 |
|
May 9, 2008
W32/Sober-N is a mass-mailing worm which sends itself to addresses harvested from the infected computer.
The email sent by W32/Sober-N depends on the recipient address. Emails sent to recipients whose email address is in the .de, .ch, .at, .li domains or contains the string "gmx." will receive an email as follows:
http://www.sophos.com/virusinfo/analyses/w32sobern.html |
|
W32/Rbot-VQ is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-VQ spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS).
|
|
W32/Sober-N is a mass-mailing worm which sends itself to addresses harvested from the infected computer.
The email sent by W32/Sober-N depends on the recipient address. Emails sent to recipients whose email address is in the .de, .ch, .at, .li domains or contains the string "gmx." will receive an email as follows:
http://www.sophos.com/virusinfo/analyses/w32sobern.html |
|
| Just a quick note to inform everyone that we are currently addressing the slowness of the network and internet. Due to an outbrake of a trojan horse in the westwing area some services may respond slowly. We expect for this issue to be resolved Friday the 25th. |
|
W32/Sober-J is a variant of the W32/Sober mass mailing worms family for the Windows platform that harvests email addresses from the infected computer's hard drive.
W32/Sober-J checks the country origin by the comparing the domain extension with those within a pre-defined list and will send its mail in either English or German depending on the domain.
http://www.sophos.com/virusinfo/analyses/w32soberj.html |
|
W32/Rbot-TD is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-TD spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate commands from a remote user.
http://www.sophos.com/virusinfo/analyses/w32rbottd.html
|
|
W32/Forbot-DJ is a Windows network worm which attempts to spread via network shares. The worm contains backdoor functions that allow unauthorised remote access to the infected computer via IRC channels.
Once installed, W32/Forbot-DJ attempts to setup an HTTP proxy server, remove connections to network shares, participate in denial-of-service (DOS) attacks and steal CD keys and email addresses when instructed to do so by a remote attacker.
The worm spreads to network shares with weak passwords and also by using the RPC-DCOM security exploit (MS03-039) and the LSASS security exploit (MS04-011).
http://www.sophos.com/virusinfo/analyses/w32forbotdj.html |
|
Microsoft VBScript runtime error '800a004c'
Path not found
/tutorials/news.inc, line 71 |
