Major Security / Virus Warnings

Re: Major Security Virus Warnings

W32.Mydoom.BU@mm
Discovered on: May 26, 2005
Last Updated on: May 27, 2005 09:55:09 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.bu@mm.html

 

Re: Major Security Virus Warnings

W32.Kassbot.B
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 10:38:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kassbot.b.html

W32.Pinkton.A
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 02:27:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinkton.a.html


Trojan.Tooso.I
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 02:21:58 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.i.html

Backdoor.Omerta
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 09:26:39 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.omerta.html

Backdoor.Kotilla
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 09:43:34 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kotilla.html

Trojan.Abwiz.B
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 02:51:25 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.abwiz.b.html

 

Re: Major Security Virus Warnings

VBS.Ypsan.F@mm
Discovered on: June 01, 2005
Last Updated on: June 01, 2005 04:46:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.ypsan.f@mm.html

 

Re: Major Security Virus Warnings

W32.Bobax.Z
Discovered on: June 03, 2005
Last Updated on: June 03, 2005 04:37:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.bobaxz.html

Download.BBX
Discovered on: June 03, 2005
Last Updated on: June 03, 2005 04:56:35 PM
http://securityresponse.symantec.com/avcenter/venc/data/download.bbx.html

 

Re: Major Security Virus Warnings

W32.Spybot.PKC
Discovered on: June 06, 2005
Last Updated on: June 06, 2005 11:51:14 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.pkc.html


W97M.Minceme
Discovered on: June 06, 2005
Last Updated on: June 06, 2005 11:46:39 AM
http://securityresponse.symantec.com/avcenter/venc/data/w97m.minceme.html

 

Re: Major Security Virus Warnings

PWSteal.Lemir
Discovered on: June 10, 2005
Last Updated on: June 10, 2005 12:37:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.html

W32.Mytob.DY@mm
Discovered on: June 09, 2005
Last Updated on: June 09, 2005 04:46:04 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.dy@mm.html

 

Re: Major Security Virus Warnings

W32.Mytob.EY@mm
Discovered on: June 16, 2005
Last Updated on: June 16, 2005 03:56:34 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ey@mm.html

W32.Mytob.FA@mm
Discovered on: June 16, 2005
Last Updated on: June 16, 2005 03:46:27 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.fa@mm.html


W32.Mytob.EZ@mm
Discovered on: June 16, 2005
Last Updated on: June 16, 2005 11:37:42 AM http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ez@mm.html

Trojan.Chost.B
Discovered on: June 16, 2005
Last Updated on: June 16, 2005 04:32:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.chost.b.html

W97M.Arai.A
Discovered on: June 16, 2005
Last Updated on: June 17, 2005 01:42:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/w97m.arai.a.html

W32.Opanki.B
Discovered on: June 15, 2005
Last Updated on: June 16, 2005 09:21:07 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.b.html

 

Re: Major Security Virus Warnings

W32.Beagle.BT@mm
Discovered on: June 18, 2005
Last Updated on: June 18, 2005 03:54:55 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bt@mm.html

 

Re: Major Security Virus Warnings

W32.Mytob.FO@mm
Discovered on: June 19, 2005
Last Updated on: June 19, 2005 01:36:46 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.fo@mm.html

 

Re: Major Security Virus Warnings

Trojan.Floodblack
Discovered on: June 21, 2005
Last Updated on: June 21, 2005 11:10:42 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.floodblack.html

Backdoor.Nibu.L
Discovered on: June 21, 2005
Last Updated on: June 21, 2005 12:06:14 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.l.html

 

Re: Major Security Virus Warnings

W32.Mytob.FX@mm
Discovered on: June 23, 2005
Last Updated on: June 23, 2005 02:45:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.fx@mm.html

W32.Mytob.FU@mm
Discovered on: June 22, 2005
Last Updated on: June 23, 2005 12:28:53 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.fu@mm.html

 

Re: Major Security Virus Warnings

W32.Mytob.GC@mm
Discovered on: June 24, 2005
Last Updated on: June 25, 2005 10:55:33 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.gc@mm.html

 

Re: Major Security Virus Warnings

W32.Kelvir.DQ
Discovered on: June 26, 2005
Last Updated on: June 26, 2005 04:40:32 PM

http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.dq.html

 

Re: Major Security Virus Warnings

W32.Alcra.B
Discovered on: June 27, 2005
Last Updated on: June 27, 2005 12:38:52 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.b.html

 

Re: Major Security Virus Warnings

W32.Meetot
Discovered on: June 28, 2005
Last Updated on: June 28, 2005 02:05:39 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.meetot.html

 

Re: Major Security Virus Warnings

W32.Spybot.RDW
Discovered on: June 29, 2005
Last Updated on: June 29, 2005 12:26:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.rdw.html

 

Re: Major Security Virus Warnings

W32.Mytob.GP@mm
Discovered on: June 30, 2005
Last Updated on: June 30, 2005 10:35:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.gp@mm.html

 

Re: Major Security Virus Warnings

W32.Kelvir.DY
Discovered on: July 02, 2005
Last Updated on: July 02, 2005 12:59:11 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.dy.html

 

Re: Major Security Virus Warnings

Backdoor.Berbew.T
Discovered on: July 05, 2005
Last Updated on: July 05, 2005 10:53:49 AM http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.t.html

 

Re: Major Security Virus Warnings

Bloodhound.Exploit.40
Discovered on: July 07, 2005
Last Updated on: July 07, 2005 02:41:46 PM
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.40.html

 

Re: Major Security Virus Warnings

The menace of Worms
http://www.emsisoft.com/en/kb/articles/tec050629/

 

Re: Major Security Virus Warnings

Trojan.Aemonet
Discovered on: July 09, 2005
Last Updated on: July 09, 2005 11:04:58 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.aemonet.html

 

Re: Major Security Virus Warnings

W32.Mytob.HH@mm
Discovered on: July 11, 2005
Last Updated on: July 11, 2005 11:55:22 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.hh@mm.html

W32.Mytob.HG@mm
Discovered on: July 11, 2005
Last Updated on: July 11, 2005 11:01:01 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.hg@mm.html

 

Re: Major Security Virus Warnings

W32.Kelvir.ER
Discovered on: July 13, 2005
Last Updated on: July 13, 2005 11:47:10 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.er.html

 

Re: Major Security Virus Warnings

W32.Mytob.HM@mm
Discovered on: July 14, 2005
Last Updated on: July 14, 2005 12:40:04 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.hm@mm.html

 

Re: Major Security Virus Warnings

W32.Reatle.C@mm
Discovered on: July 15, 2005
Last Updated on: July 16, 2005 02:54:45 PM

http://securityresponse.symantec.com/avcenter/venc/data/w32.reatle.c@mm.html

 

Re: Major Security Virus Warnings

W32.Mytob.IA@mm
Discovered on: July 18, 2005
Last Updated on: July 18, 2005 10:47:51 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ia@mm.html

 

Re: Major Security Virus Warnings

W32.Mytob.IC@mm
Discovered on: July 19, 2005
Last Updated on: July 19, 2005 05:11:24 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ic@mm.html

 

Re: Major Security Virus Warnings

W32.Opanki.D
Discovered on: July 21, 2005
Last Updated on: July 21, 2005 01:11:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.d.html

 

Re: Major Security Virus Warnings

W32.Mytob.IH@mm
Discovered on: July 25, 2005
Last Updated on: July 25, 2005 11:28:26 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ih@mm.html

 

Re: Major Security Virus Warnings

BAT.Trojan
Discovered on: July 27, 2005
Last Updated on: July 27, 2005 09:32:05 AM
http://securityresponse.symantec.com/avcenter/venc/data/bat.trojan.html

 

Re: Major Security Virus Warnings

W32.Mytob.IK@mm
Discovered on: July 29, 2005
Last Updated on: July 29, 2005 12:17:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ik@mm.html

 

Re: Major Security Virus Warnings

PWSteal.Wowcraft
Discovered on: July 30, 2005
Last Updated on: July 31, 2005 08:01:05 AM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.wowcraft.html

 

Re: Major Security Virus Warnings

W32.Bratle.A
Discovered on: July 31, 2005
Last Updated on: August 01, 2005 03:05:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.bratle.a.html

 

Re: Major Security Virus Warnings

Backdoor.Mousey
Discovered on: August 05, 2005
Last Updated on: August 05, 2005 05:08:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mousey.html

 

Re: Major Security Virus Warnings

W32.Zotob.B
Discovered on: August 14, 2005
Last Updated on: August 15, 2005 03:03:18 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html

 

Re: Major Security Virus Warnings

Important information about current security risks.

Mytob (Zotob) Worm Alert!

The latest variants of the Mytob worm use a vulnerability in the Windows Plug&Play interface to infect Windows systems. a-squared detects the worm as Net-Worm.Win32.Mytob.cd, Mytob.cf, Mytob.ch and its automatically installed backdoor trojan as Backdoor.Win32.IRCBot.et. Online newspapers usually use the name Zotob-Worm.

The vulnerability mainly affects Windows 2000, but may be used to exploit Windows XP and 2003 Servers too, Microsoft says. Windows 98 and ME systems are not affected.

Once active, the worm downloads an IRC backdoor trojan from the internet which is used to remotely control the computer.

Protection:

Ensure, that you have already applied the Windows patch with the number KB899588 with your system. You can download the patch on the Microsoft website or use the automatic Windows-Update to install it automatically.

KB899588:
http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx

 

Re: Major Security Virus Warnings

CURRENT THREAT W32/IRCbot.worm!MS05-039
High Risk
Virus Alert

What is it?
A fast-spreading Internet Relay Chat (IRC) bot worm affecting systems worldwide, W32/IRCbot.worm!MS05-039 exploits a recently announced Microsoft operating system vulnerability to spread and possibly help a remote hacker control an infected system.

You can be infected simply by going online. Once infected, your system may continually reboot.

What can I do?

Besides making sure you have the latest VirusScan® virus definition updates installed, always recommends installing operating system patches from Microsoft. Learn more here.
http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx?cid=16000

How do I know if I've been infected?

The virus copies itself to the Windows System directory (e.g. C:\Windows\System32\ on Windows XP) as WINTBP.EXE.

The file can be run automatically by exploiting the MS05-039 vulnerability or by a user directly executing the worm.

Should you find yourself infected then you can run the stinger tool which can be found here
http://www.majorgeeks.com/McAfee_AVERT_Stinger_d4063.html

 

Re: Major Security Virus Warnings

08/17/05: The biggest virus epidemic since Klez, Zotob (Bozori) worm strikes down Windows 2000/XP systems!
Please be aware of the new dangerous worm firstly discovered this Tuesday. It attacks computer systems using Microsoft operating systems and shuts down computers all over the world. While the worm affects primary computers running Windows 2000, it’s also possible to get infected with some early versions of WindowsXP.

Symptoms of Zotob (Bozori) worm include the repeated shutdown and rebooting of a computer.


Do please make sure you are currently up to date on all your anti virus/ Trojan software

 

Re: Major Security Virus Warnings

Backdoor.Darkmoon
Discovered on: August 19, 2005
Last Updated on: August 19, 2005 11:44:32 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.darkmoon.html

 

Re: Major Security Virus Warnings

W32.Gaobot.DXO
Discovered on: August 22, 2005
Last Updated on: August 22, 2005 10:58:23 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.dxo.html

W32.Spybot.UOL
Discovered on: August 22, 2005
Last Updated on: August 22, 2005 04:25:49 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.uol.html

 

Re: Major Security Virus Warnings

W32.Zotob.J@mm
Discovered on: August 23, 2005
Last Updated on: August 23, 2005 02:58:03 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.j@mm.html

 

Re: Major Security Virus Warnings

W32.Zotob.K
Discovered on: August 24, 2005
Last Updated on: August 24, 2005 12:23:55 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.k.html

Backdoor.Mepcod
Discovered on: August 24, 2005
Last Updated on: August 24, 2005 12:35:11 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mepcod.html

W32.Kelvir.HI
Discovered on: August 23, 2005
Last Updated on: August 24, 2005 12:35:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html

 

Re: Major Security Virus Warnings

W32.Zotob.L
Discovered on: August 25, 2005
Last Updated on: August 25, 2005 11:48:51 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.l.html



W32.Reatle.I@mm
Discovered on: August 25, 2005
Last Updated on: August 25, 2005 04:02:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.reatle.i@mm.html


W32.Mytob.JF@mm
Discovered on: August 25, 2005
Last Updated on: August 25, 2005 11:11:07 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.jf@mm.html

 

Re: Major Security Virus Warnings

Trojan.Webus.I
Discovered on: August 27, 2005
Last Updated on: August 27, 2005 11:37:49 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.i.html

 

Re: Major Security Virus Warnings

W32.Mytob.JH@mm
Discovered on: August 29, 2005
Last Updated on: August 29, 2005 09:45:53 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.jh@mm.html

 

Re: Major Security Virus Warnings

W97M.Anisc.B
Discovered on: August 31, 2005
Last Updated on: August 31, 2005 05:02:29 PM http://securityresponse.symantec.com/avcenter/venc/data/w97m.anisc.b.html

 

Re: Major Security Virus Warnings

Backdoor.Graybird.O
Discovered on: September 01, 2005
Last Updated on: September 01, 2005 10:59:13 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.o.html

 

Re: Major Security Virus Warnings

SYM05-013
September 02, 2005
Local LiveUpdate server username / password information revealed by client
Discovery Date:
August 31, 2005 - Bugtraq posting (Vulnerability in Symantec Anti Virus Corporate Edition v9.x)

Revision History
None

Risk Impact
Medium

Remote Access Yes
Local Access Yes
Authentication Required Yes
Exploit publicly available No


Details
LiveUpdate server login name and password are written to a local log file in clear text. This happens when the LiveUpdate client checks for updates from the server. This is only an issue when a local LiveUpdate server is used with a login name and password.

The login name and password belong to the account configured by the LiveUpdate server administrator for accessing LiveUpdate packages. Symantec strongly recommends that this user account be unique for accessing LiveUpdate packages only, and have no other system access. The system administrator account should never be used for this purpose.

Note: As stated in the LiveUpdate download readme file: LiveUpdate version 2.7.x does not support the LiveUpdate Administration Utility, Version 1.5.x. If you are running a system as a Central LiveUpdate server please go to http://www.symantec.com/techsupp/files/lu/lu.html and download Version 1.5.4.15 update for the LiveUpdate Administration Utility.

Affected Products

Product Version Build Solution
LiveUpdate Client 2.7 34 LiveUpdate Client Update


Non-Affected Products

Product Version Build
LiveUpdate Client 2.5 All
LiveUpdate Client 2.6 All


Symantec Response
An update for the LiveUpdate 2.7 client has been released and can be downloaded from the following location:

http://www.symantec.com/techsupp/files/lu/lu.html

Symantec is not aware of any active attempts against or organizations impacted by this issue.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.

Credit
Symantec thanks Arthur Freyman, for notification of this issue and coordination of disclosure as it was resolved.


--------------------------------------------------------------------------------

Symantec takes the security and proper functionality of its products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability guidelines outlined by the National Infrastructure Advisory Council (NIAC). Please contact secure@symantec.com if you feel you have discovered a potential or actual security issue with a Symantec product. A Symantec Product Security team member will contact you regarding your submission.

Symantec has developed a Product Vulnerability Handling Process document outlining the process we follow in addressing suspected vulnerabilities in our products. We support responsible disclosure of all vulnerability information in a timely manner to protect Symantec customers and the security of the Internet as a result of vulnerability. This document is available from the location provided below.

Symantec strongly recommends using encrypted email for reporting vulnerability information to secure@symantec.com. The Symantec Product Security PGP key can be obtained from the location provided below.

http://securityresponse.symantec.com/avcenter/security/Content/2005.09.02.html

 

Re: Major Security Virus Warnings

W32.Spybot.WON
Discovered on: September 07, 2005
Last Updated on: September 08, 2005 12:13:41 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.won.html