage and search pages may be hijacked. Searches made from the Internet Explorer address bar may be redirected to the find-fm.com search page. It does not display a Privacy Policy or EULA.
Win32.Adware.Insider  Win32.Adware.Insider may communicate with other computers using the HTTP protocol and execute a process which runs in stealth, giving no clue of its functionality.
Win32.Backdoor.Bancodor  Win32.Backdoor.Bancodor can give an attacker unauthorized remote access to the infected machine, compromising system security and user privacy. Win32.Backdoor.Bancodor installs to load automatically at system start and it installs program components that hook to legitimate processes on the system.
Win32.Backdoor.Banito  Win32.Backdoor.Banito is a malware application that can open up backdoors on a compromised computer.
Win32.Backdoor.Lemerul Win32.Backdoor.Lemerul will open up a backdoor on the infected machine, allowing remote access.
Win32.Backdoor.Lizard Win32.Backdoor.Lizard will open up a backdoor on the infected machine, allowing the attacker to remotely exploit the victim's machine.
Win32.Backdoor.MoonPie Win32.Backdoor.MoonPie opens a backdoor that may allow a remote user to take control of the infected system.
Win32.Backdoor.PushBot Win32.Backdoor.PushBot will open up a backdoor on the infected machine, allowing remote access.
Win32.Backdoor.Specrem Win32.Backdoor.Specrem will open up a backdoor on the infected machine, allowing the attacker to remotely exploit the victim's machine.
Win32.Dialer.AdultBrowser  Win32.Dialer.AdultBrowser is a porn dialer which automatically opens up porn sites and attempts to dial up without permission from the user.
Win32.FakeCodec.BlackCodec  Win32.FakeCodec.BlackCodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications, or by the users on the infected system. This malware may have to be removed manually. If infected, users may seek further help at the Lavasoft Support Forums.
Win32.FakeCodec.MoonCodec  Win32.FakeCodec.MoonCodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications or by the users on the infected system. This malware may have to be removed manually. Infected users may seek further help at the Lavasoft Support Forums.
Win32.FakeCodec.Nitrocodec  Win32.FakeCodec.Nitrocodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications or by the users on the infected system. This malware may have to be removed manually. If infected, users may seek further help at the Lavasoft Support Forums.
Win32.FakeCodec.OperaCodec  Win32.FakeCodec.OperaCodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications or by the users on the infected system. This malware may have to be removed manually. If infected, users may seek further help at the Lavasoft Support Forums.
Win32.FakeCodec.ZeroCodec  Win32.FakeCodec.ZeroCodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications or by the users on the infected system. This malware may have to be removed manually. If infected, users may seek further help at the Lavasoft Support Forums.
Win32.P2PWorm.Malan Win32.P2PWorm.Malan is a worm which uses p2p technology to spread itself over the local network or Internet.
Win32.Trojan.AddUser Win32.Trojan.AddUser installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Hijacker Win32.Trojan.Hijacker is an application that may give an attacker control over the infected PC, compromising system security and user privacy.
Win32.Trojan.Juan  Win32.Trojan.Juan installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Kobcka Win32.Trojan.Kobcka installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.LinkReplacer Win32.Trojan.LinkReplacer installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.MonaGrey Win32.Trojan.MonaGrey installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Raiden  Win32.Trojan.Raiden installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Scapur  Win32.Trojan.Scapur installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Srizbi Win32.Trojan.Srizbi installs itself as a Trojan. It may also download additional files to the infected system. Win32.Trojan.Srizbi uses a rootkit to hide its presence on the infected machine.
Win32.Trojan.Trash  Win32.Trojan.Trash is an application that may give an attacker control over the infected PC, compromising system security and user privacy.
Win32.Trojan.WGAPatch Win32.Trojan.WGAPatch installs itself as a Trojan. It may also download additional files to the infected system.
Win32.TrojanDownloader.Codec.E  Win32.TrojanDownloader.Codec.E downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDownloader.mmCodec Win32.TrojanDownloader.mmCodec is a fake movie codec. Once installed, it will display fake alert messages saying that the computer is infected. It will then try to download rogue anti-spyware.
Win32.TrojanDownloader.PcSave Win32.TrojanDownloader.PcSave downloads malicious software from an remote server without the consent of the user.
Win32.TrojanDownloader.Winlagons Win32.TrojanDownloader.Winlagons downloads malicious software from a remote server without the consent of the user.
Win32.TrojanDropper.CashOn Win32.TrojanDropper.CashOn will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.TrojanDropper.Fenu Win32.TrojanDropper.Fenu will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.TrojanDropper.Sramler Win32.TrojanDropper.Sramler drops additional malicious files on the infected computer, compromising system security and user privacy.
Win32.TrojanProxy.Corpes Win32.TrojanProxy.Corpes allows remote access to the computer and directs traffic to the Internet without the consent of the user. It also lowers system security by deleting firewall settings.
Win32.TrojanProxy.Wintu Win32.TrojanProxy.Wintu allows remote access to the computer and directs the traffic to the Internet without the consent of the user. It also lowers system security by deleting firewall settings.
Win32.TrojanPWS.AcidShiver  Win32.TrojanPWS.AcidShiver records your keystrokes and passwords, transmitting them to a remote server.
Win32.TrojanPWS.EPS  Win32.TrojanPWS.EPS records your keystrokes and passwords, transmitting them to a remote server.
Win32.TrojanPWS.InetHlp Win32.TrojanPWS.InetHlp records your keystrokes and passwords, transmitting them to a remote server.
Win32.TrojanPWS.Kuang  Win32.TrojanPWS.Kuang records your keystrokes and passwords, transmitting them to a remote server.
Win32.TrojanPWS.Prostor  Win32.TrojanPWS.Prostor records your keystrokes and passwords, transmitting them to a remote server.
Win32.TrojanPWS.SharaQQ  Win32.TrojanPWS.SharaQQ records your keystrokes and passwords, transmitting them to a remote server.
Win32.Worm.Agent  Win32.Worm.Agent is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Doombot  Win32.Worm.Doombot is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Dumaru  Win32.Worm.Dumaru is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Ganter  Win32.Worm.Ganter is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Merkur  Win32.Worm.Merkur is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Napsin Win32.Worm.Napsin is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Pikachu Win32.Worm.Pikachu is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Redist  Win32.Worm.Redist is a mass mailing worm that spreads itself without any user intervention.
Win32.Worm.Scrapkut Win32.Worm.Scrapkut spreads through the Orkut social network by injecting malicious javascripts into people's scrapbooks.
WiniFixer  WiniFixer is rogue anti-spyware that tricks the user into buying the commercial version. WiniFixer's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.
WinReanimator  WinReanimator is rogue anti-spyware that tricks the user into buying the commercial version. WinReanimator's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

 

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

Threat Analysis (TA) Index

 
  home
Lavasoft Personal Firewall 3.0 More Info Buy Now

Only 4% of those surveyed in a recent industry study say they understand firewalls “completely” and more than 44% say they do not understand how firewalls work.
Source: NCSA and McAfee Inc. study

A firewall inspects network traffic passing through a computer, denying or permitting passage based on a set of rules. Firewalls provide critical protection to keep PCs safe from unauthorized access.

Why do you need a firewall and, more importantly, why do you need a two-way firewall?
Read more
.
Coming soon...

Lavasoft AB Lilla Bommen 1, 411 04 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com