W32.Banwarum@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm also spreads through the network by exploiting the Microsoft Windows ASN.1 Library Bit String Processing Variant Heap Corruption Vulnerability (as described in Microsoft Security Bulletin MS04-007). The worm also [...]
Archive for May, 2006
W32.Banwarum@mm Discovered today
May 25, 2006W32.Mytob.PP@mm Virus Discovered Today
May 24, 2006W32.Mytob.PP@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
When W32.Mytob.PP@mm is executed, it performs the following actions:
Creates the following file:
%System%\taskgmr.exe
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Adds the value:
"Windows [...]
W32.Browaf Virus discovered today
May 24, 2006W32.Browaf is a worm that sends a link to a copy of itself via Yahoo Instant Messenger and MIRC. It also modifies the Internet Explorer Home page.
Once executed, W32.Browaf performs the following actions:
Creates the following files:
%UserProfile%\Start Menu\Internet Browser.lnk
%UserProfile%\Start Menu\Programs\Startup\YMSND.lnk
%Temp%\Startup.exe
C:\YSND\Ysnd.exe
%Temp%\Browser.exe
%Temp%\FtpBrowser.exe
%Temp%\Sys.dll
%Temp%\icon.icoNote:
%Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows [...]
Go Shoemoney Go!
May 22, 2006My friend Shoemoney is back at it again! He has offered a prize to anyone who can out optimize his shoemoney pages and kick him out of the number one slots in Google, Yahoo, and MSN. Good luck with that! Shoemoney has been making "shoemoney" doing this a lot longer than I have!
Shoemoney's 1,200+ domains [...]
Spywarebot Software is possible Spyware Threat
May 22, 2006Schrock Innovations has learned of a new program on the Internet that claims to remove spyware from your computer. It is called Spywarebot and there are reports that this software may be spyware its self.
Schrock Innovations strongly recommends that you DO NOT install this software on your computer until more is known about this possible [...]
New Virus Discovered Today – W32.Naras
May 22, 2006W32.Naras is a worm which infects PE files and contains rootkit and keylogging functionality.
We are curretly investigating this threat and will post more information as it becomes available. This virus infects Windows Windows 98, Windows ME, Windows 2000, Windows NT, Windows XP.
