Results 1 to 6 of 6

Thread: May 2 Alerts

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Exclamation May 2 Alerts

    Trojan.Fatkill
    Discovered on: April 30, 2002
    Last Updated on: April 30, 2002 at 12:09:22 PM PDT
    When Trojan.Fatkill is run, it corrupts the hard disk.
    Type: Trojan Horse

    Wild:Low
    Damage:High
    Distribution:Low
    Damage:

    Payload Trigger: Running Trojan.Fatkill
    Payload: Overwrites the File Allocation Table of the hard disk.
    Causes system instability: The computer may not restart properly.

    Trojan.Fatkill is a DOS program that overwrites the File Allocation Table of the hard disk so that it becomes corrupted. This may result in the computer being unable to restart.

    http://sarc.com/avcenter/venc/data/trojan.fatkill.html

    =================================


    W32.Tendoolf
    Discovered on: May 1, 2002
    Last Updated on: May 1, 2002 at 06:19:07 PM PDT

    W32.Tendoolf is a variant of Backdoor.Subseven, which appears to be able to spread through email. The email message has the following characteristics:

    Subject: Thoughts...
    Message: I just found this program, and, i dont know why... but it reminded me of you. check it out.
    Attachment: Cute.exe

    The mailing routine has not been successfully reproduced in a laboratory environment.

    http://sarc.com/avcenter/venc/data/w32.tendoolf.html

    =================================
    Backdoor.Evilbot
    Discovered on: April 26, 2002
    Last Updated on: April 26, 2002 at 04:48:47 PM PDT

    Backdoor.Evilbot is a backdoor Trojan. It is used as a remote attack tool by hackers using IRC.
    Type: Trojan Horse

    Wild:Low
    Damage:Low
    Distribution:Low

    When Backdoor.Evilbot is executed, it copies itself as \%SYSTEM%\Sysedit.exe.
    Backdoor.Evilbot allows access to the infected computer by a hacker. It also attacks other computers using IRC.

    http://sarc.com/avcenter/venc/data/b...r.evilbot.html
    =================================

    Backdoor.RemoteNC
    Discovered on: April 24, 2002
    Last Updated on: April 25, 2002 at 12:39:11 PM PDT

    Backdoor.RemoteNC is a backdoor Trojan that can allow a hacker to gain access to your system. The hacker then can delete, copy or execute files on your computer.

    Type: Trojan Horse
    Infection Length: 143,360 bytes
    Systems Affected: Windows NT, Windows 2000, Windows XP

    Wild:Low
    Damage:Low
    Distribution:Low

    When Backdoor.RemoteNC is executed it opens a random (usually it is 1025, 1035, 1041, 1047, 1054 , or similar) port and listens for a connection.
    The hacker then can connect and have access to your system to delete, rename, copy, execute and any other commands that can be used by Cmd.exe.

    NOTE: This backdoor Trojan does not function properly on Windows 95/98/Me systems. On these systems it allows a hacker to connect to the infected system, but the hacker cannot send any damaging commands to the infected system. This is because Windows 95/98/Me systems do not use the Cmd.exe file, but instead use the Command.com file. The Trojan is coded to use only Cmd.exe and its commands, which will function only on Windows NT/2000/XP systems.

    http://sarc.com/avcenter/venc/data/b....remotenc.html
    =================================

    Troj/Diablo


    Troj/Diablo is a backdoor Trojan horse. If the Trojan server is installed on a computer, it will monitor and log all keyboard keystrokes made by the user.

    The keystrokes are logged into a file which can be sent via email or FTP to the potential attacker. The attacker can be notified by ICQ, when log files are uploaded onto an FTP server.

    The filename and extension used by the Troj/Diablo server are configurable. Possible Troj/Diablo file extensions can be:

    EXE, SCR, PIF, COM, CMD and BAT.

    When the Trojan server is run, it copies itself into the Windows Startup folder so that it automatically runs every time Windows is started.


    http://www.sophos.com/virusinfo/anal...rojdiablo.html
    =================================

    Win32.MinStaller
    Alias: Backdoor.Autoupder , Downloader-W , Win32/Downloader-W.A.Trojan, TROJ_SUA.A , TrojanDownloader.Win32.Minstaller
    Category: Win32
    Type: Trojan

    CHARACTERISTICS
    Win32.MinStaller trojan has the ability the install, run and delete files on a user's computer via scripting directives which are stored on an external site.

    The initial component (mnsvc.exe) downloads a program (ausvc.exe) which auto-updates various components as directed.

    Currently the trojan can install the following files on a user's harddisk:

    ausvc.exe (Auto-Updating component)
    absr.exe (Browser Helper Object)
    bvt.exe (Browser Helper Object)
    pmgr.exe
    mbtcd.bak (data file)
    ea.bin (data file)
    pl.dat (data file)
    undo.exe (Uninstalls the trojan and all components)
    undo.bat

    Users Note: The trojan follows directives for the installation, retrieval and removal of files that are stored externally on a website (where the content is liable to change). Hence it is possible that the functionality of the trojan may also change according to what content is downloaded and installed on the affected machine.


    http://www3.ca.com/virus/virus.asp?ID=11849
    =================================

    VBS.Horty.A
    Alias: I-Worm.Kagra, VBS/Kagra.A.Worm, VBS.Karga@mm
    Category: VB Script
    Type: Worm

    CHARACTERISTICS
    Please note: This description contains text that could be found offensive by some users. However, for clarity, and in order for users to accurately recognize this worm, the text of this description remains uncensored.

    VBS.Horty.A is a worm spreading via the e-mail system, using Microsoft Outlook.

    The worm arrives attached to a message with the Subject line:

    "Jenna Jameson pornostar free super****+photo addresses"

    and the following message body:

    "Do you wanna see super pornostar,Jenna Jameson,in a special
    super****?Double click on the attachment of this mail,and get
    also some interesting sex-sex-sex addreses... "

    The attached file is called:

    "JENNA-JAMESON-FREE-SUPER****.TXT.vbs

    http://www3.ca.com/virus/virus.asp?ID=11850

    ===================================


    sigh...and that's not all...but you get the idea...UPDATE TIME!
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Banned
    Join Date
    Mar 2002
    Posts
    968
    Thanks Zigar! Like you said, time to update!

  3. #3
    that Subseven worm is bad news...greenies for you

  4. #4
    For some1 bad news....for some1 good
    Not all ppl good as you think

  5. #5
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Posts
    2,185
    Ahh, more updates from the harbinger of doom......j/k. Thanks Zig, I ran my update this morning, so hopefully I'm covered.

    /me crossing my fingers!

    Deb
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  6. #6
    Banned
    Join Date
    Mar 2002
    Posts
    520
    Thanks man..... That one worm is weird.... The little keylogger.....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •