W32/Rbot-AGH – An Rbot variant that exploits the Windows LSASS
and RPC-DCOM vulnerabilities as it spreads through network
shares. It installs “LimeWire.exe” on the infected machine and
allows backdoor access through IRC. (Sophos)
W32/Sdbot-ZM – This Sdbot variant exploits a number of known
Windows flaws in its attempt to infect a machine. If successful,
it drops “nawdll32.exe” in the Windows System directory and it
can allow backdoor access via IRC. (Sophos)
Troj/Drivol-A – A Trojan that attempts to download and run
malicious code from a remote Web site. It initially installs
“fvek.exe” on the infected machine. (Sophos)
W32/Mytob-BV – Wow, another Mytob variant. Again, it spreads
through e-mail and network shares, providing backdoor access to
the infected machine through IRC. This particular variant drops
“TimeManager.exe” on the infected machine. (Sophos)
Troj/Pyfls-A – Another Trojan that tries to download additional
malicious code from a preconfigured site. It drops “b.tmp” on
the infected host. (Sophos)
W32.Codbot.AL – A new bot that can be used to log keystrokes and
download malware. It spreads by exploiting some well-known
Windows vulnerabilities and provides unauthorized access through
IRC. (Panda Software)
W32.Semapi.A – An e-mail worm that uses variable message
attributes when it spreads. Fortunately, it does display the
message “semapi.dll” cannot be found. (Panda Software)