Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 8:08pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Mapson.D, Darby.A, Apdoor.B, Daol.A and Surfbar		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Mapson.D, Darby.A, Apdoor.B, Daol.A and Surfbar  (Read 369 times)
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2913
Mapson.D, Darby.A, Apdoor.B, Daol.A and Surfbar
« on: Sep 19th, 2003, 9:48pm »		 Quote Quote  Modify Modify
A few new variants, plus a good ol' macro virus and a BHO...
 
Mapson.D is a dangerous worm that spreads via e-mail, through peer-to-peer (P2P) file sharing programs, and via IRC channels. It ends many processes belonging to Windows, such as system tools as well as antivirus and firewall programs. By doing this, the worm leaves the  infected computer vulnerable to attack from other viruses and worms.
 
On Windows NT computers, Mapson.D starts a Telnet session with the user GEDZAC, which is given local administrator rights by the worm. This allows Mapson.D to validate the IP addresses received.
 
Darby.A is a virus that shares characteristics with worms and, like Mapson.D, spreads via e-mail, through peer-to-peer file sharing (P2P) programs and via IRC. It also ends processes belonging to several antivirus programs and other applications, such as firewalls and system monitoring tools.  
 
Darby.A infects Word's global template (NORMAL.DOT file) and Excel's template (TEMPLATE.XLS file). All the Word documents and Excel spreadsheets based on these templates will then be infected. In addition, Darby.A disables the macro editing tools incorporated in these programs.
 
Apdoor.B is a backdoor that allows hackers to gain remote access to the affected computer. In order to do so, it connects to an IRC server and joins a predefined channel. Once it is connected, a hacker can remotely access the computer in order to launch denial of service (DoS) attacks against other computers.
 
Daol.A is a virus that exploits the 'Internet zone' and 'MHTML' vulnerabilities in order to enter a PC and run itself. This malicious code infects files with EXE, SCR, ASP, PLG, HTM, HTML, VBS and VBE extensions. When the infected file has an ASP, PLG, HTM, HTML, VBS or VBE extension, Daol.A encodes the original content of the file.  
 
Surfbar exploits the 'Internet Explorer Object Data Remote Execution' vulnerability to reach the computer and then create directories with different links to web pages, most of them with pornographic content. In addition, Surfbar changes the home page of the Internet Explorer browser.
IP Logged
... but crap arrives pretty much straight away.
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register