W32/Bagle.DW@mm is a mass-mailing worm that attempts to spread via network shares and peer-to-peer networks. Infected systems will send out copies of the worm as attachments via e-mail to addresses harvested from the machine. It also lowers security settings and attempts to download remote files. The worm also stops access to certain websites and stops certain processes from running. 

W97M/Kukudro.C is a macro based Trojan dropper for Microsoft Word. The Trojan arrives as a .zip in an e-mail attachment that contains a Word document with random name or the attachment could just be a word document. When this word document is opened on a victim machine, the macro silently executes and extracts an executable file (mWChEU.exe). It then executes mWChEU.exe (we detect this as W32/Sality.X).The auto execution of Microsoft Word Macros is due to the exploit MS01-034 (discovered April 23, 2001, patched June 21, 2001). This is mostly present in out-of-date systems. Once installed, the trojan attempts to go one of several websites to download DLL files to take control of certain applications. Most antivirus programs are aware of this trojan so always use antivirus software and always be safe.  

Security Experts are warning that they have spotted malware that exploits a flaw in the Mac OS X operating system. Mac released a patch for the flaw a few days ago. However, exploit code for the vulnerability has been posted on security websites, prompting the creation of the malware. OSX.Exploit.Launchd is a Trojan horse that exploits the Apple Mac OS X LaunchD Local Format String Vulnerability. It can provide root access on the Macintosh OSX version 10.4.6 or earlier. The virus opens a shell with full root privelages which is controllable by the attacker. Antivirus firm Symantec said that the actual threat level, damage potential and distribution rate are low all round. 

Google’s web site hosting service was being used by hackers to host a malicious Trojan. Security company Websense warned that a Trojan horse was being hosted on a site with the same IP address as the main Google site. This Trojan is known as “keylogger” and is programmed to recognize when users go to bank sites then it records the users keystrokes. The company has not yet detected e-mails or IM links leading back to the Trojan. Luckily, it appears that it was caught before being launched.

A new trojan is out that encrypts data files with a long password and then demands a ransom to give the computer user the password. The virus named Arhiveus-A demands for the ransom that you purchase products from one of three online pharmacies in exchange for the password. The trojan tells you not to search for a program that encrypted your data because it does not exist anymore. Then the program deletes itself still leaving the passwords on your data. Experts say not to pay the ransom because it only opens people up to receive more blackmail attempts in the future. They say the best solution is to invest in spyware and virus protection software. Unfortunately they do not offer any fix to the still encrypted data.

People are now being conned into downloading a Trojan through text messaging. People are receiving text messages thanking them for signing up with a fictitious online dating service. It also tells them that they will receive a $2 fee per day to their cell phone for the service. To cancel the service, the user must go to a website where they are prompted to download a variant of the Dumador Trojan bot. The site does not attempt to exploit any vulnerabilities; instead, the attacker provides instructions to the user on how to bypass the Internet Explorer security warning prompt. This works well on the less PC savy indivuals. The Trojan allows the computer to be remotely controlled as itreceives remote commands by making GET requests to two different web addresses. It also prevents users from accessing certain webpages, particularly antivirus software websites. As always, be wary and check into any sites that prompt you to download anything.

Sophos Labs are warning users about this new Trojan horse threat that can encrypt your computer data and also force you into making a purchase from an online pharmacy.  This Trojan is also known at “MayAlert”.  Users who become victim of this threat will see the following notice:

INSTRUCTIONS HOW TO GET YOUR FILES BACK
READ CAREFULLY. IF YOU DO NOT UNDERSTAND - READ AGAIN.This is the automated report generated by auto archiving software.

Your computer caught our software while browsing illegal porn pages, all your documents, text files, databases in the folder My Documents was archived with long password.

You can not guess the password for your archived files - password length is more than 30 symbols that makes all password recovery programs fail to bruteforce it (guess password by trying all possible combinations).

Do not try to search for a program that encrypted your information - it simply does not exist in your hard disk anymore. Reporting to police about a case will not help you, they do not know the password. Reporting somewhere about our email account will not help you to restore files. Moreover, you and other people will lose contact with us, and consequently, all the encrypted information.

You are then told that you must make a purchase from an online store and after that you will receive the password to unlock your files.

Make sure you you have updated your anti-virus and spyware programs to protect yourself against this new threat.