Archive for May, 2007
Thursday, May 31st, 2007
This Trojan is a Windows PE EXE file. The file is 12 288 bytes in size.
Installation
When launched, the Trojan copies its executable file to the Windows root directory:
%WinDir%\??????.exe
In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan...
Posted in Virus Threats | Comments Off
Thursday, May 31st, 2007
This Trojan is a Windows PE EXE file. The file is 61 440 bytes in size.
Posted in Virus Threats | Comments Off
Wednesday, May 30th, 2007
This Trojan is designed to steal confidential data. This worm is a Windows PE EXE file. It is 569,344 bytes in size. It is not packed in any way. It is written in Delphi.
Installation
When launched, the Trojan creates the following files in its working directory:...
Posted in Virus Threats | Comments Off
Wednesday, May 30th, 2007
This worm is a Windows PE EXE file. The file is 88,826 bytes in size.
It is packed using Upack. The unpacked file is approximately 237KB in size.
Installation
When launched, the worm creates the following files:
%System%\dmimmsss.dll
%System%\dmimmsss.exe
The worm also creates the following...
Posted in Virus Threats | Comments Off
Wednesday, May 30th, 2007
This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to map domain names (DNS) to IP addresses. The modified file is 100 bytes in size. The file is modified in such a way as to prevent the user from viewing www.webmoney.ru.
The following strings are added to the hosts...
Posted in Virus Threats | Comments Off
Wednesday, May 30th, 2007
This Trojan installs other malicious programs to the victim machine without the knowledge or consent of the user. It is written in Visual Basic Script. The file is approximately 7KB in size.
Posted in Virus Threats | Comments Off
Wednesday, May 30th, 2007
This Trojan launches a proxy mail server on the victim machine. This Trojan is a Windows PE EXE file. The file is 239,616 bytes in size.
Installation
When launched, the Trojan copies its executable file to the Windows root directory:
%WinDir%\services.exe
In order to ensure that the Trojan is...
Posted in Virus Threats | Comments Off
Wednesday, May 30th, 2007
This Trojan is designed to steal confidential data. It is a Windows PE EXE file. It is 169,472 bytes in size. It is written in Delphi.
Installation
When launched, the Trojan copies itself to the Windows system directory as "system.exe":
%System%\system.exe
The Trojan then adds a...
Posted in Virus Threats | Comments Off
Wednesday, May 30th, 2007
This worm spreads via the Internet as an attachment to infected messages. The attachment does not contain a copy of the worm, but a component which downloads other malicious programs via the Internet.
Infected messages will be sent to all email addresses harvested from the victim machine.
The...
Posted in Virus Threats | Comments Off
Tuesday, May 29th, 2007
This backdoor provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. The file is 7,680 bytes in size.
Installation
When launching, the backdoor extracts the following file from its body (this file is 6144 bytes in size):
%System%\perfc000.dat
In order to...
Posted in Virus Threats | Comments Off
Tuesday, May 29th, 2007
This Trojan is a Windows PE EXE file. It is 15,904 bytes in size.
Installation
When launched, the Trojan copies its executable file to the Windows root directory:
%WinDir%\sproc32.exe
In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan adds a link to...
Posted in Virus Threats | Comments Off
Tuesday, May 29th, 2007
This malicious program is a worm which runs under Symbian.
The worm itself is a SIS file. The file is 13,200 bytes in size.
It spreads via Bluetooth.
Posted in Virus Threats | Comments Off
Friday, May 25th, 2007
This Trojan is designed to steal user passwords.
It is a Windows PE EXE file. The size of the infected file may vary between 21KB to 86KB. It is packed using FSG.
Posted in Virus Threats | Comments Off
Friday, May 25th, 2007
This Trojan program is designed to run on smartphones running Symbian.
The Trojan is a SIS installation archive. The Trojan has no self replication routine.
Trojan-SMS.SymbOS.Viver.a actually covers two variants of this malicious program.
The first is an archive called RulesViver.sis. It is 42,...
Posted in Virus Threats | Comments Off
Thursday, May 24th, 2007
This malicious program has two components. The first is a file containing a script written in Visual Basic Script. The second is a command interpreter packet file. The components vary in size from 483 to 1368KB.
Posted in Virus Threats | Comments Off