For the week of
03 Jan 2011
Threat
1
Archive hides malicious Java class file
Threat Name:
Mal/Javajar-A
Users at Risk:
Windows users
Also Known As:
- Avira: Java/Agent.AD
- Kaspersky: Exploit.Java.Agent.cw
- Microsoft: TrojanDownloader:Java/OpenStream.W
- Trend Micro: TROJ_JAVA.BY
About:
Mal/PerlBot-A is a IRC Bot. It will attempt to steal local and network passwords to take over the computer. It can also be used to send email, launch denial of service attacks and scan a network for vulnerable computers and launch other network based attacks.
Mal/JavaJar-A is a malicious Java archive that contains a malicious Java class file. The malware can do the following things:
- Exploit a flaw in getSoundbank in the Sun JVM
- Download files from the internet
- Run arbitrary code once exploited
Threat
2
Fake video file redirects to infected webpage
Threat Name:
Mal/ASFDldr-A
Users at Risk:
Windows users
Also Known As:
- Avira EXP/ASF.GetCodec.Gen
- AVP Trojan-Downloader.WMA.GetCodec.c
- McAfee Downloader-UA trojan
- Microsoft TrojanDownloader:ASX/Wimad.DC
- Symantec Trojan.Brisv.A
- Trend Micro TROJ_WIMAD.AT
About:
Mal/ASFDldr-A is a malicious media file with the .asf (Advanced Streaming Format) extension. This malware uses Microsoft Media Player's scripting capability to launch a web browser that sends you to an infected website instead of playing the video the user was hoping for.
Microsoft has issued an update for this vulnerability here: http://support.microsoft.com/kb/828026
Most of the files detected as Mal/ASFDldr-A do not contain any video or audio content; however, they are several megabytes in size due to null padding. This malware tries to pass itself off as media coming from artists such as:
Lady Gaga
ABBA
Taio Cruz
Madoona [sic]
Threat
3
Macro virus hides in an iFrame
Threat Name:
Troj/Fujif-Gen
Users at Risk:
Windows users
Also Known As:
-
Avira: HTML/Infected.WebPage.Gen
-
F-Secure: Trojan.IFrame.HG
-
McAfee: W32/Virut!htm
-
Microsoft: Exploit:HTML/IframeRef.gen
About:
Troj/Bpac-A is malicious JavaScript, part of an exploit pack found on malicious and/or compromised websites.
This family of viruses usually include clean Visual Basic or HTML files that have been modified to include an iFrame tag, usually at the end, pointing to remote malicious code. Troj/Fujif-Gen is affected by members of the W32/Fujacks and W32/Pardona family of viruses, but also sometimes affected by other malware, such as W32/Scribble-A.