Spyware Warrior

[wawadave]

Today's roundup of virus alerts:

Gaobot.DK - A Trojan horse that attempts to exploit various RPC
and WebDav vulnerabilities in Windows. The virus spreads between
network shares and connects to an IRC server to await commands
from a malicious user. It also disables security-related
applications running on the infected machine. (Panda Software)

Dumaru.Z - Another worm/Trojan horse that attempts to steal
E-gold account information and opens ports on the infected
machine for an attacker to enter. (Panda Software)

Govnodav.A - A keylogging Trojan horse that spreads via e-mail
and sends what it captures back to the virus' author. (Panda
Software)
**********

From the interesting reading department:

Microsoft: Change to IE will block some URLs

Responding to a wave of online scams, Microsoft said that it is
fixing a flaw in its popular Internet Explorer that makes it
easy to mask the real address of a Web page displayed on the
browser. IDG News Service, 01/29/04.
http://www.nwfusion.com/news/2004/0129microchange.html?nl



_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

hello
not that any one will read these!
Today's roundup of virus alerts:

W32/Agobot-CS - A Trojan horse that spreads via weakly protected
network shares. It attempts to connect to an IRC server to allow
an attacker gain access to the infected machine as well as stops
various security-related application processes. (Sophos)

W32/Agobot-P - Another version of the Agobot virus. This one too
exploits weak passwords on network shares as well as the RPC
DCOM vulnerability in Windows. Like its predecessors, it
terminates security applications and provides backdoor
functionality via an IRC connection. (Sophos)

W32/SdBot-W - Like the two viruses mentioned above, weak network
share passwords and IRC backdoors are the name of the game with
this virus. (Sophos)
**********



_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[wawadave]

Today's roundup of virus alerts:

Troj/Sdbot-FM - A Trojan horse that runs as a Windows service
and connects to an IRC server to allow unauthorized access to
the infected machine by attackers. (Sophos)

W32/Agobot-CP - A back door Trojan horse that spreads between
Windows machines by exploiting the DCOM RPC and RPC locator
vulnerabilities. The virus connects to an IRC server to allow
attackers unauthorized access to the infected machine. (Sophos)

W32/Mimail-T - Another version of the Mimail worm that spreads
via e-mail. This version comes in a message that starts with
"*** GLOBAL WARMING:". (Sophos, Panda Software)

W32/Holar-J - This virus, which spreads via e-mail or MSN
Messenger, attempts to delete a number of popular file types on
the infected machine. (Sophos)

X-Scan.A - A set of hacking tools that are used to find
vulnerabilities in a Windows machine and log keystrokes. (Panda
Software)

Y2K - A joke virus that pretends to be searching for Y2K
vulnerabilities and while doing so, flickers the screen and
opens the CD tray. At the end of the "test" it reveals itself as
a joke. (Panda Software)

_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[suzi]

Dave, I'm reading them. I'm sure others are too.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[wawadave]

TRENDS
*********************************************************************

1. New Worm Camouflages MyDoom Writer's Trail
The new DoomJuice worm -- aka, MyDoom-C -- that hit the wild Monday is the
equivalent of
digital camouflage. It's believed that the MyDoom author created the new worm to
mask his
trail and stymie potential prosecutors.
http://nl.internet.com/ct.html?rtr=on&s=1,pqm,1,d41y,ac8u,9s3s,a9gz
------------------------------------------------------------
2. Worm Spreads Through File-Sharing Application
W32/Vesser.worm.a is a worm that spreads via the peer to peer file-sharing
application
Soulseek, and may attempt to spread via the remote access component created by
the
W32/Mydoom.a@MM and W32/Mydoom.b@MM viruses, according to McAfee, which issued
an alert
Tuesday.
http://nl.internet.com/ct.html?rtr=on&s=1,pqm,1,f9kn,45ej,9s3s,a9gz
------------------------------------------------------------
3. Worm Spreads by Exploiting Backdoor Installed by MyDoom Virus
Several vendors Monday issued medium-level alerts for W32/Doomjuice.worm.a, a
worm that
attempts to spread to W32/Mydoom.a@MM and W32/Mydoom.b@MM infected systems, by
entering
in through the backdoor created by the Mydoom virus.
http://nl.internet.com/ct.html?rtr=on&s=1,pqm,1,c8cl,dlew,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd