May 2008
New Targets in Detection (April 2008)
ADWARE Adware is a type of advertising display software that delivers advertising content potentially in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and therefore may also be categorized as tracking technologies. Some consumers may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program, or are frustrated by its effects on system performance.
Adware.123Mania Adware.123Mania installs itself as Browser Helper Object (BHO). It may cause pop-up advertisements.
Adware.ActivShopper Adware.ActivShopper installs as a Browser Helper Object (BHO). It may cause pop-up or pop-under advertisements.
Adware.Adband Adware.Adband loads itself as an explorer bar. It may cause pop-up and pop-under advertisements.
Adware.Adplus Adware.Adplus installs itself as Browser Helper Object (BHO). It may cause pop-up advertisements.
Adware.AdService Adware.AdService is a Chinese application that presents pop-up advertisements.
Adware.AdURL Adware.AdURL can cause downloads of rogue anti-malware applications.
Adware.AdvertMen Adware.AdvertMen is an advertisement application that may cause pop-up and pop-under advertisements.
Adware.Aureate Adware.Aureate is a potentially unwanted program that displays advertisements and may send information about the user's search queries back to its server.
Adware.Autolive Adware.Autolive installs itself as Browser Helper Object (BHO). It may cause pop-up advertisements.
Adware.BestOffers Adware.BestOffers  may cause pop-up or pop-under advertisements.
Adware.CashFiesta Adware.CashFiesta is a Chinese-based application that may cause pop-up advertisements.
Adware.CashOn Adware.CashOn is of Korean origin. It may install without showing a EULA or Privacy Policy. Adware.CashOn may cause pop-up or pop-under advertisements.
Adware.Chajian Adware.Chajian is an advertisement application that may cause pop-up and pop-under advertisements.
Adware.CoreSpy Adware.CoreSpy may cause pop-ups and/or other types of advertisements to appear on the computer where installed.
Adware.DM Adware.DM is a Chinese based application. It causes pop-up advertisements.
Adware.EasyPot Adware.EasyPot displays third party advertisements. It may cause pop-ups and pop-unders.
Adware.Ejik Adware.Ejik installs as an invisible bundle. It has been seen installing along with a Chinese version of Skype. Adware.Ejik may cause pop-up and pop-under advertisements.
Adware.Gragcur Adware.Gragcur is an advertisement application that may cause pop-up and pop-under advertisements.
Adware.IShowBao Adware.IShowBao is an application of Chinese origin. It shows pop-up and pop-under advertisements.
Adware.Itbill Adware.Itbill is and advertisements program that has been seen using exploits to install. It may cause pop-up and pop-under advertisements.
Adware.LinkMedia Adware.LinkMedia is an advertisement application that may cause pop-up and pop-under advertisements.
Adware.MeMedia Adware.MeMedia is a potentially unwanted program. It may cause pop-up or pop-under advertisements.
Adware.MyWay Adware.MyWay is a toolbar and may be installed bundled in with screensaver installers. It installs on all user accounts without the user's consent and does not provide a functional uninstaller. Adware.MyWay also collects keywords from searches in the toolbar.
Adware.Nomeh Adware.Nomeh is an application that can be used to present pop-up advertisements.
Adware.PartyPoker Adware.PartyPoker is a potentially unwanted program.
Adware.PPRich Adware.PPRich is a Chinese based advertisements application. It may cause pop-up and pop-under advertisements.
Adware.Ruporn Adware.Ruporn installs itself as Browser Helper Object (BHO). It may cause pop-up advertisements.
Adware.Sahat Adware.Sahat may cause pop-ups and/or other types of advertisements to appear on the computer where installed.
Adware.SearchAid Adware.SearchAid is an advertisements application that runs in the background. It causes pop-up and pop-under advertisements.
Adware.SearchSpy Adware.SearchSpy is an advertisement application that may cause pop-up and pop-under advertisements.
Adware.SeeCha Adware.SeeCha is an application that can be used to cause pop-up advertisements.
Adware.SmartSearch Adware.SmartSearch is an advertisement application that may cause pop-up and pop-under advertisements.
Adware.Smashsearch Adware.Smashsearch may cause pop-ups and/or other types of advertisements to appear on the computer where installed.
Adware.Sohu Adware.Sohu may cause pop-ups and/or other types of advertisements to appear on the computer where installed.
Adware.SPia Adware.SPia may cause pop-ups and/or other types of advertisements to appear on the computer where installed.
Adware.Systemsave Adware.Systemsave installs itself as Browser Helper Object (BHO). It may cause pop-up advertisements.
Adware.TDPop Adware.TDPop is an advertisement application that may cause pop-up and pop-under advertisements.
Adware.TopInstalls Adware.TopInstalls is an advertisement application that may cause pop-up and pop-under advertisements.
Adware.TryMedia Adware.TryMedia can be used to present pop-up advertisements. It may also download and install additional components without the user's consent.
Adware.Wintol Adware.Wintol may cause pop-ups and/or other types of advertisements to appear on the computer where installed.
Adware.Visua Adware.Visua installs itself as a Browser Helper Object (BHO). It may cause pop-up and pop-under advertisements.
Adware.Zelda Adware.Zelda installs as a Browser Helper Object (BHO). It may cause pop-up and pop-under advertisements.
MyWebSearch MyWebSearch is a search toolbar which uses bad installation methods. The program attempts to hide and obfuscate its license terms before the installation process. MyWebSearch toolbar is installed 
DosPop Toolbar DosPop Toolbar may spread itself through screensavers. Both Privacy Policy and EULA are missing during the installation phase. DosPop Toolbar is also installed on all user accounts without the user's consent. 
Toolbar.4Domains Toolbar.4Domains installs without displaying a EULA or Privacy policy.
Toolbar.Intwined Toolbar.Intwined installs without a EULA. It may cause pop-up and pop-under advertisements.
Toolbar.Klikbar Toolbar.Klikbar installs using exploits. It is used to present pop-up advertisements and to promote rogue anti-spyware applications.
Toolbar.Kuasio Toolbar.Kuasio installs without displaying a EULA or Privacy Policy. It is installed as a toolbar. Toolbar.Kuasio may cause pop-up and pop-under advertisements. It also hijacks the start page.

BACKDOORS
Win32.Backdoor.AcidBattery Backdoors may open up ports on the compromised computer, allowing remote access and control of the victim's machine.
Win32.Backdoor.Acidhead
Win32.Backdoor.Acidoor
Win32.Backdoor.Acidsena
Win32.Backdoor.Acidshiver
Win32.Backdoor.AckCmd
Win32.Backdoor.Acropolis
Win32.Backdoor.Adbreak
Win32.Backdoor.Antilam
Win32.Backdoor.Asylum
Win32.Backdoor.BadBoy
Win32.Backdoor.CSearch
Win32.Backdoor.DeepT
Win32.Backdoor.Fuetel
Win32.Backdoor.Igloo
Win32.Backdoor.Kelebek
Win32.Backdoor.Lamiun
Win32.Backdoor.Latinus
Win32.Backdoor.Levitous
Win32.Backdoor.Netbus +2
Win32.Backdoor.Neurotic
Win32.Backdoor.Nugry
Win32.Backdoor.Psybot
Win32.Backdoor.QBot
Win32.Backdoor.Sensive
Win32.Backdoor.Sinowal
Win32.Backdoor.Splitter
Win32.Backdoor.Spyman
Backdoor.Visel

DOWNLOADERS
Win32.TrojanDownloader.BAT.ref Downloaders are programs designed to retrieve and install additional files. Downloaders can be useful tools for consumers to automate upgrades of essential software such as operating system upgrades, browsers, anti-virus applications, anti-spyware tools, games and other useful applications. Unauthorized downloaders are used by third parties to download potentially unwanted software without user notification or consent. 
Win32.TrojanDownloader.BittorrentSmart
Win32.TrojanDownloader.Darpa
Win32.TrojanDownloader.Dyfuca
Win32.TrojanDownloader.Envolo
Win32.TrojanDownloader.Exemas
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Gida
Win32.TrojanDownloader.Inflict
Win32.TrojanDownloader.Lexbac
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.Pixar
Win32.TrojanDownloader.Taman
Win32.TrojanDownloader.WebDL

NUKERS 
Win32.Nuker.Beer Nukers are used to harm other computers over the Internet, making them crash or reboot.
Win32.Nuker.CGSi
Win32.Nuker.Click
Win32.Nuker.Crow
Win32.Nuker.Die
Win32.Nuker.Divine

PASSWORDS STEALERS
Win32.Trojan-PSW.Hangame Password stealers can steal user passwords on an infected system, compromising system security and user privacy.
Win32.Trojan-PWS.Defeg
Win32.Trojan-PWS.Folin
Win32.Trojan-PWS.Gip
Win32.TrojanPWS.Mapper

ROGUE ANTI-SPYWARE APPLICATIONS
AdwareKiller Rogue anti-spyware applications are programs that may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.
AntispySpider
MacroAV
MalwareWar
DataHealer
PC-Antispyware
PC-Cleaner
PCSuperCharger
SpySoap
SpywareRemoval
SystemGuard
TheLastDefender
WinXProtector
VIPAntiSpyware

VIRUSES 
Win32.Virus.Aliser Viruses are code that recursively replicate a possibly evolved copy of itself. Viruses infect a Host File or system area, or they simply modify a reference to such objects to take control and then multiply again to form new generations.
Win32.Virus.Anuir
Win32.Virus.Apoc
Win32.Virus.Arch
Win32.Virus.Asorl
Win32.Virus.Boru
Win32.Virus.Gobi
Win32.Virus.Hantaner
Win32.Virus.HLLPShed
Win32.Virus.Mead
Win32.Virus.Nuke
Win32.Virus.Parity
Win32.Virus.WYX

WORMS
Win32.Worm.Ainjo Worms are network malware, primarily replicating on networks. Usually, a worm will execute itself automatically on a remote machine without any extra help from a user. However, there are worms, such as mass-mailer worms, that will not always automatically execute themselves without the help of a user. 
Win32.Worm.Anap
Win32.Worm.Anker
Win32.Worm.Anset
Win32.Worm.Banof
Win32.Worm.Beloy
Win32.Worm.Bozori
Win32.Worm.Cekar
Win32.Worm.CodeRed
Win32.Worm.Coronex
Win32.Worm.Dedler
Win32.Worm.DenisBee
Win32.Worm.Denit
Win32.Worm.Desor
Win32.Worm.Domwoot
Win32.Worm.Donk
Win32.Worm.Drefir
Win32.Worm.Gaga
Win32.Worm.Haiku
Win32.Worm.Hardoc
Win32.Worm.Hiberium
Win32.Worm.Hybris
Win32.Worm.Kilonce
Win32.Worm.Kitro
Win32.Worm.Leave
Win32.Worm.Magef
Win32.Worm.Magistr
Win32.Worm.Music
Win32.Worm.Mylife
Win32.Worm.MyPics
Win32.Worm.NanSpy
Win32.Worm.Navidad
Win32.Worm.Netres
Win32.Worm.Newpic
Win32.Worm.Nitter
Win32.Worm.Nooler
Win32.Worm.Nulprot
Win32.Worm.Paukor
Win32.Worm.Pervloga
Win32.Worm.Petik
Win32.Worm.Pinom
Win32.Worm.Plexis
Win32.Worm.Rbot
Win32.Worm.Restud
Win32.Worm.RunOnce
Win32.Worm.Sachiel
Win32.Worm.SDBot
Win32.Worm.Sever
Win32.Worm.Shorm
Win32.Worm.Slackor
Win32.Worm.Socks
Win32.Worm.SouthPark
Win32.Worm.Stration
Win32.Worm.Trafaret
Win32.Worm.Watcher
Win32.Worm.Xanax
Win32.Worm.Yarner
Win32.Worm.Zhangpo
Win32.Worm.ZippedFiles
Win32.Worm.Zoek
Win32.P2PWorm.BAT

MISCELLANEOUS  MALWARE This grouping contains programs with malicious intentions, including backdoors and Trojans.
Win32.FakeCodec.Nicecodec Win32.FakeCodec.Nicecodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence by concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications nor by the users on the infected system. This malware may have to be removed manually. Affected users may seek further help at the Lavasoft Support Forums.
Win32.Flooder.AnonMail Win32.Flooder.AnonMail allows an attacker to send massive amounts of data to a specific target.
Win32.Packed.PolyCrypt Win32.Packed.PolyCrypt installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Baord Win32.Trojan.Baord installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Bocata Win32.Trojan.Bocata installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.JunkPoly Win32.Trojan.JunkPoly installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Matcash Win32.Trojan.Matcash installs itself as a Trojan. It may also download additional files to the infected system.
Win32.Trojan.Pandora Win32.Trojan.Pandora is a Trojan horse program that may copy additional malware files on the infected computer, compromising system security and user privacy.
Win32.Trojan.Wigon Win32.Trojan.Wigon installs itself as a Trojan. It may also download additional files to the infected system.
Win32.TrojanClicker.BHO Win32.TrojanClicker.BHO may cause Internet Explorer to contact a target webpage without the user's knowledge or consent. Win32.TrojanClicker.BHO may then falsify data about the number of times the webpage is visited.
Win32.TrojanProxy.Jubon Win32.TrojanProxy.Jubon allows remote access to the computer and directs traffic to the Internet without the consent of the user.
Win32.TrojanProxy.Steredir Win32.TrojanProxy.Steredir allows remote access to the computer and directs traffic to the Internet without the consent of the user.
Win32.TrojanSpy.Banbra Win32.TrojanSpy.Banbra is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.
Win32.TrojanSpy.Banpaes Win32.TrojanSpy.Banpaes is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.
Win32.TrojanSpy.Beaster Win32.TrojanSpy.Beaster is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.
Win32.TrojanSpy.Dearis Win32.TrojanSpy.Dearis is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.
Win32.TrojanSpy.Infospy Win32.TrojanSpy.Infospy is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.
Win32.TrojanSpy.Replor Win32.TrojanSpy.Replor is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.
Win32.TrojanSpy.SilentLog Win32.TrojanSpy.SilentLog is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.
Win32.Trojan-Dropper.EliteWrap Win32.Trojan-Dropper.EliteWrap will drop and try to install additional malicious files on the system.
Win32.TrojanDropper.ExeBinder Win32.TrojanDropper.ExeBinder will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.TrojanDropper.HeliosBinder Win32.TrojanDropper.HeliosBinder will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.TrojanDropper.Interlac Win32.TrojanDropper.Interlac will drop additional files on the infected system. These files are often other Trojans or downloaders.
Win32.Trojan-Dropper.Joiner Win32.Trojan-Dropper.Joiner will drop and try to install additional malicious files on the system.
Win32.Trojan-Dropper.Lmir Win32.Trojan-Dropper.Lmir will drop and try to install additional malicious files on the system.
Win32.TrojanDropper.ParaDrop Win32.TrojanDropper.ParaDrop can drop malware onto an infected computer, compromising system security.
Win32.TrojanDropper.ZomJoiner Win32.TrojanDropper.ZomJoiner can drop malware onto an infected computer, compromising system security.

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.

Threat Analysis (TA) Index

 
  home
Promo: Ad-Aware 2007 Plus and Pro (15% off discount) Buy Pro Learn More Buy Plus

$240 Million Amount of US dollars lost to web-based crime and fraud during 2007, as reported to the Internet Crime Complaint Center.
Source: 2007 Internet Crime Report

Identity theft is the fraudulent use of an individual’s personal information to steal money or get other benefits by pretending to be someone else.
Source: Wikipedia.org

It’s springtime and that means it’s the proverbial time to tackle the grime that’s built up in our homes over the past months – don’t leave out your PC! Get easy spring cleaning tips.

“I would like to thank you. I have been using Lavasoft’s Ad-Aware for several years…I have and continue to value your support in not allowing my machine to become a "zombie" that becomes a risk to other computer users within Australia and globally. Along with other security capabilities, it forms an integral part of my personal defenses.”
Harry in Adelaide, Australia

Lavasoft AB Lilla Bommen 1, 411 04 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com