Reply to thread

Message: <blockquote data-quote="sanjeeme" data-source="post: 3823592" data-attributes="member: 86590">AVG Anti virus Data collection  And knowledge Base <img src="http://www.amaderforum.com/images/smilies/rip.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" />Threat InfoI-Worm/NuwarPropagation method of new Nuwar variant is still similar to its precedessors. Spammed mails with link in IP format directs users to the worm web pages where the users are prompted to download one of the worm files with the name funny.exe. Names of other downloadable files are kickme.exe and foolsday.exe. AVG detects this threat as I-Worm/Nuwar.R.April 17, 2008I-Worm/NuwarNew Nuwar variant spreading method is similar to Nuwar.L last month propagation. Spammed emails are brief containing link in IP format to currently working pages with worm. Compromised page code is changed and as a result user is prompted to download file with worm. Downloaded filename is valentine.exe it's about 110 - 130kB long and it's detected by AVG as I-Worm/Nuwar.N.February 12, 2008I-Worm/NuwarWe have a new wave of spammed mail messages containing link directing users to website where the worm could be downloaded. Emails contains short text and IP address of currently working pages with worm. In this case downloaded filename is withlove.exe and it's about 115kB in size. Websites and worm files changes every few minutes. AVG detects withlove.exe as I-Worm/Nuwar.L.January 15, 2008Downloader.TibsA new Downloader.Tibs variant is spreading today thanks to massive spamming. Infected emails contains about 130-140kB long attachment, usually with name happy2008.exe, which is trojan horse itself. There are also emails with links directing users to a malicious web pages. The files are already detected as Downloader.Tibs.December 25, 2007Win32/Mabezat.AIn last few days we`ve registered a larger amount of PE files infected by this virus. Win32/Mabezat is polymorphic file infector which infects PE files. More information could be found in our Virus Encyclopedia.November 14, 2007Trojan Downloader.Agent.UZMA new Trojan Downloader was spammed today. Trojan is attached in zip archive to emails in HTML format with subject "Hot game" and body text that claims some Angelina Jolie or Lara Croft undressing game. xgame.zip attachment contains xgame.exe (20992B) which drops executes and deletes kernel driver C:\WINDOWS\System32\drivers\runtime.sys and downloads another downloader smartdrv.exe. runtime.sys runs injects and hides Iexplore.exe process and downloads another components. xgame.exe is detected as Trojan Downloader.Agent.UZM, smartdrv.exe is detected as Trojan Downloader.Agent.UZN, runtime.sys is detected as Trojan Downloader.Agent.THW and other downloaded components are detected as several variants of Trojan Backdoor.Ntrootkit.November 10, 2007I-Worm/Stration downloaderNext Stration downloader variant spreads by email in messages with randomly generated subject and body with two attachments. PDF attachment is harmless but EXE attachment which is 18708B long is downloader itself and AVG detects it as I-Worm/Stration. More information about Stration worm familly can be found in the Virus Encyclopedia.November 5, 2007I-Worm/Stration downloaderLatest Stration downloader spreads by email in messages with randomly generated subject and body with one EXE and one PDF file attached. EXE file is 20992B in size and it`s downloader itself which is detected by AVG as I-Worm/Stration.FJA. The file downloader tryes to download is already detected as I-Worm/Stration. More information about Stration worm familly can be found in the Virus Encyclopedia.November 1, 2007Stration downloaderA new Stration downloader was seeded during todays morning using mail messages where subject and body are variable and which contains two attachments, one with pdf extension and second with exe extension which is 4096B in size and it`s downloader itself. AVG detect this threat as Trojan horse Downloader.Generic6.PFM. Downloader tryes to download and install Stration to affect system, but Stration download link is no longer active. More information about Stration worm familly can be found in the Virus Encyclopedia.October 19, 2007DATA collection from Kaspersky  <img src="http://www.amaderforum.com/images/smilies/rip.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" />The term “virus” is often loosely used in reference to any type of malicious program, or it is used to describe any negative event that a malicious program causes to a host system.In the simplest terms, a virus is defined as program code that replicates from one host file to another. This simple definition leaves room for further sub-division, which has become necessary due to the evolution of malicious code over the last two decades.Computer Viruses can be further classified by the types of objects they infect, the method used to select a potential host, and infection technique.Infection by type: Boot sector and multipartite viruses infect boot sectors and key operating system startup files (primarily COMMAND.COM).File viruses infect application .COM and .EXE files. Word Macro and Excel Macro viruses infect Microsoft Word .DOC and .XLS files, respectively.Classified by the method they use to select their host: “Indirect action file viruses” load into memory and hook into the system interrupt table(s) so they can infect as files are accessed. Conversely, “direct action file viruses” do not become a memory resident, they simply infect a file (or files) when an infected program is run.Infection technique: “Appending viruses” add code to the end of a host file, while “Prepending viruses” insert their code at the beginning of a host file, effectively "shifting up" the program's original code. Overwriting viruses replace the host file completely with their own code causing irreparable damage to the original host file. By contrast, companion viruses and link viruses avoid adding code to a host file at all.Companion viruses create a file of the same name, but with an extension that is higher up in the execution hierarchy. Link viruses manipulate FAT (file allocation table) entries.There are viruses that fail to work altogether. This could due to a bug in the original programming of the virus or a natural corruption (for example, a devolving virus eventually corrupts itself to the point that it can no longer function). One wonders how such corruptions can be classified as viruses at all, and yet they are the bane of the anti-virus industry. Corrupted samples show up all too often in well-intended comparative reviews, and can badly skew test results.17-01-2009 Latest virus ------------------------------------------------------------------------------------------------------------Name of malicious program        Update released  17 January 09not-a-virus<img src="/styles/default/xenforo/smilies/default/P.gif"  class="smilie" loading="lazy" alt=":P" title=":P    :P" data-shortname=":P" />orn-Dialer.Win32.InstantAccess.evf Trojan-Spy.Win32.Agent.qku     Trojan-Spy.Win32.Agent.qkt     Trojan.Win32.Monderb.afbo     Trojan.Win32.Monderb.afbn     not-a-virus:WebToolbar.Win32.FenomenGame.poc           not-a-virus<img src="/styles/default/xenforo/smilies/default/P.gif"  class="smilie" loading="lazy" alt=":P" title=":P    :P" data-shortname=":P" />orn-Dialer.Win32.InstantAccess.evh     not-a-virus<img src="/styles/default/xenforo/smilies/default/P.gif"  class="smilie" loading="lazy" alt=":P" title=":P    :P" data-shortname=":P" />orn-Dialer.Win32.InstantAccess.evg     Backdoor.Win32.PcClient.aazo           Trojan.Win32.Monder.aoih           Trojan-GameThief.Win32.OnLineGames.ullm     Trojan-GameThief.Win32.OnLineGames.ulll          Exploit.Win32.IMG-WMF.ou     Trojan-Downloader.Win32.BHO.bzr           Rootkit.Win32.Ressdt.ma     Trojan-Spy.Win32.Agent.qkn     Backdoor.Win32.Bifrose.ajve     Trojan-Spy.Win32.Agent.qkm     Trojan.Win32.Monder.aoig     Trojan-Spy.Win32.Agent.qko     Trojan-Downloader.Win32.BHO.bzs     Trojan-Spy.Win32.Agent.qkp           Trojan-Spy.Win32.Agent.qkr     not-a-virus<img src="/styles/default/xenforo/smilies/default/P.gif"  class="smilie" loading="lazy" alt=":P" title=":P    :P" data-shortname=":P" />orn-Dialer.Win32.InstantAccess.eve     Trojan.Win32.Agent.bipl           Trojan.Win32.Buzus.ahxbTrojan.Win32.Monderb.afbmTrojan.Win32.Buzus.ahxa Backdoor.Win32.Rbot.ykt Worm.Win32.AutoRun.xuy         Symantec Found These viruses ------------------------------------------------------------------------------------------------------------    Packed.Generic.205    Trojan, Virus, Worm    01/15/2009    WiniGuard    Misleading Application    01/09/2009    W32.Grenail.D!inf    Virus    01/08/2009    W32.Grenail.C!inf    Virus    01/08/2009    W32.Downadup!autorun     Worm    01/07/2009    TotalProtect2009    Misleading Application    01/05/2009    Bloodhound.PDF.5    Trojan    01/05/2009    Bloodhound.PDF.4    Trojan    01/05/2009    Bloodhound.Exploit.223    Trojan, Virus, Worm    01/02/2009</blockquote>

Verification: Awruddata maasa keeyada?

Top Bottom