The nature of malware infections has changed during the past years. A long time ago, malware and viruses were spread in much less sophisticated ways. (1) Times are not the same anymore because malware authors constantly invent new intellectual ways to compromise machines.


New rogue: HomeAntivirus 2009

by LS Anders on April 21st, 2009 in Rogues.

HomeAntivirus 2009 uses many of the normal rogue behaviors. First and foremost, it puts plenty of garbage files on the system that it then detects as malware.

 

 

 

 

 

 

 

 

 

 

 

 

 


0148.0014 is now available for Ad-Aware Anniversary Edition.


New Rogue: MalwareCleaner

by LS Anders on April 21st, 2009 in Rogues.

MalwareCleaner might at the first look not look like a rogue and it offers a “free of charge 60 day trial period”. However, once it is installed, the user will quickly notice that this really not is the case.  During the first scan it will find traces of malware on the machine.


0148.0013 is now available for Ad-Aware Anniversary Edition.


You may have seen the headlines last week about a series of worm attacks on Twitter. As we know that many of you use the site (and maybe even follow the team here at Lavasoft on it) we’d like to take a moment to clarify what it was and how you can stay safe.

 


The men behind The Pirate Bay were today found guilty of aiding and abetting illegal downloads of copyrighted materials via their BitTorrent Tracker site. The accused were all sentenced to one year's imprisonment by the Stockholm District Court.


New definitions:
====================
Win32.Trojan.FWBypass
Win32.Trojan.Hoster
Win32.Trojan.Murdak
Win32.Trojan.Ositki
Win32.TrojanDownloader.Angel
Win32.TrojanDownloader.Bloop

Updated definitions:
====================
Win32.Adware.Agent
Win32.Adware.BHO
Win32.Adware.Cinmus
Win32.Adware.GooochBiz
Win32.Backdoor.Agent
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Delf
Win32.Backdoor.Frauder
Win32.Backdoor.HacDef
Win32.Backdoor.Hupigon
Win32.Backdoor.Inject
Win32.Backdoor.IRCBot
Win32.Backdoor.Nepoe
Win32.Backdoor.NetDevil
Win32.Backdoor.Nethief
Win32.Backdoor.Padodor
Win32.Backdoor.Poison
Win32.Backdoor.Prorat
Win32.Backdoor.RBot
Win32.Backdoor.SDBot
Win32.Backdoor.Turkojan
Win32.Backdoor.VanBot
Win32.Backdoor.VB
Win32.Backdoor.Virtumonde
Win32.Backdoor.WootBot
Win32.Dialer.Trojan
Win32.FraudTool.Antispyware2008
Win32.FraudTool.Antivirus360
Win32.FraudTool.MalwareDefender2009
Win32.FraudTool.MSAntispyware2009
Win32.FraudTool.ProAntispyware2009
Win32.FraudTool.SpywareProtect2009
Win32.FraudTool.SystemSecurity
Win32.FraudTool.XPPoliceAntivirus
Win32.IMFlooder.VB
Win32.Monitor.Ardamax
Win32.Monitor.KGBSpy
Win32.Monitor.SCKeyLog
Win32.P2PWorm.Agent
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Kapucen
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Cafelom
Win32.Trojan.Cdur
Win32.Trojan.Chifrax
Win32.Trojan.Delf
Win32.Trojan.Dialer
Win32.Trojan.Downloader
Win32.Trojan.FakeAlert
Win32.Trojan.FlyStudio
Win32.Trojan.Gamania
Win32.Trojan.HackAV
Win32.Trojan.IFramer
Win32.Trojan.Inject
Win32.Trojan.Jevafus
Win32.Trojan.KillAV
Win32.Trojan.Kilva
Win32.Trojan.Loader
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Obfuscated
Win32.Trojan.Olmarik
Win32.Trojan.Pakes
Win32.Trojan.Peed
Win32.Trojan.PrcView
Win32.Trojan.Qhost
Win32.Trojan.Rabbit
Win32.Trojan.Renaz
Win32.Trojan.Small
Win32.Trojan.Spbot
Win32.Trojan.Spy
Win32.Trojan.Stuh
Win32.Trojan.SubSys
Win32.Trojan.TDSS
Win32.Trojan.Tibs
Win32.Trojan.Tiny
Win32.Trojan.VB
Win32.Trojan.Wigon
Win32.TrojanClicker.Agent
Win32.TrojanClicker.Delf
Win32.TrojanClicker.VB
Win32.TrojanDDoS.Agent
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Bhosta
Win32.TrojanDownloader.Boltolog
Win32.TrojanDownloader.CcKrizCry
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.LoadAdv
Win32.TrojanDownloader.Losabel
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.Zlob
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Aholic
Win32.TrojanDropper.Cingo
Win32.TrojanDropper.Delf
Win32.TrojanDropper.Flystud
Win32.TrojanDropper.Frijoiner
Win32.TrojanDropper.Microjoin
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.Renos
Win32.TrojanDropper.Sality
Win32.TrojanDropper.Small
Win32.TrojanDropper.VB
Win32.TrojanDropper.Wlord
Win32.TrojanProxy.Glukelira
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Flystudio
Win32.TrojanPWS.IMMultiPass
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.MultiFirst
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Prostor
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.Steathie
Win32.TrojanPWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.WOW
Win32.TrojanRansom.Hexzone
Win32.TrojanRansom.SMSer
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banker2
Win32.TrojanSpy.Flux
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Proagent
Win32.TrojanSpy.Zbot
Win32.Worm.Allaple
Win32.Worm.Anilogo
Win32.Worm.AutoTDSS
Win32.Worm.Bagle
Win32.Worm.Brontok
Win32.Worm.Cekar
Win32.Worm.Downloader
Win32.Worm.Flooder
Win32.Worm.Fujack
Win32.Worm.Gaobot
Win32.Worm.Kolabc
Win32.Worm.Koobface
Win32.Worm.Mabezat
Win32.Worm.Mariofev
Win32.Worm.Mydoom
Win32.Worm.Padobot
Win32.Worm.Pinit
Win32.Worm.Polip
Win32.Worm.Rbot
Win32.Worm.Ridnu
Win32.Worm.Runfer
Win32.Worm.Runouce
Win32.Worm.Sohanad
Win32.Worm.Trafaret
Win32.Worm.Waledac
Win32.Worm.Vasor
Win32.Worm.VB
Win32.Worm.Viking

MD5 checksum is 94f074953733857ee7561f981d247719

New definitions:
====================
Win32.FraudTool.PantiSpyware09
Win32.TrojanDownloader.Gadja
Win32.TrojanDownloader.JLJB

Updated definitions:
====================
Win32.Adware.AdRotator
Win32.Adware.Agent
Win32.Adware.Cinmus
Win32.Adware.CnsMin
Win32.Adware.Ejik
Win32.Adware.NoName
Win32.Adware.PurityScan
Win32.Adware.SuperJuan
Win32.Adware.Virtumonde
Win32.Backdoor.Agent
Win32.Backdoor.Bifrose
Win32.Backdoor.ControlTotal
Win32.Backdoor.Delf
Win32.Backdoor.DsBot
Win32.Backdoor.EggDrop
Win32.Backdoor.Flyagent
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Iroffer
Win32.Backdoor.KeyStart
Win32.Backdoor.Lithium
Win32.Backdoor.Mesub
Win32.Backdoor.PcClient
Win32.Backdoor.Poison
Win32.Backdoor.RBot
Win32.Backdoor.SDBot
Win32.Backdoor.SkSocket
Win32.Backdoor.Small
Win32.Backdoor.Wallop
Win32.Backdoor.VanBot
Win32.Backdoor.VB
Win32.Backdoor.WinUoj
Win32.Backdoor.Virtumonde
Win32.Backdoor.WootBot
Win32.Backdoor.Zdoogu
Win32.Dialer.Agent
Win32.Dialer.Small
Win32.FraudTool.MSAntispyware2009
Win32.FraudTool.SpywareProtect2009
Win32.FraudTool.SystemProtector
Win32.FraudTool.SystemSecurity
Win32.Hacktool.Dialupass
Win32.Rootkit.Agent
Win32.Rootkit.Podnuha
Win32.Rootkit.Sinowal
Win32.Rootkit.Small
Win32.SpamTool.Agent
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.Alureon
Win32.Trojan.Bredolab
Win32.Trojan.Buzus
Win32.Trojan.Daonol
Win32.Trojan.Delf
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Obfuscated
Win32.Trojan.Oliga
Win32.Trojan.Peed
Win32.Trojan.Rabbit
Win32.Trojan.Regdis
Win32.Trojan.Renaz
Win32.Trojan.Rkproc
Win32.Trojan.Skintrim
Win32.Trojan.Small
Win32.Trojan.Spy
Win32.Trojan.StartPage
Win32.Trojan.Stuh
Win32.Trojan.TDSS
Win32.TrojanClicker.Agent
Win32.TrojanClicker.Delf
Win32.TrojanClicker.Klik
Win32.TrojanClicker.Small
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.Fload
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Suurch
Win32.TrojanDownloader.Zlob
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Cingo
Win32.TrojanDropper.Small
Win32.TrojanDropper.Zenith
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Delf2
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.QuickBatch
Win32.TrojanPWS.VB
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Goldun
Win32.TrojanSpy.Zbot
Win32.Worm.Bobic
Win32.Worm.Brontok
Win32.Worm.Fabot
Win32.Worm.Fujack
Win32.Worm.Iksmas
Win32.Worm.Kido
Win32.Worm.Kolabc
Win32.Worm.Koobface
Win32.Worm.Socks
Win32.Worm.Sohanad
Win32.Worm.Zhelatin

MD5 checksum is 42fdec1badc56ad34c9891b706ec32e2

PAntispyware09 is a new rogue anti-spyware application and a clone of MsAntispyware2009. It will give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove threats which do not exist.