Downloader.DCM – A Trojan Horse that installs Dumador.BC (below)
on the infected machine. The Downloader.DCM code must be spread
manually and attempts to hide from firewalls and other security
applications. (Panda Software)
Dumador.BC – A remote control tool that is dropped by
Download.DCM. It also disables anti-virus applications on the
affected machine. (Panda Software)
Looxee – A hacker tool that can be used to monitor activity on
an infected machine, including e-mails, chats and other
applications. (Panda Software)
W32/Mytob-BI – A new variant of the Mytob e-mail/network share
worm. This version drops “winsys33.exe” on the infected machine
and can limit access to security Web sites by modifying the
Windows HOSTS file. The infected e-mail message looks like an
account suspended warning. (Sophos)
W32/Mytob-GZ – Another Trojan that can be controlled through an
IRC connection. This Mytob variant drops “taskmr.exe” on the
infected machine. It’s e-mails look like a status report or
delivery failure message. (Sophos)
W32/Mytob-BQ – Batting for a triple with Mytob, that variant
installs itself as “winxpserv.exe” on the infected machine. It
too limits access to the security Web sites by modifying the
Windows HOSTS file. (Sophos)
W32/Rbot-KX – An Rbot variant that allows backdoor access
through IRC and can be used for a number of malicious purposes,
including running proxy servers on the infected machine and
logging keystrokes. It spreads through network shares and drops
“iiexplorer.exe” in the Windows System folder. (Sophos)
W32/Rbot-AFR – This Rbot variant exploits a couple different
Windows vulnerabilities as it spreads through shared network
drives. It too can allow control through IRC and be used for a
number of malicious purposes. It installs “syspci32.exe” in the
Windows System folder. (Sophos)
W32/Sdbot-ZM – A Trojan that installs itself as “nawdll32.exe”
in the Windows System directory. It spreads through network
shares and allows backdoor access via IRC. It can act as an FTP
server and download/execute additional code. (Sophos)
W32/Sdbot-YW – Another Sdbot variant that allows control of the
infected machine via IRC. YW drops “hmusvc32.exe” in the Windows
System folder. (Sophos)
W32/Sdbot-ZO – Our third Sdbot variant today acts much the same
way as the previous two. It’s infected file is “burndl32.exe”.
(Sophos)
Troj/Bizves-B – A downloader Trojan that installs as
“popcorn.exe”. (Sophos)
W32/Randon-AN – Another Trojan horse application that attempts
to provide access to the infected host through IRC. It drops a
number of files on the target machine, including “app.exe” and
“netservup.exe”. (Sophos)
**********
NetworkWorld