Main Menu
Home
Sausalito Shoreline
2008 Board Members
Documents/FAQs
Community
Clubhouse
BBS
Links
Search
News Flashes
News Feeds
Disaster Contacts
Calendar
Yahoo Group
Login Form
Username

Password

Remember me
Password Reminder
Latest Events
Tue, Sep 16th, 2008, @7:30pm- 9:00pm
Monthly Board Meeting 7:30
Thu, Sep 18th, 2008, @8:00pm- 9:00pm
Friends of Lake Howell Board Meeting
News feeds
Trend Micro - Newest Malware Advisories
TREND MICRO provides free malware information updates

  • TROJ_FAKEALER.IO

    A Trojan horse program is a malware that is not capable of automatically spreading to other systems. Trojans are usually downloaded from the Internet and installed by unsuspecting users.

    Trojans typically carry payloads or other malicious actions that can range from the mildly annoying to the irreparably destructive. They may also modify system settings to automatically start. Restoring affected systems may require procedures other than scanning with an antivirus program.



  • WORM_SOHANAD.DR

    To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

    WORM_SOHANAD.DR Behavior Diagram

    Malware Overview

    This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be dropped by other malware.

    It may be downloaded from a remote site. This worm drops copies of itself. Note that the drop paths are harcoded within this worm's code. However, this dropping routine fails to execute on systems running Windows 2000 and Windows NT.

    This worm creates registry entries to enable its automatic execution at every system startup.

    This worm sends email using MAPI (Messaging Application Programming Interface) via MS Outlook. It sends email to all addresses listed in the MS Outlook address book with copies of itself as attachments.

    It may also connect to Web sites to download an updated copy of itself. However, the said Web sites are inaccessible as of this writing.



  • TROJ_AGENT.GZT

    This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites. It may arrive as a .DLL file that exports functions used by other malware.

    It drops copies of itself. It is injected into processes running in memory.

    It accesses Web sites to download file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system.



  • WORM_AUTORUN.BNH

    This worm drops a copy of itself upon execution.

    Through system registry modification, it then registers itself as a system service to ensure its automatic execution at every system startup.

    To propagate, it drops copies of itself in all available physical and removable drives. It drops a file that allows it to automatically execute dropped copies when the drives are accessed.

  • TROJ_SMALL.KAS

    This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware.

    It drops copies of itself. It drops files/components.

    It creates registry entries to enable its automatic execution at every system startup. It also creates and modifies registry key(s)/entry(ies) as part of its installation routine.

    It drops component files.

    It deletes itself after execution.



  • TROJ_TIBS.CLZ

    This Trojan may be downloaded from certain remote sites by HTML_DLOADER.PCS.

    It drops a copy of itself upon execution and then registers itself as a system service to ensure its automatic execution at every system startup.

  • PE_PATCHED.EC

    File infectors infect executable files, usually Windows portable executables. They infect by incorporating their malicious code into executable files such that when the infected file is opened, the malicious code is also executed.

    File infectors may come with other capabilities. Many viruses open backdoor access ports that allow remote users to manipulate affected systems, while some can spread into other computers.

    Infected files are typically cleanable - they can be reverted back to their clean states. However, restoring affected systems may require procedures other than scanning with an antivirus program.



  • TROJ_GAMET.BH

    This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites. It may arrive as a .DLL file that exports functions used by other malware. It is injected into processes running in memory.

    It is a component of the following malware families:

    It is used by other malware for its information theft functionalities. However, it requires its main component to perform its intended routine.



  • TROJ_DLOADER.VIN

    This Trojan may be downloaded from a remote site. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

    Upon execution, this Trojan drops several component files, some of which are detected by Trend Micro as BKDR_SMALL.EKS. It then executes the dropped files. As a result, malicious routines of the dropped files are exhibited on the affected system. It then registers itself as a system service to ensure its automatic execution at every system startup.

    It adds a reference to a non-existent file to the Layered Service Provider (LSP) chain by modifying a registry entry. It deletes itself after execution.

    It connects to URLs to download malicious files detected by Trend Micro as follows:

    • TROJ_PROSCKS.AG
    • TROJ_PROSCKS.AF
    • TROJ_GAMETHIE.EU
    • TROJ_DLOADER.AAAG
    • TROJ_PROSCKS.AC
    • DIAL_CBHQ
    • TSPY_ONLINEG.RMH
    • TSPY_GAMPASS.EU

    It saves the downloaded files in the Windows system folder. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

[ Back ]

Powered by The Mambo Open Source Project · Two Shoes Mambo Factory · MOS-Chat
Donated and maintaned by Pixel Pluckers · Email Webmaster