Troj/Banker-HC – Another information stealing worm that targets
Brazilian banking Web sites. It uses a random filename as its
infection point. (Sophos)
Troj/Banker-DV – This variant of the Banker worm family installs
itself as “winlogin.exe”. (Sophos)
Troj/Banker-DB – Another banker variant. This one attempts to
mail stolen info to a predefined e-mail address. (Sophos)
W32/Chode-C – A worm that spreads through MS Messenger with a
message “hey, is this you?” followed by a link to the virus
itself. If executed, the virus will display a fake error
message. It can be used for a number of malicious applications
such as sending e-mail, participating in DoS attacks and steal
passwords. (Sophos)
W32/Rbot-AEJ – A new Rbot variant that spreads by exploiting a
number of known Windows vulnerabilities. It can be used for
malicious function such as HTTP proxying, downloading code,
stealing local information and participating in DoS attacks. It
installs itself as “system.exe”. (Sophos)
W32/Mytob-BD – A new Mytob mass-mailing and backdoor Trojan that
drops “test2.exe” on the infected machine. The malicious e-mail
looks like an account validation or system warning message. It
prevents access to security-related sites by modifying Windows
HOSTS file. (Sophos)
W32/Mytob-U – This Mytob variant is similar to its predecessors
in the way it spreads. It drops “LienVdK.exe” on the infected
machine. (Sophos)
W32/Mytob-AO – A Mytob variant that exploits the Windows LSASS
flaw to infect the machine. It installs “taskgm.exe” on the
host. (Sophos)
W32/Mytob-AP – This variant spreads through an attachment with a
double extension or as a ZIP. It can provide backdoor access
through IRC and limit access to certain Web sites by modifying
the Windows HOSTS file. (Sophos)
W32/Mytob-AQ – This variant is similar to the others. It drops
“Lien Vande Kelder.exe” on the infected machine. (Sophos)
W32/Tirbot-G – A network worm that exploits the Windows LSASS
vulnerability to infect a machine. It installs “mssvp.exe” on
the host and can be used to download additional malicious code.
(Sophos)
Troj/Lineage-O – A password stealing Trojan that targets the
game “Lineage”. It copies two files to the infected machine:
“explorer.exe” and “htdll.dll”. (Sophos)
W32/Francette-S – A Windows worm that exploits the RPC-DCOM
vulnerability in infect a machine. It provides backdoor access
via IRC and modifies the HOSTS file to prevent access to certain
sites. (Sophos)
Troj/Puppet-A – Another IRC backdoor worm that spreads through
network shares. This one drops “boot.exe” on the infected
machine. (Sophos)
W32/Kelvir-AE – A Windows Messenger worm that spreads through a
message “ahahhaa :p” followed by a URL. (Sophos)
Smitfraud – A new Spyware application that infects system files.
The application installs an anti-spyware program, then tries to
get users to pay for it when it finds an “infection.” (Panda
Software)
Skulls.L – A Trojan that infects Symbian phones. What makes it
different than most of the previous variants is that it pretends
to be an F-Secure anti-virus update. (F-Secure)
**********
NetworkWorld