Lavasoft Malware Labs Blog
0063.0000 is now availiable, new definition file for Ad-Aware 2007.
New definitions:
====================
MacroAV +2
TheLastDefender +2
Win32.Backdoor.Kelebek
Win32.Backdoor.Sensive
Win32.P2PWorm.BAT
Updated definitions:
====================
Adware.Ejik
AdwareAlert +6
AdwareBot +4
AntiSpyware +6
AntispywareBot +4
AntivirusPCSuite +3
MalwareBot +4
RegistrySmart +4
SpywareRemover +2
SpywareStop +4
Win32.AdWare.Cinmus +3
Win32.Backdoor.Agent +2
Win32.Backdoor.Cakl
Win32.Backdoor.Ceckno +22
Win32.Backdoor.IRCZapchast +4
Win32.Backdoor.Lecna
Win32.Backdoor.Poison
Win32.Dialer.Trojan
Win32.Hoax.Renos +15
Win32.Trojan.Agent +36
Win32.Trojan.BHO +3
Win32.Trojan.Crypt +10
Win32.Trojan.Delf
win32.Trojan.Dnschanger
Win32.Trojan.Pakes +3
Win32.Trojan.Small
Win32.TrojanClicker.Costrat
Win32.TrojanDownloader.Agent +27
Win32.TrojanDownloader.Banload +4
Win32.TrojanDownloader.Delf +6
Win32.TrojanDownloader.Flux +5
Win32.TrojanDownloader.Hmir +2
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.Small +123
Win32.TrojanDownloader.Tibs +13
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB +4
Win32.TrojanDownloader.Winlagons
Win32.Trojandownloader.Zlob +19
Win32.TrojanPWS.Magania
Win32.TrojanPWS.OnlineGames +140
Win32.TrojanSpy.Banker +15
Win32.TrojanSpy.Goldun +2
Win32.Worm.Bobic
Win32.Worm.Warezov +5
Win32.Worm.Zhelatin +2
WinFixer +2
WinReanimator +7
Virtumonde +2
MD5 for the core.aawdef file: 251de29c8ce6ecef47c2820f8ea341b1
MD5 for the defs.ref file: 9d2422143a2699b696eca9fbe7fe6cc7
New definitions:
====================
MacroAV +2
TheLastDefender +2
Win32.Backdoor.Kelebek
Win32.Backdoor.Sensive
Win32.P2PWorm.BAT
Updated definitions:
====================
Adware.Ejik
AdwareAlert +6
AdwareBot +4
AntiSpyware +6
AntispywareBot +4
AntivirusPCSuite +3
MalwareBot +4
RegistrySmart +4
SpywareRemover +2
SpywareStop +4
Win32.AdWare.Cinmus +3
Win32.Backdoor.Agent +2
Win32.Backdoor.Cakl
Win32.Backdoor.Ceckno +22
Win32.Backdoor.IRCZapchast +4
Win32.Backdoor.Lecna
Win32.Backdoor.Poison
Win32.Dialer.Trojan
Win32.Hoax.Renos +15
Win32.Trojan.Agent +36
Win32.Trojan.BHO +3
Win32.Trojan.Crypt +10
Win32.Trojan.Delf
win32.Trojan.Dnschanger
Win32.Trojan.Pakes +3
Win32.Trojan.Small
Win32.TrojanClicker.Costrat
Win32.TrojanDownloader.Agent +27
Win32.TrojanDownloader.Banload +4
Win32.TrojanDownloader.Delf +6
Win32.TrojanDownloader.Flux +5
Win32.TrojanDownloader.Hmir +2
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.Small +123
Win32.TrojanDownloader.Tibs +13
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB +4
Win32.TrojanDownloader.Winlagons
Win32.Trojandownloader.Zlob +19
Win32.TrojanPWS.Magania
Win32.TrojanPWS.OnlineGames +140
Win32.TrojanSpy.Banker +15
Win32.TrojanSpy.Goldun +2
Win32.Worm.Bobic
Win32.Worm.Warezov +5
Win32.Worm.Zhelatin +2
WinFixer +2
WinReanimator +7
Virtumonde +2
MD5 for the core.aawdef file: 251de29c8ce6ecef47c2820f8ea341b1
MD5 for the defs.ref file: 9d2422143a2699b696eca9fbe7fe6cc7
0062.0000 is now available, new definition file for Ad-Aware 2007.
New definitions:
====================
AntispySpider
Win32.Backdoor.CSearch
Win32.Backdoor.Levitous
Win32.Trojan.Bocata
Win32.Trojan.Wigon +2
Win32.TrojanClicker.BHO
Win32.TrojanDownloader.Gida +4
Win32.TrojanDownloader.Mutant +2
Win32.TrojanProxy.Jubon
Win32.Virus.Boru
Win32.Virus.Hantaner
Win32.Virus.HLLPShed
Win32.Virus.Mead
Win32.Virus.Nuke
Win32.Virus.Parity +2
Win32.Virus.WYX
Updated definitions:
====================
Adware.Agent +10
Adware.Delf
Adware.E404 +2
Adware.TTC
Adware.VapSup +9
AdwareAlert
AdwareBot +3
AdwareRemover2007
AntiSpyware +3
AntispywareBot +3
Dialer +3
FakeAlert +18
Hacktool.Flooder
Lop +2
MalwareAlarm
MalwareBot +3
SpywareRemover
SpywareStop +3
Toolbar.Softo
Ultimate Defender +3
Win32.Adware.OneStep +3
Win32.Backdoor.Agent +13
Win32.Backdoor.Bifrose
Win32.Backdoor.Ceckno
Win32.Backdoor.Hupigon +3
Win32.Backdoor.IRCBot +2
Win32.Backdoor.IRCZapchast +18
Win32.Backdoor.Nepoe +2
Win32.Backdoor.PcClient
Win32.Backdoor.Powerspider
Win32.Backdoor.RBot +2
Win32.Backdoor.SDBot +8
Win32.Backdoor.Small
Win32.Backdoor.VanBot +3
Win32.Dialer.Trojan +7
Win32.Generic.Worm
Win32.Packed.PolyCrypt +75
Win32.Rootkit.Agent +11
Win32.SpamTool.Agent +3
Win32.Trojan.Agent +24
Win32.Trojan.BHO +3
Win32.Trojan.Buzus +3
Win32.Trojan.Crypt +16
Win32.Trojan.Delf +3
win32.Trojan.Dnschanger +5
Win32.Trojan.Inject +7
Win32.Trojan.KillAV +4
Win32.Trojan.Klone
Win32.Trojan.Kobcka +5
Win32.Trojan.Obfuscated
Win32.Trojan.Pakes +11
Win32.Trojan.Qhost +4
Win32.Trojan.Small +10
Win32.Trojan.Spy
Win32.Trojan.Srizbi
Win32.Trojan.StartPage +2
Win32.Trojan.Vaklik +5
Win32.Trojan.VB +3
Win32.TrojanClicker +5
Win32.TrojanClicker.Costrat
Win32.TrojanClicker.Delf
Win32.TrojanClicker.VB +2
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent +29
Win32.TrojanDownloader.Bestseller
Win32.TrojanDownloader.Delf +8
Win32.TrojanDownloader.Flux +3
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.ISTBar +3
Win32.TrojanDownloader.Losabel
Win32.TrojanDownloader.QDown +2
Win32.TrojanDownloader.Small +21
Win32.TrojanDownloader.Suurch
Win32.TrojanDownloader.Tibs +11
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB +4
Win32.TrojanDownloader.Winlagons +2
Win32.Trojandownloader.Zlob +30
Win32.TrojanDropper +35
Win32.Trojan-Dropper.Delf
Win32.TrojanProxy.Agent.dl +2
Win32.TrojanProxy.Horst
Win32.TrojanProxy.Xorpix
Win32.Trojan-PSW.Delf +2
Win32.TrojanPWS.LdPinch +4
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.OnlineGames +104
Win32.TrojanPWS.QQPass +2
Win32.TrojanPWS.WebMoner
Win32.TrojanSpy.Banker +10
Win32.TrojanSpy.Peed +2
Win32.TrojanSpy.Zbot
Win32.Virus.Kies +11
Win32.Virus.Virut +85
Win32.Worm.Allaple
Win32.Worm.Autorun +2
Win32.Worm.Downloader
Win32.Worm.Feebs
Win32.Worm.Kolab
Win32.Worm.Mobler +2
Win32.Worm.Socks +2
WIn32.Worm.VB
Win32.Worm.Zhelatin +11
WinReanimator
Virtumonde +13
VirusHeat
VirusProtectPro
XPAntivirus
MD5 checksum is for core.aawdef is da7de941a9b26ac9ab3e8a14566f0db8
MD5 checksum is for defs.ref is faf9e4368c3900942edf23f5d9e67dc2
Happy St. Patrick's Day!
0061.0000 is now available, new definition file for Ad-Aware 2007.
New definitions:
====================
Win32.FakeCodec.Nicecodec +1099
Updated definitions:
====================
-
MD5 checksum is dbbfa4f334d5ee0d4cdcb6b96bf39f3f for core.aawdef
MD5 checksum is 210da5272443f3ab7a238a46df11b977 for defs.ref
New definitions:
====================
Win32.FakeCodec.Nicecodec +1099
Updated definitions:
====================
-
MD5 checksum is dbbfa4f334d5ee0d4cdcb6b96bf39f3f for core.aawdef
MD5 checksum is 210da5272443f3ab7a238a46df11b977 for defs.ref
For those who have missed it, Phorm, Inc have trialled and are proposing to roll out a new system in the UK that helps advertisers target advertising more precisely at participating internet users. Their goal is, according to their homepage at www.phorm.com is "to make online advertising more relevant, rewarding and valuable.". The basic principle is to gather information based on your internet browsing behaviour and use that information to target so called 'relevant ads'.
0059.0000 is now available, new definition file for Ad-Aware 2007.
New definitions:
====================
Adware.CashOn +9
Adware.Ejik +12
PCSuperCharger +4
Win32.Packed.PolyCrypt +4
Win32.Trojan.Baord
Win32.Trojan.JunkPoly +3
Win32.Trojan.Matcash +2
Win32.TrojanDownloader.FraudLoad +9
Win32.Virus.Gobi
Win32.Worm.Cekar
Win32.Worm.CodeRed +2
Win32.Worm.Socks +2
Updated definitions:
====================
Adware.Agent +6
Adware.Baidu
Adware.BHO(generic) +10
Adware.CashBack +7
Adware.CDN +2
Adware.Dpoint
Adware.E404
Adware.SuperJuan
Adware.TTC +2
Adware.VapSup +11
AdwareAlert +5
AdwareBot +5
Alexa
AntispywareBot +4
AntiSpywareShield +2
AntivirusPCSuite +7
AntiVirusPro +2
Awola
Cleanator
ContraVirus
Dialer +13
ErrorKiller +6
EvidenceEraser
FakeAlert +9
Lop +6
MacroVirus +4
MalwareBot +3
MalWarrior +2
PrivacyControl
RegistryBot +5
RegistryClear +5
RegistrySmart +3
RegRecall +5
RegSweep +3
SpywareIsolator +2
SpywareRemover +6
SpywareStop +4
Toolbar.Softo +2
Ultimate Defender +3
Win32.Adware.AdMoke +4
Win32.AdWare.Boran
Win32.AdWare.Cinmus +4
Win32.Adware.Insider +3
Win32.Adware.Rabio
Win32.Backdoor.Agent +4
Win32.Backdoor.HacDef
Win32.Backdoor.Hupigon +2
Win32.Backdoor.IRCBot +3
Win32.Backdoor.IRCZapchast
Win32.Backdoor.Padodor
Win32.Backdoor.PopWin
Win32.Backdoor.RBot +3
Win32.Backdoor.SDBot
Win32.Backdoor.Small
Win32.Backdoor.VanBot
Win32.Dialer.Trojan
Win32.Generic.PWS
Win32.Generic.Worm
Win32.Hoax.Renos
Win32.Rootkit.Agent +6
Win32.SpamTool.Agent +2
Win32.Trojan.Agent +34
Win32.Trojan.BHO +2
Win32.Trojan.Buzus
Win32.Trojan.Crypt +24
Win32.Trojan.Delf +8
Win32.Trojan.Downloader
Win32.Trojan.Inject +3
Win32.Trojan.Klone +3
Win32.Trojan.Obfuscated +6
Win32.Trojan.Pakes +3
Win32.Trojan.Qhost +2
Win32.Trojan.Small
Win32.Trojan.Spy +7
Win32.Trojan.Tibs +3
Win32.Trojan.Trash +2
Win32.Trojan.Vaklik +16
Win32.TrojanClicker +3
Win32.TrojanClicker.Costrat
Win32.TrojanDownloader.Adload +2
Win32.TrojanDownloader.Agent +43
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Delf +14
Win32.TrojanDownloader.Diehard +2
Win32.TrojanDownloader.Ieser
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.NanoDesu
Win32.TrojanDownloader.Small +18
Win32.TrojanDownloader.Tibs +13
Win32.TrojanDownloader.Tiny +3
Win32.TrojanDownloader.VB +2
Win32.TrojanDownloader.Winlagons +2
Win32.Trojandownloader.Zlob +43
Win32.TrojanDropper +54
Win32.Trojan-Dropper.Delf +9
Win32.TrojanProxy.Agent.dl +5
Win32.TrojanProxy.Daemonize
Win32.Trojan-PSW.Delf +2
Win32.Trojan-PSW.Nilage
Win32.Trojan-PSW.QQRob
Win32.TrojanPWS.LdPinch +2
Win32.TrojanPWS.Lmir +5
Win32.TrojanPWS.Magania
Win32.TrojanPWS.OnlineGames +185
Win32.TrojanPWS.QQPass +2
Win32.TrojanPWS.WebMoner +2
Win32.TrojanPWS.WOW +2
Win32.TrojanSpy.Banker +8
Win32.TrojanSpy.IESpy +2
Win32.TrojanSpy.Peed
Win32.Virus.Nimda
Win32.Virus.Virut +4
Win32.Virus.Xorer
Win32.Worm.Agent
Win32.Worm.Autorun +5
Win32.Worm.Bagle
Win32.Worm.Delf +2
Win32.Worm.LockSky
Win32.Worm.Zhelatin +36
WinFixer
WinReanimator +2
Virtumonde +8
VirusProtectPro
XPAntivirus +2
Yok Toolbar
MD5 checksum is 3bc6e04e5cd23e618b98213d8b77ad38 for core.aawdef
MD5 checksum is ec42a1395b31d1fa370fd323b38abb58 for defs.ref
New definitions:
====================
Adware.CashOn +9
Adware.Ejik +12
PCSuperCharger +4
Win32.Packed.PolyCrypt +4
Win32.Trojan.Baord
Win32.Trojan.JunkPoly +3
Win32.Trojan.Matcash +2
Win32.TrojanDownloader.FraudLoad +9
Win32.Virus.Gobi
Win32.Worm.Cekar
Win32.Worm.CodeRed +2
Win32.Worm.Socks +2
Updated definitions:
====================
Adware.Agent +6
Adware.Baidu
Adware.BHO(generic) +10
Adware.CashBack +7
Adware.CDN +2
Adware.Dpoint
Adware.E404
Adware.SuperJuan
Adware.TTC +2
Adware.VapSup +11
AdwareAlert +5
AdwareBot +5
Alexa
AntispywareBot +4
AntiSpywareShield +2
AntivirusPCSuite +7
AntiVirusPro +2
Awola
Cleanator
ContraVirus
Dialer +13
ErrorKiller +6
EvidenceEraser
FakeAlert +9
Lop +6
MacroVirus +4
MalwareBot +3
MalWarrior +2
PrivacyControl
RegistryBot +5
RegistryClear +5
RegistrySmart +3
RegRecall +5
RegSweep +3
SpywareIsolator +2
SpywareRemover +6
SpywareStop +4
Toolbar.Softo +2
Ultimate Defender +3
Win32.Adware.AdMoke +4
Win32.AdWare.Boran
Win32.AdWare.Cinmus +4
Win32.Adware.Insider +3
Win32.Adware.Rabio
Win32.Backdoor.Agent +4
Win32.Backdoor.HacDef
Win32.Backdoor.Hupigon +2
Win32.Backdoor.IRCBot +3
Win32.Backdoor.IRCZapchast
Win32.Backdoor.Padodor
Win32.Backdoor.PopWin
Win32.Backdoor.RBot +3
Win32.Backdoor.SDBot
Win32.Backdoor.Small
Win32.Backdoor.VanBot
Win32.Dialer.Trojan
Win32.Generic.PWS
Win32.Generic.Worm
Win32.Hoax.Renos
Win32.Rootkit.Agent +6
Win32.SpamTool.Agent +2
Win32.Trojan.Agent +34
Win32.Trojan.BHO +2
Win32.Trojan.Buzus
Win32.Trojan.Crypt +24
Win32.Trojan.Delf +8
Win32.Trojan.Downloader
Win32.Trojan.Inject +3
Win32.Trojan.Klone +3
Win32.Trojan.Obfuscated +6
Win32.Trojan.Pakes +3
Win32.Trojan.Qhost +2
Win32.Trojan.Small
Win32.Trojan.Spy +7
Win32.Trojan.Tibs +3
Win32.Trojan.Trash +2
Win32.Trojan.Vaklik +16
Win32.TrojanClicker +3
Win32.TrojanClicker.Costrat
Win32.TrojanDownloader.Adload +2
Win32.TrojanDownloader.Agent +43
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Delf +14
Win32.TrojanDownloader.Diehard +2
Win32.TrojanDownloader.Ieser
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.NanoDesu
Win32.TrojanDownloader.Small +18
Win32.TrojanDownloader.Tibs +13
Win32.TrojanDownloader.Tiny +3
Win32.TrojanDownloader.VB +2
Win32.TrojanDownloader.Winlagons +2
Win32.Trojandownloader.Zlob +43
Win32.TrojanDropper +54
Win32.Trojan-Dropper.Delf +9
Win32.TrojanProxy.Agent.dl +5
Win32.TrojanProxy.Daemonize
Win32.Trojan-PSW.Delf +2
Win32.Trojan-PSW.Nilage
Win32.Trojan-PSW.QQRob
Win32.TrojanPWS.LdPinch +2
Win32.TrojanPWS.Lmir +5
Win32.TrojanPWS.Magania
Win32.TrojanPWS.OnlineGames +185
Win32.TrojanPWS.QQPass +2
Win32.TrojanPWS.WebMoner +2
Win32.TrojanPWS.WOW +2
Win32.TrojanSpy.Banker +8
Win32.TrojanSpy.IESpy +2
Win32.TrojanSpy.Peed
Win32.Virus.Nimda
Win32.Virus.Virut +4
Win32.Virus.Xorer
Win32.Worm.Agent
Win32.Worm.Autorun +5
Win32.Worm.Bagle
Win32.Worm.Delf +2
Win32.Worm.LockSky
Win32.Worm.Zhelatin +36
WinFixer
WinReanimator +2
Virtumonde +8
VirusProtectPro
XPAntivirus +2
Yok Toolbar
MD5 checksum is 3bc6e04e5cd23e618b98213d8b77ad38 for core.aawdef
MD5 checksum is ec42a1395b31d1fa370fd323b38abb58 for defs.ref
In the last days we have seen a new Rogue AntiVirus program being spread through a trojan. Opening up the program, Unigray AntiVirus, we were met by a somewhat familiar GUI.
You may have noticed our rogue application definition update last week. It was prompted by the deluge of complaints to our support team about C-NetMedia's AdWareAlert program from people who thought they were buying Lavasoft's AdAware 2007. The update also follows on from the excellent article by Ben Edelman (assisted by our very own Calamity Jane!) on the subject. You can read it here: http://www.benedelman.org/news/021408-1.html.
Upload Malware Samples
