The Computer Guys

Miami to Fort Lauderdale Since 1994 - Thank You!

 

 

We Build the Best & Repair the Rest! ©

 

Alerts January 2007

FAQ Search Virus Alerts Hardware Faqs

 

 

Computer Repair
PC Maintenance
Disaster Recovery
SpyWare Removal
Company Profile
Disclaimer
Contact Information
Home Users

 

 


Alerts 2006 Alerts January 2007 Alerts February 2007 Alerts March 2007 Alerts April 2007 Alerts May 2007 Alerts June 2007 Alerts July 2007 Alerts August 2007 Alerts Sept 2007 Alerts October 2007

 

 

 

 

Top 10 malware reported to Sophos in January 2007

Position Last
month		 Malware Percentage of reports
1 New Dorf
   46.1%
2 2 Netsky
   16.1%
3 3 Mytob
   9.8%
4 4 Stratio
   8.5%
5 5 Zafi
   3.6%
6 7 MyDoom
   2.8%
7 8 Sality
   2.6%
8 5 Bagle
   2.5%
9 9 Nyxem
   1.0%
10 New Wukill
   0.8%
Others 6.2%

 

Downloader-BAI
Downloader-BAI was first discovered on January 19, 2007

 

--- Update January 21, 2007 --

There have been multiple spammings of this family over the last 48 hours. 

This variant is a different strain of W32/Nuwar  Newer variants drop or download samples related to W32/Nuwar@MM  
 

--- Update January 19, 2007 --
The risk assessment of this threat was updated to Low-Profiled due to prevalence.

Downloader-BAI is a trojan that is delivered via a spammed email message. This downloader is designed to download files from websites controlled by the malware author.

 

History

W32/NuWar@MM used to drop downloader-ARL few weeks ago. Now it has changed its payload by dropping Downloader-BAI. W32/Nuwar@MM creates a copy of itself with a random name followed by ".t" extension. It then infects files in the directories. The infected files are detected as W32/Duel. In the process of infection it is also observed to corrupt the binaries which will get detected as w32/Duel.dam.

Aliases

  • CME-711
  • Downloader-BAI
  • Downloader-BAI.gen
  • Storm Worm
  • Trojan-Downloader.Win32.Agent.bet
  • Trojan-Downloader.Win32.Small.dam
  • Trojan.Peacomm
  • Win32/Nuwar.N@MM!CME-711

Read More here...

 
 
 

Troj/Dorf-Fam

 

This section is for technical experts who want to know more.

Troj/Dorf-Fam is a family of backdoor Trojans for the Windows platform.
 

Members of Troj/Dorf-Fam also have functionality to download and execute files from the internet.

Several members of Troj/Dorf-Fam have been seen aggressively spammed out with politically sensitive subject lines such as:

"British Muslims Genocide"
"Sadam Hussein safe and sound!"
"Hugo Chavez dead."
"Russian missle shot down Chinese satellite"
"Venezuelan leader: "Let's the War beginning"."
"The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!"
"Third World War just have started!"
"President of Russia Putin dead."

Other subject lines seen are as follows:

"U.S. Southwest braces for another winter blast. More then 1000 people are dead."
"Love at First Sight"
"Hand in Hand"
"Our love is torn by miles"

Troj/Dorf-Fam attempts to drop the file <System>\wincom32.sys, also detected as Troj/Dorf-Fam. This file is registered as a service

with a Display Name of "wincom32", with registry entries set at the following location:

HKLM\SYSTEM\CurrentControlSet\Services\wincom32

Troj/Dorf-Fam then attempts to inject another file into services.exe. This file is also detected as Troj/Dorf-Fam, and may create the

clean file <System>\peers.ini, as well as download and execute code from the internet, and provide backdoor functionality to allow

access to the computer by a remote user.

 

 

Google
 
This web is optimized for 800 x 600 monitor resolution or above and the latest web browser.  Get the latest IE or Netscape web browser. (you need to connect to the internet first)

 

 

Copyright © 1998 The Computer Guys

 Back Home Up Next