4105 BAT/TrojanDownloader.Ftp.NDK, BAT/TrojanDownloader.Ftp.NDL, PDF/Exploit.Pidief.OND, PDF/Exploit.Pidief.ONE, VBS/Naiad.O, W97M/Exploit.Agent.K, Win32/Adware.AntiSpyware2008 (2), Win32/Adware.BHO.NCX, Win32/Adware.Coolezweb (6), Win32/Adware.Coolezweb.AB (2), Win32/Adware.Coolezweb.AC (2), Win32/Adware.SpywareProtect2009, Win32/Adware.SystemSecurity (3), Win32/Adware.WinPCDefender (3), Win32/Agent.AFTS, Win32/Agent.HLU, Win32/Agent.NGL (3), Win32/Agent.OOJ, Win32/Agent.PLS (2), Win32/Agent.PLT (4), Win32/Agent.PLU, Win32/Agent.PLV (2), Win32/Agent.PLW (2), Win32/Agent.PLX, Win32/Agent.PLY (2), Win32/AntiAV.AZQ, Win32/AntiAV.NAN (2), Win32/AutoRun.Agent.OF, Win32/AutoRun.FakeAlert.BP, Win32/AutoRun.FlyStudio.JY, Win32/AutoRun.FlyStudio.JZ, Win32/AutoRun.IRCBot.AJ (3), Win32/AutoRun.IRCBot.Q, Win32/AutoRun.KS (3), Win32/BHO.NPI, Win32/Boberog.AB, Win32/Delf.ODU, Win32/Delf.OIX, Win32/FakeInit.M [...]
Posts under ‘Botnet’
4104
4104 BAT/Agent.MO, IRC/SdBot, PDF/Exploit.Pidief.ONC, Win32/Adware.Virtumonde.NFD, Win32/Agent.OSE (2), Win32/AutoRun.FakeAlert.BN, Win32/AutoRun.FakeAlert.BO (2), Win32/AutoRun.FlyStudio.JX, Win32/AutoRun.VB.DO (2), Win32/Delf.NSE, Win32/Hupigon.NCT, Win32/Injector.MW, Win32/LockScreen.M, Win32/Mebroot.Z, Win32/Pacex, Win32/PcClient, Win32/PSW.OnLineGames.NMP (2), Win32/PSW.OnLineGames.NMY (4), Win32/PSW.OnLineGames.NNU (2), Win32/PSW.OnLineGames.ODJ, Win32/Spy.Banker.QYI, Win32/Spy.Banker.QYJ (2), Win32/Spy.Banker.QYK, Win32/Spy.Zbot.JF (2), Win32/Spy.Zbot.NJ (2), Win32/TrojanClicker.Agent.NEB, Win32/TrojanDownloader.FakeAlert.ACQ (2), Win32/VB.OEP (4) URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6070&Itemid=26
4102
4102 BAT/Autorun.AE (6), BAT/Qhost.NBO, BAT/TrojanDownloader.Ftp.NDJ, PDF/Exploit.Pidief.ONA (2), PDF/Exploit.Pidief.ONB (2), PDF/Exploit.Pidief.ONC, Win32/Adware.Agent.NMG (2), Win32/Adware.Antivirus2008, Win32/Adware.Coolezweb (5), Win32/Adware.InternetAntivirus (4), Win32/Adware.PersonalAntivirus (3), Win32/Adware.SystemSecurity (6), Win32/Adware.Virtumonde, Win32/Agent.NWM (7), Win32/Agent.NYH (2), Win32/Agent.PIH, Win32/Agent.WPI, Win32/Alman.C (2), Win32/Alman.NAB, Win32/AntiAV.NAM (4), Win32/Autoit.FL (2), Win32/AutoRun.Agent.ME, Win32/AutoRun.Agent.OD, Win32/AutoRun.Agent.OE (2), Win32/AutoRun.FakeAlert.AF, Win32/AutoRun.VB.CF, Win32/AutoRun.VB.DM (2), Win32/Bagle.RE (3), Win32/Bagle.RF (2), Win32/BHO.NOR, Win32/BHO.NOS (2), Win32/Delf.NSE, Win32/Delf.OIV (2), Win32/Delf.OIW (3), [...]
4101
4101 BAT/StartPage.NAT (2), BAT/TrojanDownloader.Ftp.NDI, INF/Autorun, IRC/SdBot, Win32/Adware.Antivirus2008 (2), Win32/Adware.BHO.Delf.GMK, Win32/Adware.BHO.NCX, Win32/Adware.Coolezweb (4), Win32/Adware.SystemSecurity (15), Win32/Adware.Virtumonde.NEK, Win32/Adware.WinPCDefender (4), Win32/Agent.NXT, Win32/Agent.PGA (2), Win32/Agent.PLO, Win32/Agent.PLP (3), Win32/Agent.PLQ (2), Win32/AntiAV.AZQ (2), Win32/AntiAV.NAL (2), Win32/Autoit.DK, Win32/AutoRun.Agent.IE (2), Win32/AutoRun.Delf.AK, Win32/AutoRun.FakeAlert.AF, Win32/AutoRun.FakeAlert.M, Win32/AutoRun.FlyStudio.JW, Win32/AutoRun.IRCBot.H, Win32/AutoRun.IRCBot.S, Win32/AutoRun.VB.CC, Win32/Bagle.RD, Win32/BHO.NPG (4), Win32/BHO.NPH (3), Win32/Conficker.V, Win32/Conficker.X (3), Win32/Delf.NFU (5), Win32/Delf.ODU, Win32/Dialer.NHO (2), Win32/IRCBot.AMC, Win32/KillAV.NDS (2), [...]
4100
4100 Win32/Agent.PIG, Win32/AutoRun.Agent.EU, Win32/AutoRun.Autoit.AK (2), Win32/AutoRun.FlyStudio.JV, Win32/Bagle.RD (2), Win32/FlyStudio.NLZ (3), Win32/IRCBot, Win32/Koobface.NBG, Win32/PSW.OnLineGames.NRD, Win32/PSW.OnLineGames.OJZ, Win32/PSW.WOW.NKK (2), Win32/Rootkit.Agent.NLY, Win32/Spy.Bancos.NLY, Win32/Spy.Banker.PJX, Win32/Spy.Zbot.BK, Win32/Spy.Zbot.GM, Win32/Spy.Zbot.RF, Win32/Spy.Zbot.RG, Win32/Spy.Zbot.RH, Win32/Tifaut.A (3), Win32/Tifaut.C (3), Win32/TrojanDropper.Agent.OAY (2) URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6066&Itemid=26
IIS admins, help finding WebDAV remotely using nmap, (Sun, May 24th)
IIS admins, help finding WebDAV remotely using nmap, (Sun, May 24th) If you are concerned about the recent IIS 6.0 WebDav Remote Auth Bypass vulnerability, you will be interested on detecting if you are running WebDAV and if you are vulnerable. You can do that locally or remotelly. I can identify scenarios were both methods [...]
4098
4098 ALS/Bursted.B, BAT/StartPage.NAT (2), INF/Autorun (7), IRC/SdBot, JS/TrojanDownloader.Agent.NQB (3), Win32/Adware.PersonalAntivirus (3), Win32/Adware.SystemSecurity (3), Win32/Adware.Virtumonde, Win32/Agent.OLA, Win32/Agent.PEZ, Win32/Agent.PLL (2), Win32/Agent.PLM (2), Win32/AntiAV.NAC, Win32/Autoit.FU (2), Win32/AutoRun.FlyStudio.JT, Win32/AutoRun.FlyStudio.JU, Win32/Bagle.RD (4), Win32/BHO.NOR, Win32/BHO.NPE, Win32/BHO.NPF, Win32/Delf.OGS, Win32/Delf.OIU (2), Win32/DNSChanger.NAQ (2), Win32/FlyStudio.NLY (2), Win32/Hupigon, Win32/Injector.OV, Win32/Koobface.FX (2), Win32/Koutodoor.G, Win32/Koutodoor.R (2), Win32/Koutodoor.W (2), Win32/LockScreen.K (2), Win32/LockScreen.L (2), Win32/Olmarik.HG (4), Win32/Pacex.Gen, Win32/Peerfrag.BA (3), [...]
4097
4097 BAT/TrojanDownloader.Ftp.NDH (2), HTML/TrojanClicker.IFrame.NAO (3), HTML/TrojanDownloader.IFrame (3), INF/Autorun (2), JS/Exploit.Agent.NAJ (2), JS/Exploit.Agent.NAK (2), JS/Exploit.Agent.NAL (3), JS/Exploit.Agent.NAM (4), JS/Exploit.Agent.NAN (2), JS/Exploit.Pdfka.NKB (3), JS/Exploit.Pdfka.NKC (3), JS/Exploit.RealPlay.EL (2), JS/Exploit.RealPlay.NBM, JS/Exploit.RealPlay.NBN (2), JS/Exploit.RealPlay.NBO (2), JS/Exploit.RealPlay.NBP (2), JS/Exploit.RealPlay.NBQ (2), JS/Exploit.RealPlay.PL (4), JS/TrojanDownloader.Iframe.NEN, JS/TrojanDownloader.Iframe.NEO (2), JS/TrojanDownloader.Iframe.NEP (2), JS/TrojanDownloader.Psyme.ABS, JS/TrojanDownloader.Psyme.NFG, JS/TrojanDownloader.Psyme.NFH, JS/TrojanDownloader.Psyme.NFI, JS/TrojanDownloader.Psyme.NFJ, JS/TrojanDownloader.Psyme.NFK (2), JS/TrojanDownloader.Small.NBX (2), PDF/Exploit.Pidief.AVJ, PDF/Exploit.Pidief.OMZ, VBS/EjectCD.B, Win32/Adware.BHO.NCX, Win32/Adware.Coolezweb [...]
4096
4096 JS/Exploit.RealPlay.NBK (2), JS/Exploit.RealPlay.NBL (2), JS/TrojanDownloader.Agent.NQG (2), JS/TrojanDownloader.Agent.NQH, JS/TrojanDownloader.Iframe.NEM, JS/TrojanDownloader.Psyme.NFD, JS/TrojanDownloader.Psyme.NFE, JS/TrojanDownloader.Psyme.NFF, Win32/Daonol.D, Win32/Delf.ODU (2), Win32/Koobface.FX, Win32/Koutodoor.G, Win32/Koutodoor.R, Win32/Kryptik.JQ, Win32/PSW.Delf.NPK (2), Win32/PSW.Delf.NPL (2), Win32/Qhost.NJG, Win32/SpamTool.Agent.NCR (2), Win32/Spy.Banbra.NPM (2), Win32/Spy.Banbra.NPN (2), Win32/Spy.Banker.EDY, Win32/Spy.Banker.KSO, Win32/Spy.Banker.PJV, Win32/Spy.Banker.PJW (2), Win32/Spy.Banker.PPH, Win32/Spy.Banker.QNJ (2), Win32/Spy.Banker.QSF, Win32/Spy.Banker.QYE (2), Win32/Spy.Zbot.JF, Win32/TrojanDownloader.Delf.OYF (3), Win32/TrojanDownloader.Small.EIR, Win32/Waledac.JQ URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6060&Itemid=26
4094
4094 BAT/KillWin.NAN (3), BAT/Qhost.NBG, BAT/Qhost.NBN (3), BAT/StartPage.NAV (4), BAT/StartPage.NAW (5), IRC/SdBot, JS/Exploit.Pdfka.NKA (6), PDF/Exploit.Pidief.OMY, SWF/TrojanDownloader.Agent.BB, SWF/TrojanDownloader.Agent.NAW (2), Win32/Adware.AntiSpyware2008, Win32/Adware.BHO.GMI, Win32/Adware.BHO.NCX, Win32/Adware.Coolezweb (4), Win32/Adware.PersonalAntivirus (4), Win32/Adware.PrivacyComponents (5), Win32/Adware.SpywareProtect2009, Win32/Adware.SystemSecurity (4), Win32/Adware.Virtumonde (2), Win32/Adware.Virtumonde.NDH, Win32/Adware.WinPCDefender (4), Win32/Agent.NWW, Win32/Agent.NXT (8), Win32/Agent.OAF, Win32/Agent.PLF, Win32/Agent.PLG, Win32/AutoRun.ADR, Win32/AutoRun.Agent.FC, Win32/AutoRun.Autoit.AK, Win32/AutoRun.Autoit.P, Win32/AutoRun.FlyStudio.JN, Win32/BHO.NOE, Win32/BHO.NOR, Win32/BHO.NPD (4), Win32/Cimag.AL, Win32/Daonol.C (4), Win32/Delf.ODU (2), Win32/Dialer.NHM [...]
4093
4093 BAT/Qhost.NBM, JS/Exploit.Pdfka.NJZ (2), PDF/Exploit.Pidief.OMV, PDF/Exploit.Pidief.OMW, PDF/Exploit.Pidief.OMX, Win32/Adware.Cinmus, Win32/Adware.PrivacyComponents, Win32/Adware.Virtumonde (3), Win32/Agent.NYG (4), Win32/Agent.OKU, Win32/Agent.PKQ, Win32/Agent.PLE (2), Win32/AutoRun.Delf.BX, Win32/AutoRun.IRCBot.AH, Win32/BHO.NOV, Win32/Daonol.C (4), Win32/DNSChanger.NAP, Win32/FlyStudio.NLT (5), Win32/Fujacks.BK, Win32/Injector.NU (2), Win32/Injector.ON, Win32/Koutodoor.R (2), Win32/Kryptik.LT, Win32/Kryptik.PD, Win32/Kryptik.PI, Win32/Kryptik.PJ, Win32/Kryptik.PK, Win32/Kryptik.PX, Win32/PSW.Agent.NLN (3), Win32/PSW.OnLineGames.OFX (2), Win32/PSW.OnLineGames.OIW (2), Win32/Qhost (2), Win32/Qhost.NJK, Win32/Rustock.NIK, Win32/Small.NDV (2), Win32/Sohanad.NCB, Win32/Spy.Agent.NNV (2), Win32/Spy.Zbot.RC, Win32/StartPage.NJS, Win32/Tinxy.AD, [...]
4092
4092 BAT/Agent.NAC (4), BAT/StartPage.NAT (2), INF/Autorun, IRC/SdBot, PDF/Exploit.Pidief.OLC, PDF/Exploit.Pidief.OMU, W97M/TrojanDropper.Agent.NBW, Win32/Adware.Agent.NMR (3), Win32/Adware.Antivirus2008 (2), Win32/Adware.BHO.GRW, Win32/Adware.BHO.NCX, Win32/Adware.Cinmus, Win32/Adware.Coolezweb (14), Win32/Adware.InternetAntivirus, Win32/Adware.MoKeAD (2), Win32/Adware.PrivacyComponents, Win32/Adware.SystemSecurity (2), Win32/Adware.Virtumonde, Win32/Adware.Virtumonde.NDH, Win32/Agent.NNM (2), Win32/Agent.NYF (2), Win32/Agent.OXU (3), Win32/Agent.PHX, Win32/Agent.PIS, Win32/Agent.PLC, Win32/Agent.PLD (3), Win32/Agent.WPI, Win32/Agent.Y, Win32/Autoit.NDN, Win32/Autoit.NDO, Win32/AutoRun.ABH, Win32/AutoRun.Agent.FC, Win32/AutoRun.Agent.OA, Win32/AutoRun.Agent.OB, Win32/AutoRun.Delf.BZ (3), Win32/AutoRun.FlyStudio.JL, Win32/AutoRun.FlyStudio.JM (2), Win32/AutoRun.IRCBot.Q, Win32/BHO.NOR, Win32/BHO.NPB (2), [...]
Java, Serial, and an Apple , (Wed, May 20th)
Breakfast: Java, Serial, and an Apple , (Wed, May 20th) According to Julien Tinnes in the CR0 Blog, it appears that Apple’s recent security update failed to fix a Java flaw that was reported to Sun back in August 2008 and patched by Sun way back in December 2008. The upshot: according to the blog [...]
4091
4091 IRC/SdBot (2), W97M/Exploit.Agent.NAE, W97M/TrojanDropper.Agent.NBU, W97M/TrojanDropper.Agent.NBV, Win32/Adware.Agent.NMS, Win32/Adware.Coolezweb, Win32/Adware.GooochiBiz, Win32/Adware.MoKeAD (4), Win32/Adware.PersonalAntivirus (8), Win32/Adware.PrivacyComponents, Win32/Adware.SystemSecurity (4), Win32/Agent.NGC, Win32/Agent.NOV, Win32/Agent.NXT, Win32/Agent.PKT (2), Win32/Agent.PKY (2), Win32/Agent.PKZ, Win32/Agent.PLA (3), Win32/Agent.PLB, Win32/AntiAV.AZQ (2), Win32/AntiAV.NAC (2), Win32/AntiAV.NAJ, Win32/AutoRun.ABH (4), Win32/AutoRun.Agent.EU, Win32/AutoRun.Agent.FN, Win32/AutoRun.Agent.NZ (4), Win32/AutoRun.FakeAlert.AF (2), Win32/AutoRun.FlyStudio.JK, Win32/BHO.NOR, Win32/Buzus.BAEG, Win32/Delf.NSE, Win32/Delf.ODU, Win32/Delf.OIS, Win32/Delf.OIT (2), Win32/Exploit.MS08-067.BT, Win32/Flyagent.NAU, Win32/FlyStudio.NLQ, Win32/FlyStudio.NLR, Win32/FlyStudio.NLS, Win32/FraudTool.GameBot.A, Win32/Hupigon.NOS, [...]
Gone With the WINS – Part II, (Wed, May 20th)
Follow the Bouncing Malware: Gone With the WINS – Part II, (Wed, May 20th) Imagine, if you will, that you’re the newest contestant on the latest reality-tv show, Idle American Apprentice to the Dancing Bachelorette Stars. Like all good reality shows (now there’s an oxymoron…), you have the opportunity to earn your way to be [...]
