Antivirus09 (or Antivirus’09) is a new rogue that follows the normal rogue procedure. It is distributed through a web page that presents the user with a fake online scanner.

 

 

 

 

 

 

 

 

 


0148.0008 is now available for Ad-Aware AE.

New definitions:
====================
Win32.TrojanDownloader.Sconerat
Win32.TrojanDownloader.Tiltee
Win32.TrojanDropper.Comsa

Updated definitions:
====================
SweetIM
Win32.Adware.Agent
Win32.Adware.BHO
Win32.Adware.NaviPromo
Win32.Backdoor.Agent
Win32.Backdoor.Bifrose
Win32.Backdoor.CiaDoor
Win32.Backdoor.Delf
Win32.Backdoor.Hupigon
Win32.Backdoor.IEBooot
Win32.Backdoor.Inject
Win32.Backdoor.IRCBot
Win32.Backdoor.Joleee
Win32.Backdoor.KeyStart
Win32.Backdoor.mIRC-based
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.Prosti
Win32.Backdoor.rat
Win32.Backdoor.Small
Win32.Backdoor.UltimateDefender
Win32.Backdoor.VB
Win32.Backdoor.Vipdataend
Win32.Backdoor.WootBot
Win32.Dialer.Trojan
Win32.FraudTool.SystemProtector
Win32.FraudTool.SystemSecurity
Win32.Monitor.Perflogger2
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.VB
Win32.Rootkit.Agent
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.Alureon
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Chifrax
Win32.Trojan.Delf
Win32.Trojan.FakeAlert
Win32.Trojan.Fraudpack
Win32.Trojan.Inject
Win32.Trojan.KillAV
Win32.Trojan.Meredrop
Win32.Trojan.Midgare
Win32.Trojan.Mitglieder
Win32.Trojan.Monder
Win32.Trojan.Obfuscated
Win32.Trojan.Pakes
Win32.Trojan.Punad
Win32.Trojan.Qhost
Win32.Trojan.Silentbanker
Win32.Trojan.Slefdel
Win32.Trojan.Small
Win32.Trojan.Spy
Win32.Trojan.TDSS
Win32.Trojan.Vapsup
Win32.Trojan.VB
Win32.TrojanClicker.Agent
Win32.TrojanClicker.VB
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Busky
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Dlkroha
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Hilldoor
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Losabel
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.VB
Win32.TrojanDropper.Agent
Win32.TrojanDropper.BHO
Win32.TrojanDropper.Small
Win32.TrojanDropper.VB
Win32.TrojanProxy.Mitglieder
Win32.TrojanProxy.Small
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Delf2
Win32.TrojanPWS.Ganhame
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.Mapler
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.QQGame
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.WOW
Win32.TrojanRansom.Hexzone
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Pophot
Win32.TrojanSpy.VB
Win32.TrojanSpy.Zbot
Win32.Worm.Downloader
Win32.Worm.Kido
Win32.Worm.Koobface
Win32.Worm.Mabezat
Win32.Worm.Runouce
Zango

MD5 checksum is ed1e9937f8df4ba966cfe4b1ae2143bb

0148.0007 is now available for Ad-Aware AE.

Minor Fix Release

New definitions:
====================

====================

MD5 checksum is e22709d965e99d243c7f355586609fb5

0148.0006 is now available for Ad-Aware AE.

New definitions:
====================
Win32.Backdoor.Buzus
Win32.Dialer.Plsex
Win32.Flooder.AngryPing
Win32.Trojan.AntiAV
Win32.Trojan.Winkush
Win32.TrojanDownloader.Cafys
Win32.TrojanDropper.FraudDrop
Win32.TrojanSpy.Nano

Updated definitions:
====================
Win32.Adware.BDSearch
Win32.Adware.CDN
Win32.Adware.NaviPromo
Win32.Adware.SuperJuan
Win32.Adware.Virtumonde
Win32.Adware.ZenoSearch
Win32.Backdoor.Agent
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bot
Win32.Backdoor.CmjSpy
Win32.Backdoor.Delf
Win32.Backdoor.Flyagent
Win32.Backdoor.HacDef
Win32.Backdoor.Hupigon
Win32.Backdoor.IEBooot
Win32.Backdoor.IRCBot
Win32.Backdoor.Nepoe
Win32.Backdoor.PcClient
Win32.Backdoor.Poison
Win32.Backdoor.Prorat
Win32.Backdoor.RBot
Win32.Backdoor.Rustock
Win32.Backdoor.Turkojan
Win32.Backdoor.UltimateDefender
Win32.Backdoor.VB
Win32.Backdoor.Zaratustra
Win32.Backdoor.Zdoogu
Win32.BackdoorIRC.Zapchast
Win32.Dialer.AsianRaw
Win32.Dialer.IntexusDial
Win32.Exploit.Pidief
Win32.Flooder.Yahoo
Win32.FraudTool.Antivirus2009
Win32.FraudTool.Antivirus2010
Win32.FraudTool.MSAntispyware2009
Win32.FraudTool.SpywareRemover2009
Win32.FraudTool.VirusRemover2009
Win32.Hoax.Renos
Win32.Monitor.ActualSpy
Win32.Monitor.Ardamax
Win32.Monitor.Perflogger
Win32.Monitor.PowerLogger
Win32.P2PWorm.Agent
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Malas
Win32.P2PWorm.Nugg
Win32.P2PWorm.Small
Win32.P2PWorm.VB
Win32.Rootkit.Agent
Win32.Rootkit.Mag
Win32.Rootkit.Podnuha
Win32.Rootkit.Protector
Win32.Rootkit.Ressdt
Win32.Rootkit.Small
Win32.Rootkit.TDSS
Win32.Rootkit.Tiny
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.AutoIT
Win32.Trojan.Autorun
Win32.Trojan.AVKill
Win32.Trojan.Bagle
Win32.Trojan.BHO
Win32.Trojan.BHOLamp
Win32.Trojan.BkClient
Win32.Trojan.Buzus
Win32.Trojan.Cafelom
Win32.Trojan.Cdur
Win32.Trojan.Delf
Win32.Trojan.DNSchanger
Win32.Trojan.Downloader
Win32.Trojan.FakeAlert
Win32.Trojan.FlyStudio
Win32.Trojan.Fraudpack
Win32.Trojan.Humor
Win32.Trojan.Inject
Win32.Trojan.Jevafus
Win32.Trojan.KillAV
Win32.Trojan.Kilva
Win32.Trojan.Kolweb
Win32.Trojan.Loader
Win32.Trojan.Mifeng
Win32.Trojan.MMM
Win32.Trojan.Monder
Win32.Trojan.Obfuscated
Win32.Trojan.Olmarik
Win32.Trojan.Pakes
Win32.Trojan.Qhost
Win32.Trojan.Ramag
Win32.Trojan.Refpron
Win32.Trojan.Renaz
Win32.Trojan.Sadenav
Win32.Trojan.Small
Win32.Trojan.Spamer
Win32.Trojan.Spy
Win32.Trojan.StartPage
Win32.Trojan.Stuh
Win32.Trojan.TDSS
Win32.Trojan.Tiny
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.VB
Win32.TrojanClicker.Agent
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Boltolog
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Dlkroha
Win32.TrojanDownloader.FakeAlert
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Kido
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.Renos
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Swf
Win32.TrojanDownloader.Swizzor
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.Zlob
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Aholic
Win32.TrojanDropper.BatCloner
Win32.TrojanDropper.BHO
Win32.TrojanDropper.Binder
Win32.TrojanDropper.Delf
Win32.TrojanDropper.FraudLoad
Win32.TrojanDropper.IRC
Win32.TrojanDropper.Kido
Win32.TrojanDropper.MSWordAgent
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.ScriptDrop
Win32.TrojanDropper.Small
Win32.TrojanDropper.Sramler
Win32.TrojanDropper.VB
Win32.TrojanDropper.Wlord
Win32.TrojanProxy.Agent
Win32.TrojanPWS.Agent
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lineage
Win32.TrojanPWS.Magania
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.Steam
Win32.TrojanPWS.WOW
Win32.TrojanPWS.YahooVB
Win32.TrojanRansom.Hexzone
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Zbot
Win32.Worm.Agent
Win32.Worm.Allaple
Win32.Worm.Amiricil
Win32.Worm.AutoTDSS
Win32.Worm.Brontok
Win32.Worm.Bropia
Win32.Worm.Flooder
Win32.Worm.Hipak
Win32.Worm.Huhk
Win32.Worm.Iksmas
Win32.Worm.IRCBot
Win32.Worm.Kido
Win32.Worm.Mabezat
Win32.Worm.Nikmat
Win32.Worm.Otwycal
Win32.Worm.Podik
Win32.Worm.Rbot
Win32.Worm.Runouce
Win32.Worm.Slenfbot
Win32.Worm.Sober
Win32.Worm.Sohanad
Win32.Worm.Sramota
Win32.Worm.Waledac
Win32.Worm.VB
Win32.Worm.Viking
Win32.Worm.Zhelatin

MD5 checksum is 941940757492467111112cddac202015

The 1st of April marked the end of an era - support of the Ad-Aware SE definition file was discontinued.


New Rogue: System Protector

by LS Anders on April 2nd, 2009 in Rogues.

System Protector is yet another rogue anti-virus program.  It comes with the normal pretty homepage with some fake press reviews, etc.

 

 

 

 

 

 

 

 

 

 

 


The recent extensive media coverage of the Conficker worm (see previous blog post) has also attracted the creators of rogue anti-malware software. Pages that claim to show how to get rid of this pest have been hijacked by fake scanners that promote rogue software. Another tactic has been to create pages that offer a product, claiming it will remove Conficker. An example is shown below.