Global Virus and Hoax Information

Latest BitFender Threats

Sophos daily Top 10 hoaxes

1 Hotmail hoax

1 Hotmail hoax

2 Budweiser frogs screensaver

2 Budweiser frogs screensaver

3 Bonsai kitten

3 Bonsai kitten

4 Olympic torch

4 Olympic torch

5 MSN is closing down

5 MSN is closing down

6 A virtual card for you

6 A virtual card for you

7 Meninas da Playboy

7 Meninas da Playboy

8 Bill Gates fortune

8 Bill Gates fortune

9 JDBGMGR

9 JDBGMGR

10 Justice for Jamie

10 Justice for Jamie

Sophos Security News

Sophos Named to CRN’s 2013 5-Star Partner Program Guide

5-Star designation in annual guide identifies the IT channel’s most elite vendor partner programs

Sophos Strengthens Senior Leadership Team

Michael Valentine appointed SVP of worldwide sales, and Ari Buchler named general counsel and vice president of corporate development

Sophos Extends UTM to the Enterprise

New Unified Threat Management and Branch Office security hardware models improve performance, connectivity and operations

Sophos Cited as a Leader in New Endpoint Security Report

Leading independent research firm notes that Sophos delivers strong security capabilities and has one of the best malware detection rates on the market today

Sophos Makes Security Personal and Enables BYOD with EndUser Protection

New offering combines endpoint and mobile protection to simplify mobile device security, minimize IT expenses, and improve business productivity

80 Percent of Attacks in 2012 Were Redirects from Legitimate Sites…and 27 Percent of all Cybercrime was Linked to ‘Blackhole’ Exploit Kit

This and more in the new Sophos Threat Report—outlining the changing threats and new platforms challenging IT security

Sophos Makes Significant Strides with Mobile Device Management in 2012

Exceeds one-million managed devices mark and introduces array of mobile security offerings

Sophos Sets New Standard for Small Business Security

With Sophos UTM 100, small businesses have access to enterprise-grade security at a fraction of the cost

India Spews More Spam Than Ever Before as UK Returns to Dirty Dozen

SophosLabs research shows one in every six spam messages now relayed via computers in India

Sophos Enhances Mobile Security for Android Devices with Free Anti-Virus and Encryption Apps

Updated mobile security and new mobile encryption apps protect against device loss/theft and provide access to encrypted documents

Sophos Announces Lenovo Certification for SafeGuard Enterprise

Market-leading data protection solution protects critical data in public, private and hybrid cloud environments

Sophos Appoints Matt Fairbanks CMO

McAfee executive to lead worldwide marketing for complete security leader

Sophos Introduces First Cloud-Based Solution With Hosted Version of Mobile Device Management Offering

As a hosted service, Sophos Mobile Control eliminates hardware costs and reduces time to administer MDM solutions

Sophos Appoints Kris Hagerman CEO

Steve Munford assumes role of non-executive chairman

New USB wireless access point provides WLAN for remote offices

Sophos’ New Wireless Access Point AP 5 Adds WLAN Capabilities to Sophos RED appliances

Sophos Offers Free Anti-Virus App for Android Users

Sophos Mobile Security helps to better safeguard Android phones and tablets

One In Every Two Spam Messages Sent From Asia, Sophos Reveals

Sophos calls on all internet users to take greater care in protecting their computers

Sophos Launches New Comprehensive Partner Program

Integrated program with Astaro partners offers new training tracks, certifications to drive partner success

Sophos announces mobile partnership with Logic Plus

Customers embrace new partnership using Mobile Control, supporting company-owned smartphones with plans for BYO devices

Sophos Makes Unified Threat Management Complete by Adding Endpoint Security

Complete security in a box offering delivers features designed to simplify roaming user and BYOD security challenges

Sophos’ Amy Gelpey Named to CRN’s 2012 List of 100 People You Don’t Know, But Should

Second Annual List Recognizes Behind-the-scenes Influencers in the IT Channel

Sophos Research Reveals Disconnect Between Growing Security Demands and Ageing Security Infrastructure

93 percent of small and mid-sized businesses must tailor security for remote workers, and more than half predict it will cause a threat to security

Sophos Announces Cloud Partnership with VMVault

IT security and data protection company establishes new cloud partnership

Securelist / Active Alerts

Securelist / Alerts

Trojan-Ransom.Win32.Gpcode.ax

Kaspersky Lab warns users about the emergence online of a new version of the Gpcode ransomware program.

The program spreads via malicious websites and P2P networks.

Kaspersky Lab products detect the program as Trojan-Ransom.Win32.Gpcode.ax.

You can read more on our blog.

Email-Worm.Win32.VBMania

Kaspersky Lab is monitoring a new email worm which is currently spreading. Emails spreading the worm say “Here you have” in the subject line.

We detect the worm as Email-Worm.Win32.VBMania.

While the servers hosting related downloads have been taken down, we are keeping customers updated and protected against any new variants.



Net-Worm.Win32.Kido

Kaspersky Lab has detected that multiple variants of Kido, a polymorphic worm, are currently spreading widely.

Kaspersky Lab has detected that multiple variants of Kido, a polymorphic worm, are currently spreading widely.

Net-Worm.Win32.Kido exploits a critical vulnerability (MS08-067) in Microsoft Windows to spread via local networks and removable storage media.

The worm disables system restore, blocks access to security websites, and downloads additional malware to infected machines.

Users are strongly recommended to ensure their antivirus databases are up to date. A patch for the vulnerability is available from Microsoft.

Detailed descriptions of Net-Worm.Win32.Kido.bt, Net-Worm.Win32.Kido.dv and Net-Worm.Win32.Kido.fx are available in the Virus Encyclopaedia. A dedicated removal tool is available here.

Virus.Win32.Gpcode.ak

Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak.

Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak.

The new Gpcode variant encrypts files with extensions DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. on hard drives using an RSA algorithm with a 1024-bit key.

After encrypting files, the virus leaves a text file in the folder next to the encrypted files with following message:

Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com

Currently, we detect the new variant, but we are unable to crack the 1024-bit key. Our analysts are continuing to work on both the key and the virus to resolve this issue.

Kaspersky Lab recommends that all Internet users enable maximum protection from malicious code and network attacks on their computers, refrain from executing suspicious programs received from untrustworthy sources and back up any important information on their computers.

Detection of Virus.Win32.Gpcode.ak was added to Kaspersky Anti-Virus signature databases yesterday, on June 4th, at 15:39 GMT. Please make sure to update if you haven’t already.

If you have fallen victim to Gpcode.ak, try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine. Contact us by email stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected: which programs you have executed, which websites you have visited, etc. We'll try and help you recover any data that has been encrypted.

For more information about the malicious program, please read our weblog.

Email-Worm.Win32.Warezov.nf

Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.nf.

Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.nf. At 8.00 Moscow Standard Time, 19 April 2007, 70-85% of the malicious content in mail traffic consisted of various forms of a new modification of Warezov - the Warezov.nf worm.

A few hours before this point, there was a noticeable increase in mail traffic of an earlier modification of Warezov - Warezov.do which featured in the October 2006 Top 20.

If you are using Kaspersky Anti-Virus 6.0 or Kaspersky Internet Security 6.0 with Proactive Protection turned on, new variants will be detected without the need to update your antivirus databases.

A full description of Email-Worm.Win32.Warezov.nf is now available in the Virus Encyclopaedia.

Email-Worm.Win32.Warezov.mx

New Warezov variant mass mailed

A new version of Warezov, Email-Worm.Win32.Warezov.mx has been mass-mailed.

The worm spreads as an attachment to infected emails. Once launched, it may terminate antivirus and firewall programs and download other malware.

An urgent update to antivirus databases has been released.

If you are using Kaspersky Anti-Virus/ Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

Email-Worm.Win32.Warezov.ms

A new variant of Warezov has been mass mailed, and is spreading rapidly

Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.ms. The mass mailing started on 3rd April 2007.

The worm spreads as an attachment to infected emails. Once launched, it may terminate antivirus and firewall programs and download other malware.

An urgent update to antivirus databases has been released.

If you are using Kaspersky Anti-Virus/ Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

A detailed description of Email-Worm.Win32.Warezov.ms will be available in the near future.

Email-Worm.Win32.Zhelatin

Multiple variants spreading

Multiple variants of Email-Worm.Win32.Zhelatin are currently spreading. The most recent variants are Zhelatin.u, Zhelatin.r and Zhelatin.t

New variants may be functionally similar to each other and to previous variants.

Users are reminded to keep their antivirus protection up to date, and to scan any suspicious emails with an antivirus solution.

If you are using Kaspersky Anti-Virus or Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

A detailed description of Email-Worm.Win32.Zhelatin.o is available in the Virus Encyclopaedia.

Email-Worm.Win32.Zhelatin.u

New variant of Zhelatin spreading rapidly

Kaspersky Lab has detected a new variant of Zhelatin, Email-Worm.Zhelatin.u.

Zhelatin.u is a repacked version of an earlier modification, and has the same functionality as previous variants.

Users are reminded to keep their antivirus protection up to date.

If you are using Kaspersky Anti-Virus 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

Email-Worm.Win32.Zhelatin.r

Sharp increase in the volume of Email-Worm.Win32.Zhelatin.r

Kaspersky Lab has detected a sharp increase in the volume of Email-Worm.Win32.Zhelatin.r in mail traffic.

It is functionally identical to Zhelatin.o. Zhelatin.r is simply a repacked version.

If you are using Kaspersky Anti-Virus 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

Securelist / Descriptions

Trojan-Downloader.JS.Agent.gdn

A trojan program that opens various websites in the browser without the user's knowledge. It is a HTML-page containing JavaScript. Depending on the version, it may be between 1 and 400 kB.

Trojan.Win32.Scar.dgje

A trojan program. It is a Windows application (PE-EXE file). 742912 bytes. Packed by an unknown packer. Unpacked size - around 788 kB. Written in Delphi. Installation When launching, the...

Trojan.Win32.KillAV.gcg

A trojan program that carries out destructive actions on the user's computer. It is a Windows dynamic-link library (PE-DLL file). 9728 bytes. Written in C++.

Trojan.Win32.Agent2.dmdi

The malicious library is a component of a trojan program designed to steal the user's authentication data. It is a Windows dynamic-link library (PE-DLL file). 8192 bytes. Written in C++.

Trojan-Downloader.JS.Agent.gbj

A trojan program that uses the vulnerabilities in Oracle Java and Adobe Reader/Acrobat products to download and launch other malware. It is a HTML document containing Java Script. 88200 bytes.

Trojan-Downloader.JS.Agent.gaf

A trojan program that uses the vulnerabilities in Oracle Java and Adobe Reader/Acrobat products to download and launch other malware. It is a HTML document containing Java Script. 88518 bytes.

Trojan.Win32.Jorik.Carberp.ar

A trojan that provides the attacker with remote access to the infected computer. It is a Windows application (PE-EXE file). 176640 bytes. UPX packed. Unpacked size - around 245 kB. Written in...

Trojan.Win32.Agent2.dmvt

A trojan program designed to steal the user's authentication data. It is a Windows application (PE-EXE file). 6144 bytes. UPX packed. Unpacked size - around 12 kB. Written in C++.

Trojan.Win32.KillFiles.afz

A trojan program designed to delete components of the security software Gbuster plugin for Internet Explorer. Implemented in the form of an NT kernel mode driver. 5632 bytes. Written in C++.

Trojan.Win32.Agent.fajk

A trojan program that downloads files from the Internet without the user's knowledge and launches them. It is a Windows application (PE-EXE file). 6656 bytes. Written in C++. Installation After...

Trojan.Win32.Jorik.Buterat.dp

A trojan program that carries out destructive actions on the user's computer. It is a Windows application (PE-EXE file). 56832 bytes. Packed by an unknown packer. Unpacked size - around 53 kB....

AdWare.Win32.Gamevance.hfti

Adware designed to redirect user searches to other web resources. It is a Windows application (PE-EXE file). 1135840 bytes. Written in C++. Installation The trojan is installed as an add-in for the...

Trojan-Downloader.Win32.Small.bven

A trojan program that downloads files from the internet without the user's knowledge and launches them. It is a Windows application (PE-EXE file). 7168 bytes. Written in C++. Installation When...

Trojan.NSIS.Miner.a

A trojan program. It is a Windows application (PE-EXE file). 244927 bytes. This malware is created using the system to create the installation packages Nullsoft Scriptable Install...

Trojan.Java.Agent.an

A trojan program that downloads files from the Internet without the user's knowledge and launches them. It is a JAR-archive containing a set of Java-classes (class-files). 15661 bytes.

Exploit.JS.CVE-2010-4452.t

The trojan contains a function that allows it to launch certain malicious scripts, as well as Java-applets, using the vulnerability CVE-2010-4452 to download other malware to the infected computer. It...

Trojan-Downloader.JS.Agent.gcv

A trojan program that uses the vulnerabilities in Oracle Java and Adobe Reader/Acrobat products to download and launch other malware. It is a HTML document containing Java Script. 45082 bytes.

Trojan-Dropper.Win32.StartPage.eba

A trojan program that installs and launches other software on the infected computer without the user's knowledge. It is a Windows application (PE EXE-file). 25169 bytes. The program is packed by an...

Trojan-Dropper.Win32.Agent.ezqm

A trojan program that installs and launches other software on the infected computer without the user's knowledge. It is a Windows application (PE-EXE file). 231124 bytes. Written in C++.

Trojan-Downloader.Win32.VB.aiqx

A trojan program that downloads files from the internet without the user's knowledge and launches them. It is a Windows application (PE-EXE file). 7680 bytes. UPX packed. Its unpacked size is around...