TIP: Click on subject to list as thread! ANSI
echo: virus
to: ALL
from: KURT WISMER
date: 2008-01-13 18:02:00
subject: News, January 13 2008
[cut-n-paste from sophos.com]

Name   Troj/FakeVir-AO

Type  
    * Trojan

Affected operating systems  
    * Windows

Side effects  
    * Modifies data on the computer
    * Drops more malware
    * Downloads code from the internet
    * Installs itself in the Registry

Aliases  
    * Trojan-Downloader.Win32.Bojo.ae
    * TR/Zlob.13312
    * Puper
    * TrojanDownloader:Win32/Renos.AV

Prevalence (1-5) 2

Description
Troj/FakeVir-AO is a Trojan for the Windows platform.

Advanced
Troj/FakeVir-AO is a Trojan for the Windows platform.

Troj/FakeVir-AO displays fake messages to the user saying the computer 
is infected to try and coax them into buying fraudulent cleanup product.





Name   Troj/Psyme-GW

Type  
    * Trojan

How it spreads  
    * Web browsing

Affected operating systems  
    * Windows

Side effects  
    * Downloads code from the internet
    * Exploits system or software vulnerabilities

Aliases  
    * Trojan-Downloader.JS.Agent.aro
    * VBS_PSYME.BFG

Prevalence (1-5) 2

Description
Troj/Psyme-GW is a downloader Trojan for the Windows platform.

Troj/Psyme-GW arrives by browsing websites whose HTML pages contain the 
script or a SRC= link to the script.

Advanced
Troj/Psyme-GW is a downloader Trojan for the Windows platform.

Troj/Psyme-GW is a Visual Basic script which arrives by browsing 
websites whose HTML pages contain the script or a SRC= link to the 
script.

If the browser has ActiveX enabled or the user allows the script to run 
when prompted, the script attempts to exploit the ADODB stream 
vulnerabilty associated with Microsoft Internet Explorer to download a 
remote file to \commomds.exe and then execute this file.





Name   Troj/Rootkit-BP

Type  
    * Trojan

Affected operating systems  
    * Windows

Side effects  
    * Modifies data on the computer
    * Reduces system security

Aliases  
    * Trojan-Proxy.Win32.Wopla.as
    * TR/Rootkit.Gen
    * Rkit/Agent.EZ
    * RTKT_AGENT.AJAY
    * RTKT_AGENT.AJAZ

Prevalence (1-5) 2

Description
Troj/Rootkit-BP is a Trojan for the Windows platform.





Name   Troj/Telemot-D

Type  
    * Trojan

Affected operating systems  
    * Windows

Aliases  
    * Backdoor.Win32.Telemot.e

Prevalence (1-5) 2

Description
Troj/Telemot-D is a backdoor Trojan for the Windows platform.





Name   Troj/Telemot-D

Type  
    * Trojan

Affected operating systems  
    * Windows

Aliases  
    * Backdoor.Win32.Telemot.e

Prevalence (1-5) 2

Description
Troj/Telemot-D is a backdoor Trojan for the Windows platform.





Name   W32/Vora-A

Type  
    * Worm

How it spreads  
    * Network shares

Affected operating systems  
    * Windows

Side effects  
    * Installs itself in the Registry

Prevalence (1-5) 2

Description
W32/Vora-A is a worm for the Windows platform.

Advanced
W32/Vora-A is a worm for the Windows platform.

When first run W32/Vora-A copies itself to \svfhost.exe and 
creates the following files:

\KaZaA\My Shared Folder\Aim.Hacker.zip
\KaZaA\My Shared Folder\Counterstrike.Source.aimbot.zip
\KaZaA\My Shared Folder\Hotmail.Hacker.zip
\KaZaA\My Shared Folder\MSN.Hacker.zip
\KaZaA\My Shared Folder\Universal-Keygen.zip
\KaZaA\My Shared 
Folder\Virtua.Girl.Serial.Pack.wih.10.Girls-TorrentZ.zip
\KaZaA\My Shared 
Folder\Windows.Activation.Crack.Final-ETH0.zip
\KaZaA\My Shared 
Folder\Windows.Live.Messenger.Beta.Serial.Generator-PARADOX.zip
\KaZaA\My Shared Folder\XXX.Passes.Juli.2007.zip
\KaZaA\My Shared Folder\Xbox.Live.Serial.Generator.zip


The following registry entry is created to run svfhost.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Service Host Manager Windwos w32
\svfhost.exe





Name   Troj/Mbroot-A

Type  
    * Trojan

How it spreads  
    * Web downloads

Affected operating systems  
    * Windows

Side effects  
    * Allows others to access the computer
    * Downloads code from the internet

Aliases  
    * Trojan.Mebroot
    * rojan.Win32.Agent.dsj
    * TROJ_AGENT.APA

Prevalence (1-5) 2

Description
Trojan/Mbroot-A is a Trojan that infects Master Boot Record code in a 
fashion similar to DOS boot sector viruses.

The code installed in the MBR is used to install a rootkit in an early 
stage of the bootup process. The rootkit hides the presence of malware 
on the system.

Advanced
Troj/Mbroot-A includes functionality to access the internet and 
communicate with a remote server via HTTP.

When Troj/Mbroot-A is installed it creates the file \cln2.tmp. 
The file cln2.tmp is detected as Mal/Sinowa-A.

[Moderator's note: i actually wrote about this piece of malware on my 
blog - it turns out it's based on a mbr-based 'rootkit' that 
researchers from eEye digital security developed and released to the 
public and that eEye is still hosting on their website... i guess 
some people are less concerned about being part of the problem than 
others...]

 
--- MultiMail/Win32 v0.43
* Origin: Doc's Place BBS Fido Since 1991 docsplace.tzo.com (1:123/140)
SEEN-BY: 10/1 3 14/300 34/999 90/1 120/228 123/500 134/10 140/1 222/2 226/0
SEEN-BY: 249/303 261/20 38 100 1381 1404 1406 1418 266/1413 280/1027 320/119
SEEN-BY: 393/68 633/260 262 267 285 712/848 800/432 801/161 189 2222/700
SEEN-BY: 2320/100 105 200 2905/0
@PATH: 123/140 500 261/38 633/260 267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.