Vous êtes sur la page 1sur 3

Top 10 viruses in February 2010

1) Troj/Invo-Zip
Category: Viruses and Spyware
Type: Trojan
Information:
Troj/Invo-Zip is a family of zip files that contain malware.
Members of Troj/Invo-Zip are usually sent in spam pretending to relate
to an invoice or receipt, often one related to a UPS transaction or to tax.

2) W32/Netsky-P
Aliases: Win32/Netsky.Q
WORM_NETSKY.P
Category: Viruses and Spyware
Type: Worm
Information:
W32/Netsky-P is a mass-mailing worm which spreads by emailing
itself to addresses harvested from files on the local drives. W32/Netsky-P
attempts to delete registry entries which may be set by variants of the
W32/Mydoom and W32/Bagle worms. W32/Netsky-P also creates a
number of the TMP files in the Windows folder: base64.tmp, zip1.tmp,
zip2.tmp, zip3.tmp, zipped.tmp.

3) Mal/EncPk-EI
Aliases: Trojan:Win32/Tibs.gen!G
Category: Viruses and Spyware
Type: Malicious Behavior
Information:
Mal/EncPk-EI is a malicious packed executable file. These files
are often seen inside zips in spam claiming to be an invoice or receipt,
often related to tax or to a UPS order. This file is typically a member of
the Zbot family of malware. These files may also be seen in relation to
fake anti-virus software, which gives exaggerated warnings about
infections on the user's computer.

4) Troj/Pushdo-Gen
Category: Viruses and Spyware
Type: Trojan
Information:
Troj/Pushdo-Gen is a family of Trojans for the Windows platform.
When members of Troj/Pushdo-Gen are installed they drop and run a
further file in memory, usually detected as Troj/Pushu-Gen or
Mal/Basine-C. This may then drop further files, including some of the
following:

<Windows>\system32\drivers\ip6fw.sys
<Windows>\system32\drivers\netdtect.sys
<System>\drivers\runtime.sys
<System>\drivers\secdrv.sys

These files are used to provide stealthing for the Trojan. The dropped file
in memory will also often attempt to inject further code into Internet
Explorer.

5) Troj/Agent-HFU
Category: Viruses and Spyware
Type: Trojan
Information:
Troj/Agent-HFU copies itself to <System>\userinit.exe. It renames
the original userinit.exe to userini.exe.

6) Mal/Iframe-E
Category: Viruses and Spyware
Type: Malicious Behavior
Information:
Mal/Iframe-E detects email files that attempt to run malicious files.

7) Troj/Mdrop-BTV
Category: Viruses and Spyware
Type: Trojan
Information:
Troj/Mdrop-BTV drops <System>\<Random name>.sys which is
detected as Troj/Pushu-Gen.

8) Troj/Mdrop-BUF
Category: Viruses and Spyware
Type: Trojan
Information:
Affects windows operating system. Changes registry entries and
system files.

9) Troj/Agent-HFZ
Category: Viruses and Spyware
Type: Trojan
Information:
When Troj/Agent-HFZ is installed the following files are created:

<System>\ntos.exe - copy of Troj/Agent-HFZ


<System>\wsnpoem\audio.dll - empty file, can be safely deleted
<System>\wsnpoem\video.dll - empty file, can be safely deleted

The following registry entry is changed to run ntos.exe on startup:


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,<System>\ntos.exe,

10) Trojan.Lodear
Category: Viruses and Spyware
Type: Trojan
Information:
A Trojan that attempts to download remote files. It will inject a .dll
file into the EXPLORER.EXE process causing system instability.

Sumit Nalawade.
S.E.I.T.

Source: www.sophos.com
www.kootenaywebweaver.com