Tillbaka till svenska Fidonet
English   Information   Debug  
TRAPDOOR   0/19
TREK   0/755
TUB   0/290
UFO   0/40
UNIX   0/1316
USA_EURLINK   0/102
USR_MODEMS   0/1
VATICAN   0/2740
VIETNAM_VETS   0/14
VIRUS   0/378
VIRUS_INFO   0/201
VISUAL_BASIC   0/473
WHITEHOUSE   0/5187
WIN2000   0/101
WIN32   0/30
WIN95   0/4289
WIN95_OLD1   0/70272
WINDOWS   0/1517
WWB_SYSOP   0/419
WWB_TECH   0/810
ZCC-PUBLIC   0/1
ZEC   4

 
4DOS   0/134
ABORTION   0/7
ALASKA_CHAT   0/506
ALLFIX_FILE   0/1313
ALLFIX_FILE_OLD1   0/7997
ALT_DOS   0/152
AMATEUR_RADIO   0/1039
AMIGASALE   0/14
AMIGA   0/331
AMIGA_INT   0/1
AMIGA_PROG   0/20
AMIGA_SYSOP   0/26
ANIME   0/15
ARGUS   0/924
ASCII_ART   0/340
ASIAN_LINK   0/651
ASTRONOMY   0/417
AUDIO   0/92
AUTOMOBILE_RACING   0/105
BABYLON5   0/17862
BAG   135
BATPOWER   0/361
BBBS.ENGLISH   0/382
BBSLAW   0/109
BBS_ADS   0/5290
BBS_INTERNET   0/507
BIBLE   0/3563
BINKD   0/1119
BINKLEY   0/215
BLUEWAVE   0/2173
CABLE_MODEMS   0/25
CBM   0/46
CDRECORD   0/66
CDROM   0/20
CLASSIC_COMPUTER   0/378
COMICS   0/15
CONSPRCY   0/899
COOKING   33421
COOKING_OLD1   0/24719
COOKING_OLD2   0/40862
COOKING_OLD3   0/37489
COOKING_OLD4   0/35496
COOKING_OLD5   9370
C_ECHO   0/189
C_PLUSPLUS   0/31
DIRTY_DOZEN   0/201
DOORGAMES   0/2065
DOS_INTERNET   0/196
duplikat   6002
ECHOLIST   0/18295
EC_SUPPORT   0/318
ELECTRONICS   0/359
ELEKTRONIK.GER   1534
ENET.LINGUISTIC   0/13
ENET.POLITICS   0/4
ENET.SOFT   0/11701
ENET.SYSOP   33945
ENET.TALKS   0/32
ENGLISH_TUTOR   0/2000
EVOLUTION   0/1335
FDECHO   0/217
FDN_ANNOUNCE   0/7068
FIDONEWS   24159
FIDONEWS_OLD1   0/49742
FIDONEWS_OLD2   0/35949
FIDONEWS_OLD3   0/30874
FIDONEWS_OLD4   0/37224
FIDO_SYSOP   12852
FIDO_UTIL   0/180
FILEFIND   0/209
FILEGATE   0/212
FILM   0/18
FNEWS_PUBLISH   4436
FN_SYSOP   41706
FN_SYSOP_OLD1   71952
FTP_FIDO   0/2
FTSC_PUBLIC   0/13613
FUNNY   0/4886
GENEALOGY.EUR   0/71
GET_INFO   105
GOLDED   0/408
HAM   0/16074
HOLYSMOKE   0/6791
HOT_SITES   0/1
HTMLEDIT   0/71
HUB203   466
HUB_100   264
HUB_400   39
HUMOR   0/29
IC   0/2851
INTERNET   0/424
INTERUSER   0/3
IP_CONNECT   719
JAMNNTPD   0/233
JAMTLAND   0/47
KATTY_KORNER   0/41
LAN   0/16
LINUX-USER   0/19
LINUXHELP   0/1155
LINUX   0/22112
LINUX_BBS   0/957
mail   18.68
mail_fore_ok   249
MENSA   0/341
MODERATOR   0/102
MONTE   0/992
MOSCOW_OKLAHOMA   0/1245
MUFFIN   0/783
MUSIC   0/321
N203_STAT   930
N203_SYSCHAT   313
NET203   321
NET204   69
NET_DEV   0/10
NORD.ADMIN   0/101
NORD.CHAT   0/2572
NORD.FIDONET   189
NORD.HARDWARE   0/28
NORD.KULTUR   0/114
NORD.PROG   0/32
NORD.SOFTWARE   0/88
NORD.TEKNIK   0/58
NORD   0/453
OCCULT_CHAT   0/93
OS2BBS   0/787
OS2DOSBBS   0/580
OS2HW   0/42
OS2INET   0/37
OS2LAN   0/134
OS2PROG   0/36
OS2REXX   0/113
OS2USER-L   207
OS2   0/4786
OSDEBATE   0/18996
PASCAL   0/490
PERL   0/457
PHP   0/45
POINTS   0/405
POLITICS   0/29554
POL_INC   0/14731
PSION   103
R20_ADMIN   1123
R20_AMATORRADIO   0/2
R20_BEST_OF_FIDONET   13
R20_CHAT   0/893
R20_DEPP   0/3
R20_DEV   399
R20_ECHO2   1379
R20_ECHOPRES   0/35
R20_ESTAT   0/719
R20_FIDONETPROG...
...RAM.MYPOINT
  0/2
R20_FIDONETPROGRAM   0/22
R20_FIDONET   0/248
R20_FILEFIND   0/24
R20_FILEFOUND   0/22
R20_HIFI   0/3
R20_INFO2   3249
R20_INTERNET   0/12940
R20_INTRESSE   0/60
R20_INTR_KOM   0/99
R20_KANDIDAT.CHAT   42
R20_KANDIDAT   28
R20_KOM_DEV   112
R20_KONTROLL   0/13300
R20_KORSET   0/18
R20_LOKALTRAFIK   0/24
R20_MODERATOR   0/1852
R20_NC   76
R20_NET200   245
R20_NETWORK.OTH...
...ERNETS
  0/13
R20_OPERATIVSYS...
...TEM.LINUX
  0/44
R20_PROGRAMVAROR   0/1
R20_REC2NEC   534
R20_SFOSM   0/341
R20_SF   0/108
R20_SPRAK.ENGLISH   0/1
R20_SQUISH   107
R20_TEST   2
R20_WORST_OF_FIDONET   12
RAR   0/9
RA_MULTI   106
RA_UTIL   0/162
REGCON.EUR   0/2056
REGCON   0/13
SCIENCE   0/1206
SF   0/239
SHAREWARE_SUPPORT   0/5146
SHAREWRE   0/14
SIMPSONS   0/169
STATS_OLD1   0/2539.065
STATS_OLD2   0/2530
STATS_OLD3   0/2395.095
STATS_OLD4   0/1692.25
SURVIVOR   0/495
SYSOPS_CORNER   0/3
SYSOP   0/84
TAGLINES   0/112
TEAMOS2   0/4530
TECH   0/2617
TEST.444   0/105
Möte VIRUS, 378 texter
 lista första sista föregående nästa
Text 73, 613 rader
Skriven 2004-11-28 19:40:00 av KURT WISMER (1:123/140)
Ärende: News, Nov. 28 2004
==========================
[cut-n-paste from sophos.com]

Name   Troj/Bancban-AH

Type  
    * Trojan

Affected operating systems  
    * Windows

Side effects  
    * Steals credit card details
    * Uses its own emailing engine
    * Installs itself in the Registry

Aliases  
    * TrojanSpy.Win32.Banker.di
    * PWS-Bancban.gen.b

Prevalence (1-5) 2

Description
Troj/Bancban-AH is a password-stealing Trojan targeted at customers of 
certain Brazilian banks.

Troj/Bancban-AH attempts to log keypresses entered into certain 
websites. The Trojan displays fake user interfaces in order to persuade 
the user to enter confidential details. Stolen information is sent by 
email to a remote user.

Advanced
Troj/Bancban-AH is a password-stealing Trojan targeted at customers of 
certain Brazilian banks.

Troj/Bancban-AH attempts to log keypresses entered into certain 
websites. The Trojan displays fake user interfaces in order to persuade 
the user to enter confidential details. Stolen information is sent by 
email to a remote user.

Troj/Bancban-AH may be dropped by a self-extracting archive as LOGIN.EXE 
in the Windows folder, along with a text file LOGIN.REG. When dropped in 
this manner, the archive also attempts to run Internet Explorer from the 
following location:
C:\Arquivos de programas\Internet Explorer\iexplore.exe

The following registry entry may be created in order to run the Trojan 
on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Login
C:\Windows\Login.exe

The user may be prompted to accept the above registry change, which is 
contained in the file LOGIN.REG.





Name   W32/Netsky-AE

Type  
    * Worm

How it spreads  
    * Email attachments

Affected operating systems  
    * Windows

Side effects  
    * Sends itself to email addresses found on the infected computer
    * Forges the sender's email address
    * Uses its own emailing engine
    * Installs itself in the Registry
    * Used in DOS attacks

Aliases  
    * I-Worm.NetSky.aa
    * W32/Netsky.z@MM
    * WORM_NETSKY.Z

Prevalence (1-5) 2

Description
W32/Netsky-AE is a mass-mailing worm of the Netsky family.
W32/Netsky-AE is a mass-mailing worm that uses its own SMTP engine to 
email itself to addresses harvested from files on local drives.

Advanced
W32/Netsky-AE is a mass-mailing worm of the Netsky family.
W32/Netsky-AE is a mass-mailing worm that uses its own SMTP engine to 
email itself to addresses harvested from files on local drives.

In order to run automatically the worm copies itself to the file 
Jammer2nd.exe in the Windows folder and creates the following registry 
entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Jammer2nd
%WINDOWS%\Jammer2nd.exe





Name   W32/Delf-IV

Type  
    * Worm

How it spreads  
    * Peer-to-peer

Affected operating systems  
    * Windows

Side effects  
    * Installs itself in the Registry

Aliases  
    * P2P-Worm.Win32.Delf.ad

Prevalence (1-5) 2

Description
W32/Delf-IV is a peer-to-peer worm for the Windows platform.

W32/Delf-IV spreads by copying itself to a Kazaa folder if one exists.

W32/Delf-IV also moves existing applications to a new folder and copies 
itself in place of the original files.

Advanced
W32/Delf-IV is a peer-to-peer worm and Trojan for the windows platform.

When first run, W32/Delf-IV copies itself to the folder SYSTEM in the 
Windows folder with the filename Rundll~.exe and installs itself in the 
registry with the following entry to run itself automatically on log-on:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Rundll = "C:\\WINDOWS\\System\\Rundll~.exe /out"

W32/Delf-IV also creates a number of registry entries under the new 
entry :

HKCU\Software\MouseMX\

W32/Delf-IV spreads by altering the location of the Kazaa local content 
folder, if this exists, and copying itself to the new location using one of 
the following filenames:

GTA San Andreas Crack
Norton AntyVirus 2005 full
Half Life 2 Crack - multiplayer
Sims 2 crack
Directx10 v2.3 fullversion
GaduReader 3.5
Partition Magic 8.6
Partition Magic 9
Half Life 2 dodatek
Roller Coaster Tycoon 3 crack

W32/Delf-IV also moves existing executable files on the computer to a 
new folder called MouseMX and copies itself into the place of the 
original files.





Name   W32/Anzae-C

Type  
    * Worm

How it spreads  
    * Email attachments

Affected operating systems  
    * Windows

Side effects  
    * Drops more malware
    * Uses its own emailing engine
    * Installs itself in the Registry
    * Exploits system or software vulnerabilities
    * Leaves non-infected files on computer

Aliases  
    * IWorm.Pawur.b

Prevalence (1-5) 2

Description
W32/Anzae-C is a Spanish mass-mailing worm.

W32/Anzae-C spreads as a zip file attached to email. The email generated 
by the worm has characteristics such as:

Subject line:
FW:Impresiona!!!!
FW:Pero si es cierto!!!
FW:Miralo!!!!

Message text:
Si tu me vieras....
Mirame!, jajaja
Te pongo a 100,jajaja
Miralo y me comentas luego,jajajaja

Attached file:
Las_cosas_cambian.zip
No_me_lo_creo.zip
Claro_que_lo_se.zip
Con_mas_amor.zip

Advanced
W32/Anzae-C is a Spanish mass-mailing worm.

When first run the worm copies itself to the Windows system folder with 
the names svchosl.pif and paula.pif.

The worm then drops four more files called ss.exe, sw.exe, sx.exe and 
sz.exe. Ss.exe is a joke program. Sz.exe is a simple ZIP program that is 
non- malicious. Sx.exe and sw.exe are components of the mailing worm. 
Sophos's anti-virus products detect the sx.exe component as W32/Anzae-B.

W32/Anzae-C spreads by sending the ZIP file it has created as an email 
attachment. The email message has characteristics chosen from the 
following lists:

Subject line:
FW:Impresiona!!!!
FW:Pero si es cierto!!!
FW:Miralo!!!!
FW:Venga que lo disfrutes ;) jajaja
FW:Podr
FW:El amor,el amor,jajaja
FW:Como el aire...xD

Message text:
s de los mismo, pero vale la pena...
s te quise yo :P,jajaja
s dormir??jajaja
:Pero que cosasssssss ,jajajaja
Si tu me vieras....
Mirame!, jajaja
Te pongo a 100,jajaja
Miralo y me comentas luego,jajajaja
Pa q tu vea!jajaja
jajajaja,no pue ser!
Pero que cosasssss!
Esto no me lo creo,joeee , jajajaj
Miralo y reenvia!!!!!jajajaja,comparte le
No comment,xDD ,Nos vemos!!

Attached file:
Las_cosas_cambian.zip
No_me_lo_creo.zip
Claro_que_lo_se.zip
Con_mas_amor.zip
Lo_que_ves.zip
Basta_YA.zip
Nunca_estamos.zip
Siempre_estas_ahi.zip
Para_ti_mas.zip
Lo_que_te_mereces.zip

W32/Anzae-C sets the following registry entry in order to run itself 
automatically on log-on:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Svchost
<Windows system folder>svchosl.pif

W32/Anzae-C also attempts to delete files from the computer it is 
running on. The following file extensions are at risk from deletion:

.asm
.htm
.html
.php
.asp
.css
.nfm
.dpr
.bdsproj
.pas
.reg
.mp3
.rar
.iso
.nrg
.wav
.doc
.xls
.mdb
.ppt
.rpt
.pdf
.bmp
.jpg
.jpeg
.gif
.pcx
.txt
.bat
.vbs
.log
.msi
.inf
.ini
.dot
.h
.c





Name   W32/Agobot-OD

Type  
    * Worm

How it spreads  
    * Network shares

Affected operating systems  
    * Windows

Side effects  
    * Turns off anti-virus applications
    * Allows others to access the computer
    * Steals information
    * Reduces system security
    * Installs itself in the Registry

Prevalence (1-5) 2

Description
W32/Agobot-OD is a network worm which also allows unauthorised remote 
access to the computer via IRC channels. It sets registry entries to 
ensure it is run on system restart.

W32/Agobot-OD may gather system information and attempt to kill 
processes.

Advanced
W32/Agobot-OD is a network worm which also allows unauthorised remote 
access to the computer via IRC channels.

W32/Agobot-OD copies itself to the Windows system folder as svchostt.exe 
and attempts to create entries in the registry at the following 
locations to run itself on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

W32/Agobot-OD also attempts to kill over four hundred anti-virus and 
security-related processes, including:

Sweep95.EXE
SweepNet.SWEEPSRV.SYS.SWNETSUP.EXE
Mcshield.EXE
avpm.EXE
f-stopw.EXE
BlackICE.EXE

W32/Agobot-OD may attempt to copy itself to network shares with weak 
passwords and to spread to computers using the DCOM RPC and the RPC 
locator vulnerabilities.

These vulnerabilities may allow the worm to execute its code on target 
computers with System level privileges. For further information on these 
vulnerabilities and for details on how to protect/patch the computer 
against such attacks please see Microsoft security bulletins MS03-026 
and MS03-001.

The worm also attempts to terminate processes related to W32/Blaster-A 
and its variants, e.g. MSBLAST.EXE, PENIS32.EXE and DLLHOST.EXE.

W32/Agobot-OD may attempt to access information about programs that 
could be on the machine (such as installation keys) by scanning the 
registry.

W32/Agobot-OD may attempt various Distributed Denial of Service attacks.





Name   W32/Favsin-A

Type  
    * Worm

How it spreads  
    * Email attachments
    * Peer-to-peer

Affected operating systems  
    * Windows

Side effects  
    * Sends itself to email addresses found on the infected computer
    * Drops more malware
    * Forges the sender's email address
    * Uses its own emailing engine
    * Installs itself in the Registry

Prevalence (1-5) 2

Description
W32/Favsin-A is a peer-to-peer and email worm for the Windows platform.

When first run W32/Favsin-A copies itself to the Windows system folder 
with the filenames NvCpl.exe and Dong_Shi.exe.

W32/Favsin-A harvests email addresses from the Windows address book and 
from files on the hard disk.

W32/Favsin-A displays a popup window with the text "No Windows. Yes 
doors and holes."

The worm drops a file named YanZi.vbs into the current folder and runs 
it. Several JPG files are dropped into the current user's temp folder 
with filenames SuN<digit>.JPG and SuN<digit>.tmp. The VBS file creates 
and runs a file named SUN.EXE which displays one of the JPG images.

Advanced
W32/Favsin-A is a peer-to-peer and email worm for the Windows platform.

When first run W32/Favsin-A copies itself to the Windows system folder 
with the filenames NvCpl.exe and Dong_Shi.exe and creates the following 
registry entry in order to run itself when a user logs on:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
NvCpl = "<Windows system folder>\NvCpl.exe"

The worm also creates copies of itself into any folder with a path that
contains "shar" (eg C:\My Shared Folder\) with filenames from the 
following:

Sun_YanZi-Huai_Tian_Qi.mpg.exe
Sun_YanZi-I_am_not_sad.mp3.exe
Sun_YanZi-Leave_me_alone.mp3.exe
Sun_YanZi-Mei_You_Ren_De_Fang_Xiang.avi.exe
Sun_YanZi-Shen_Qi.exe
Sun_YanZi-Tao_Wang.mpeg.exe
SunYanZi.mp3.exe
YanZi.Mp3.exe
YanZi_SuN-forever.mp3.exe

W32/Favsin-A harvests email addresses from the Windows address book and 
from files with the following file extensions:

ADB
ASP
DBX
DOC
HTM
HTML
JSP
RTF
TXT
XML

The email sent by W32/Favsin-A has the following characteristics:

Subject lines:

Great_Asia_Singer
Sun_YanZi
Sun_YanZi_HayranI
Asia_Singer
Sun-YanZi
Sun_Yan_Zi
Stefanie Sun Yanzi
Hoscakal
Sun_YanZi_Hayrani
Sun-YanZi-Mp3-Archive
I_hate_Spyware
SuN_YanZi_innocent
Forever Sun Yanzi

Message bodies:

You must to listen Sun Yanzi. I am enjoying to listen Sun YanZi.

I want to meet Sun YanZi. I am loving Sun-YanZi's Magic. Call me YanZi. 
But you don't contact me(Turkiye).

My Favourite Singer is Stefanie Sun Yanzi

I want to see Sun YanZi. Call me Sun Yan Zi ;)

I can not contact you. Because, I am far to you(Turkiye)

Please listen to me Stefanie Sun Yanzi.

Attachment filenames: (with extensions PIF, SCR or ZIP)
Sun_YanZi
Huai_Tian_Qi
Sun_Yanzi_Mp3
Great_Asia_Singer
World_Tour_Sun_YanZi

W32/Favsin-A displays a popup window with the text "No Windows. Yes 
doors and holes."

The worm drops a file named YanZi.vbs into the current folder and runs 
it. Several JPG files are dropped into the current user's temp folder 
with filenames SuN<digit>.JPG and SuN<digit>.tmp. The VBS file creates 
and runs a file named SUN.EXE which displays one of the JPG images.





Name   Troj/Swizzor-BQ

Type  
    * Trojan

Affected operating systems  
    * Windows

Side effects  
    * Downloads code from the internet

Aliases  
    * TrojanDownloader.Win32.Swizzor.bo

Prevalence (1-5) 2

Description
Troj/Swizzor-BQ is a downloader Trojan.

Troj/Swizzor-BQ attempts to download and run executable files without 
the user's consent.

Troj/Swizzor-BQ installs itself as a Browser Help Object (BHO).

Advanced
Troj/Swizzor-BQ is a downloader Trojan.

Troj/Swizzor-BQ attempts to download and run executable files without 
the user's consent.

In order to run automatically when Internet Explorer starts, 
Troj/Swizzor-BQ installs itself as a Browser Help Object and sets the 
following registry entries:

HKCR\CLSID\(CLSID)\InprocServer32
(Default)
<path to Trojan DLL>

HKCR\CLSID\(CLSID)\InprocServer32
ThreadingModel
Apartment

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects
(CLSID)

where the CLSID value is based on the infected computer.





Name   Troj/Banker-AM

Type  
    * Trojan

Affected operating systems  
    * Windows

Side effects  
    * Steals credit card details
    * Steals information
    * Reduces system security
    * Installs itself in the Registry

Prevalence (1-5) 2

Description
Troj/Banker-AM is a Trojan that steals bank details.

Advanced
Troj/Banker-AM is a Trojan that steals bank details.

In order to run automatically on login the Trojan copies itself to the 
file svhost.exe in the Windows folder and adds the following registry 
entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Shell =
C:\Windows\svhost.exe

Troj/Banker-AM installs itself as an Internet Explorer plugin in order 
to monitor the URLs visited by the user. When one of a specific set of 
banking-related URLs is visited, the Trojan logs all inputted details 
and submits them to the author using a PHP script on a preconfigured web 
site.

 
--- MultiMail/Win32 v0.43
 * Origin: Try Our Web Based QWK: DOCSPLACE.ORG (1:123/140)