http://totaldefense.com/malware-information-center.aspx LATEST ADVISORIES VIRUSES support@totaldefense.com en-us New malware emerged recently attacking Android (and Windows via USB). Main capabilities: Steals information and downloads files File size: 330,984 bytes File type: APK This malware comes up being a "system solution" that supposedly assists with accelerating your system. Right after set up, it displays an image launcher. After the harmful application is launched, the user will discover its homescreen. The application offers a number of different “clean options” for the user to select, however they really practically do nothing at all other than display an activity bar. Concurrently, the malware begins a service that is harmful throughout the background. It signs up a location listener to gather as well as upload location details via HTTP to a server. It additionally gets instructions from a C&C server. The protocol utilized by the malware to communicate to the C&C server is a unique one. The malware executes a number of functionalities: •Send and Delete SMS messages •Steal contact information •Track location via GPS device •Make phone calls •Execute commands Why is this malware special is the control usb-autorun-attack. Following this control the malware will down load a few files from its server and also save them with inside the SD card. Among the files saved is a traditional Windows auto-run malware thus when the user chooses the USB setting on the cellular device and attaches with a Windows platform, the auto-run malware will operate instantly on Windows. This auto-run is made to record voice and report to the server. http://totaldefense.com/virusinfo/virus.aspx?id=191757 http://totaldefense.com/virusinfo/virus.aspx?id=191757 The worm is written in Visual Basic using complicated encryption engine. It allocates memory, decrypts code and proceeds to work in decrypted blocks. When a USB drive is inserted or network drive shares are available, the worm changes the attributes of directories and files with following extensions creates EXE files named after the hidden objects. Unlike previous variants of the worm that create files with double extension, these names are not catched by existing detection by name but is done at upper level of the directory structure, not recursively. http://totaldefense.com/virusinfo/virus.aspx?id=191756 http://totaldefense.com/virusinfo/virus.aspx?id=191756 Win32/Nechiod.A Trojan attempts to download and execute malicious files from remote location. http://totaldefense.com/virusinfo/virus.aspx?id=191750 http://totaldefense.com/virusinfo/virus.aspx?id=191750 Win32/Kuluoz.BN Trojan is basically downloader that attempts to be backdoor server. It attempts to download various files like password stealers and rogue security malware (from Win32/FakeAV and Win32/Winwebsec). http://totaldefense.com/virusinfo/virus.aspx?id=191751 http://totaldefense.com/virusinfo/virus.aspx?id=191751 “Win32/DistTrack.A” is detection for the Trojan that steals system information and overwrites the Master boot record and other system files, so that the user cannot access the system. http://totaldefense.com/virusinfo/virus.aspx?id=191752 http://totaldefense.com/virusinfo/virus.aspx?id=191752 Win32/Disttrack.B steals system information and connects to the remote server to download other malicious files. This Trojan is dropped by the Win32/Disttrack.A which overwrites the Master boot record and other system files, so that user cannot access the system. http://totaldefense.com/virusinfo/virus.aspx?id=191753 http://totaldefense.com/virusinfo/virus.aspx?id=191753 Java/CVE-2011-3544!exploit is a Trojan Java applet stored within a Java Archive (.JAR) file. Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the Scripting sub-component. The issue occurs because the Java Scripting Engine does not properly handle Rhino JavaScript errors. This can result in unprivileged code running in a privileged context. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27 http://totaldefense.com/virusinfo/virus.aspx?id=191749 http://totaldefense.com/virusinfo/virus.aspx?id=191749 Java/CVE-2011-3544!exploit is a Trojan Java applet stored within a Java Archive (.JAR) file. Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the Scripting sub-component. The issue occurs because the Java Scripting Engine does not properly handle Rhino JavaScript errors. This can result in unprivileged code running in a privileged context. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27 http://totaldefense.com/virusinfo/virus.aspx?id=191749 http://totaldefense.com/virusinfo/virus.aspx?id=191749 Java/CVE-2011-3544!exploit is a Trojan Java applet stored within a Java Archive (.JAR) file. Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the Scripting sub-component. The issue occurs because the Java Scripting Engine does not properly handle Rhino JavaScript errors. This can result in unprivileged code running in a privileged context. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27 http://totaldefense.com/virusinfo/virus.aspx?id=191749 http://totaldefense.com/virusinfo/virus.aspx?id=191749 Java/CVE-2011-3544!exploit is a Trojan Java applet stored within a Java Archive (.JAR) file. Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the Scripting sub-component. The issue occurs because the Java Scripting Engine does not properly handle Rhino JavaScript errors. This can result in unprivileged code running in a privileged context. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27 http://totaldefense.com/virusinfo/virus.aspx?id=191749 http://totaldefense.com/virusinfo/virus.aspx?id=191749 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191730 http://totaldefense.com/virusinfo/virus.aspx?id=191730 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191730 http://totaldefense.com/virusinfo/virus.aspx?id=191730 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191730 http://totaldefense.com/virusinfo/virus.aspx?id=191730 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191730 http://totaldefense.com/virusinfo/virus.aspx?id=191730 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191731 http://totaldefense.com/virusinfo/virus.aspx?id=191731 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191731 http://totaldefense.com/virusinfo/virus.aspx?id=191731 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191731 http://totaldefense.com/virusinfo/virus.aspx?id=191731 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191731 http://totaldefense.com/virusinfo/virus.aspx?id=191731 The Win32/Bancos family name is used to describe many varied trojans, which all share one common feature - they attempt to steal sensitive information that can be used to gain unauthorized access to bank accounts via Internet Banking. The name Bancos is representative of the fact that most variants target Brazilian banks. The first Bancos trojan was discovered in 2003, and there are now well over 14,000 distinct variants, with more being discovered every day. http://totaldefense.com/virusinfo/virus.aspx?id=191732 http://totaldefense.com/virusinfo/virus.aspx?id=191732 The Win32/Bancos family name is used to describe many varied trojans, which all share one common feature - they attempt to steal sensitive information that can be used to gain unauthorized access to bank accounts via Internet Banking. The name Bancos is representative of the fact that most variants target Brazilian banks. The first Bancos trojan was discovered in 2003, and there are now well over 14,000 distinct variants, with more being discovered every day. http://totaldefense.com/virusinfo/virus.aspx?id=191732 http://totaldefense.com/virusinfo/virus.aspx?id=191732 The Win32/Bancos family name is used to describe many varied trojans, which all share one common feature - they attempt to steal sensitive information that can be used to gain unauthorized access to bank accounts via Internet Banking. The name Bancos is representative of the fact that most variants target Brazilian banks. The first Bancos trojan was discovered in 2003, and there are now well over 14,000 distinct variants, with more being discovered every day. http://totaldefense.com/virusinfo/virus.aspx?id=191732 http://totaldefense.com/virusinfo/virus.aspx?id=191732 The Win32/Bancos family name is used to describe many varied trojans, which all share one common feature - they attempt to steal sensitive information that can be used to gain unauthorized access to bank accounts via Internet Banking. The name Bancos is representative of the fact that most variants target Brazilian banks. The first Bancos trojan was discovered in 2003, and there are now well over 14,000 distinct variants, with more being discovered every day. http://totaldefense.com/virusinfo/virus.aspx?id=191732 http://totaldefense.com/virusinfo/virus.aspx?id=191732 Win32/VB is a multi-component family of Trojan generally characterize as Visual Basic-compiled threats capable to drop, download and install other malicious files. http://totaldefense.com/virusinfo/virus.aspx?id=191733 http://totaldefense.com/virusinfo/virus.aspx?id=191733 Win32/VB is a multi-component family of Trojan generally characterize as Visual Basic-compiled threats capable to drop, download and install other malicious files. http://totaldefense.com/virusinfo/virus.aspx?id=191733 http://totaldefense.com/virusinfo/virus.aspx?id=191733 Win32/VB is a multi-component family of Trojan generally characterize as Visual Basic-compiled threats capable to drop, download and install other malicious files. http://totaldefense.com/virusinfo/virus.aspx?id=191733 http://totaldefense.com/virusinfo/virus.aspx?id=191733 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191734 http://totaldefense.com/virusinfo/virus.aspx?id=191734 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191735 http://totaldefense.com/virusinfo/virus.aspx?id=191735 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191736 http://totaldefense.com/virusinfo/virus.aspx?id=191736 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191737 http://totaldefense.com/virusinfo/virus.aspx?id=191737 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191738 http://totaldefense.com/virusinfo/virus.aspx?id=191738 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191739 http://totaldefense.com/virusinfo/virus.aspx?id=191739 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191740 http://totaldefense.com/virusinfo/virus.aspx?id=191740 Win32/SillyDl is a family of Trojans that downloads and executes other malicious files from a FTP or HTTP server. http://totaldefense.com/virusinfo/virus.aspx?id=191741 http://totaldefense.com/virusinfo/virus.aspx?id=191741 Win32/SillyDl is a family of Trojans that downloads and executes other malicious files from a FTP or HTTP server. http://totaldefense.com/virusinfo/virus.aspx?id=191741 http://totaldefense.com/virusinfo/virus.aspx?id=191741 Win32/SillyDl is a family of Trojans that downloads and executes other malicious files from a FTP or HTTP server. http://totaldefense.com/virusinfo/virus.aspx?id=191741 http://totaldefense.com/virusinfo/virus.aspx?id=191741 Win32/Alureon is a family of Trojans with a variety of components that can download and execute arbitrary files, hijack the browser to display fake web pages, and report affected user's queries performed with popular search engines. http://totaldefense.com/virusinfo/virus.aspx?id=191742 http://totaldefense.com/virusinfo/virus.aspx?id=191742 Win32/Alureon is a family of Trojans with a variety of components that can download and execute arbitrary files, hijack the browser to display fake web pages, and report affected user's queries performed with popular search engines. http://totaldefense.com/virusinfo/virus.aspx?id=191742 http://totaldefense.com/virusinfo/virus.aspx?id=191742 Win32/Alureon is a family of Trojans with a variety of components that can download and execute arbitrary files, hijack the browser to display fake web pages, and report affected user's queries performed with popular search engines. http://totaldefense.com/virusinfo/virus.aspx?id=191742 http://totaldefense.com/virusinfo/virus.aspx?id=191742 Win32/Ransom is CA?s generic detection name for family of ransomware. Ransomware is a computer malware that poses security threat by encrypting user's data and taking full control of the machine. It often demands certain amount money to restore encrypted files and unlock the victim's machine. http://totaldefense.com/virusinfo/virus.aspx?id=191715 http://totaldefense.com/virusinfo/virus.aspx?id=191715 Win32/Ransom is CA?s generic detection name for family of ransomware. Ransomware is a computer malware that poses security threat by encrypting user's data and taking full control of the machine. It often demands certain amount money to restore encrypted files and unlock the victim's machine. http://totaldefense.com/virusinfo/virus.aspx?id=191716 http://totaldefense.com/virusinfo/virus.aspx?id=191716 Win32/Ransom is CA?s generic detection name for family of ransomware. Ransomware is a computer malware that poses security threat by encrypting user's data and taking full control of the machine. It often demands certain amount money to restore encrypted files and unlock the victim's machine. http://totaldefense.com/virusinfo/virus.aspx?id=191717 http://totaldefense.com/virusinfo/virus.aspx?id=191717 Win32/Ransom is CA?s generic detection name for family of ransomware. Ransomware is a computer malware that poses security threat by encrypting user's data and taking full control of the machine. It often demands certain amount money to restore encrypted files and unlock the victim's machine. http://totaldefense.com/virusinfo/virus.aspx?id=191718 http://totaldefense.com/virusinfo/virus.aspx?id=191718 Win32/FakeAV is a family of Trojans disguised as legitimate anti-virus and anti-spyware software. FakeAV variants prompt the user with false warnings, popups, and fake scan results, and may also download additional malware. http://totaldefense.com/virusinfo/virus.aspx?id=191719 http://totaldefense.com/virusinfo/virus.aspx?id=191719 Win32/VB is a multi-component family of Trojan generally characterize as Visual Basic-compiled threats capable to drop, download and install other malicious files. http://totaldefense.com/virusinfo/virus.aspx?id=191637 http://totaldefense.com/virusinfo/virus.aspx?id=191637 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191638 http://totaldefense.com/virusinfo/virus.aspx?id=191638 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191639 http://totaldefense.com/virusinfo/virus.aspx?id=191639 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191639 http://totaldefense.com/virusinfo/virus.aspx?id=191639 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191639 http://totaldefense.com/virusinfo/virus.aspx?id=191639 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191639 http://totaldefense.com/virusinfo/virus.aspx?id=191639 Win32/Tnega is a family of Trojans that drop a malicious DLL component file and connect to a server for its Backdoor routines. http://totaldefense.com/virusinfo/virus.aspx?id=191640 http://totaldefense.com/virusinfo/virus.aspx?id=191640