Archive for the ‘Encyclopedia viruses’ Category

Virus Alert

The company “Doctor Web” – a Russian developer of IT security – informs spreading the modification of the Trojan family Trojan.Mayachok, added to Dr.Web virus database named Trojan.Mayachok.17516. Despite the fact that this threat has a certain similarity to the widespread Trojan Trojan.Mayachok.1, in its architecture and identified a number of significant differences.

Trojan.Mayachok.17516 is a shared library that is installed with the operating system using a dropper, which, being an executable, in general, decrypts and copies the library to disk. If your operating system is enabled UAC (User Accounts Control, UAC), dropper copies itself to a temporary folder named flash_player_update_1_12.exe and launched for execution.

(more…)

Virus AlertTrojan.Maljava!gen23 is a heuristic detection for files attempting to exploit the Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability.

Technical details

Systems Affected:

Windows NT, Windows XP,Windows Server 2003, Windows Server 2008,Windows Vista, Windows 7, Solaris, Mac OS X, Linux, Windows 2000

CVE References: CVE-2012-1723

Technical details

Files that are detected as Trojan.Maljava!gen23 are considered malicious. We suggest that any files you believe are incorrectly detected be submitted to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples. (more…)

Wordpress VulnerabilityAffected products: Count Per Day 3.x (plugin for WordPress)

Affected versions: WordPress Count Per Day version to 3.2.3.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to insufficient input validation in the search bar. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. (more…)

Virus AlertTrojan.Win32.Jorik.Carberp.hb – Spyware is designed to steal confidential user data.

Technical details

Spyware is designed to steal confidential user data. It is a Windows (PE-EXE file). Has a size of 233,867 bytes. Packed with an unknown packer. Unpacked size – about 242 KB. Written in C + +.

Installation

After you activate the Trojan takes interceptors installed in System Service Descriptor Table (SSDT).

Further copies its body to the startup folder of the current user Windows:

% Documents and Settings% \% Current User% \ Start Menu \ Programs \ Startup \ igfxtray.exe

Thus, a copy of the Trojan is launched automatically each time the system. (more…)

Virus AlertTrojan.Win32.Delf.cbbm – Trojan provides a remote malicious user with access to the infected computer.

Technical details

Trojan provides a remote malicious user with access to the infected computer. Is a dynamic library Windows (PE DLL-file). Has a size of 751,725 ​​bytes. It is written in Delphi.

Destructive activity

After you activate the Trojan connects to one of the following servers attacker:

cache.dyndns.tv docs.dyndns.org dns.dellsupports.com krb.dellsupports.com
An attacker’s server the following information: (more…)

Virus AlertTrojan-Downloader.Win32.Small.bzmk – Trojan without the user downloads another software and launches it for execution.

Technical details

Trojan without the user downloads another software and launches it for execution. It is a Windows (PE-EXE file). Has a size of 8192 bytes. Written in C + +.

Destructive activity

After deciphering its rows Trojan downloads a file from the following URL:

http://csitec.com.br/img/f.php

Trojan downloaded file will be saved as “CIuC.exe”: (more…)

Virus AlertMalware Trojan.Win32.Sasfis.utv – Trojan has a destructive effect on the user’s computer.

Technical details

Trojan has a destructive effect on the user’s computer. The program itself is a Windows (PE EXE-file). Has a size of 19,456 bytes. Written in C + +.

Destructive activity

After starting the Trojan decrypts and extracts from his body in the temporary directory of the current user file:

% Temp%<rnd1> . tmp

Where <rnd1> – random set of numbers and letters of the alphabet. (more…)

Virus AlertTrojan.Win32.VkHost.coc – Trojan has a destructive effect on the user’s computer.

Technical details

Trojan has a destructive effect on the user’s computer. The program itself is a Windows (PE EXE-file). Has a size of 418,304 bytes. It is written in Delphi.

Destructive activity

After starting the Trojan overwrites the original file “hosts”:

C: \ WINDOWS \ system32 \ drivers \ etc \ hosts

Writing into this file: (more…)

Virus AlertBackdoor.Win32.Agent.bhyr – Trojan provides a remote malicious user with access to the infected computer.

Technical details

Trojan provides a remote malicious user with access to the infected computer. The program itself is a Windows (PE-EXE file). Has a size of 107,170 bytes. Written in C + +.

Destructive activity

When you run the backdoor retrieves file from its body and saves it under the following name:

% SystemDrive% \ Documents and Settings \ Local User \ lss.dal

This file is 17916481 bytes detected by Kaspersky Antivirus as Backdoor.Win32.Agent.bhyr. (more…)

Virus AlertMalware Backdoor.Win32.Bredavi.byc – A malicious program that provides the user remote access to an infected machine.

Technical details

A malicious program that provides the user remote access to an infected machine. The program itself is a Windows (PE DLL-file). Has a size of 26,113 bytes. Written in C + +.

Installation

The Trojan copies its body to the Windows system directory under the name “xxtr.lro”: (more…)