http://www.f-secure.com These are F-Secure's Descriptions of malware, spyware and riskware threats. en Copyright, F-Secure Thu, 18 April 2013 10:55:00 +0800 Wed, 14 November 2012 17:20:00 +0800 http://blogs.law.harvard.edu/tech/rss webmaster@f-secure.com webmaster@f-secure.com http://www.f-secure.com/v-descs/trojan_java_agent_i.shtml Trojan.Java.Agent.I is a trojan-dropper written in Java. On execution, the malware drops and runs an executable file. http://www.f-secure.com/v-descs/trojan_iframe_bmy.shtml Trojan.Iframe.BMY (and the similar Trojan.JS.Iframe.CVT and Trojan.Iframe.BZW detections) identify webpages that contain a suspicious hidden iframe appended to the end of their HTML code. http://www.f-secure.com/v-descs/trojan-dropper_osx_revir_d.shtml Trojan-Dropper:OSX/Revir.D silently drops other malicious programs onto the machine; on execution, Revir.D opens a decoy file to distract the user from the program's malicious activities. http://www.f-secure.com/v-descs/ Backdoor:OSX/Imuler.B contacts a remote server for instructions; it may then steal files or capture a screenshot of the infected computer system, which is later forwarded to the remote server. http://www.f-secure.com/v-descs/exploit_w32_cve_2011_3402_a.shtml Exploit:W32/CVE-2011-3402.A is a Generic Detection that identifies malicious files which exploit a known vulnerability various Windows operating system versions. http://www.f-secure.com/v-descs/exploit_java_majava_b.shtml Exploit:Java/Majava.B identifies malicious files that exploit vulnerabilities in the Java Runtime Environment (JRE). http://www.f-secure.com/v-descs/exploit_w32_cve_2010_0188_c.shtml Summary Exploit:W32/CVE-2010-0188.C identifies malicious PDF files downloaded by the Blackhole exploit kit that exploit a known vulnerability. http://www.f-secure.com/v-descs/exploit_java_cve-2012-5076_b.shtml Exploit:Java/CVE-2012-5076.B is a Generic Detection that identifies Java exploits. http://www.f-secure.com/v-descs/exploit_java_majava_a.shtml Exploit:Java/Majava.A is a Generic Detection that identifies Java exploits. http://www.f-secure.com/v-descs/exploit_w32_cve_2010_0188_b.shtml Exploit:W32/CVE-2010-0188.B identifies malicious PDF files downloaded by the Blackhole exploit kit that exploit a known vulnerability. http://www.f-secure.com/v-descs/exploit_java_cve_2012_4681_h.shtml Exploit:Java/CVE-2012-4681.H identifies malicious Java Archive (JAR) files that exploit a known vulnerability. http://www.f-secure.com/v-descs/trojan-spy_w32_finspy_a.shtml Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity. http://www.f-secure.com/v-descs/flame.shtml Flame is a sophisticated information-gathering program used in targeted cyber-attacks against organizations and nation states in the Middle East. http://www.f-secure.com/v-descs/trojan_win32_patched.shtml Windows components that have been 'patched' by a malicious application, usually to facilitate the malware's operations. The affected component and the purpose of the patching may vary depending on the malware in question. http://www.f-secure.com/v-descs/rootkit_w32_zaccess.shtml Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additionaly advertising information. http://www.f-secure.com/v-descs/backdoor_osx_mackontrol_a.shtml Backdoor:OSX/MacKontrol.A connects to a remote server to receive further instructions, without the knowledge or permission from the user. http://www.f-secure.com/v-descs/backdoor_osx_sabpab_a.shtml Backdoor:OSX/Sabpab.A connects to a remote server to receive further instructions, without the knowledge or permission from the user. http://www.f-secure.com/v-descs/backdoor_osx_olyx_c.shtml Backdoor:OSX/Olyx.C connects to a remote server to receive further instructions, without the knowledge or permission from the user. http://www.f-secure.com/v-descs/backdoor_osx_olyx_b.shtml Backdoor:OSX/Olyx.B connects to a remote server to receive further instructions, without the knowledge or permission from the user. http://www.f-secure.com/v-descs/trojan_w32_ransomcrypt.shtml Trojan:W32/Ransomcrypt is ransomware that encrypts files on the affected computer and demands payment in order to provide a password decrypting the affected files. http://www.f-secure.com/v-descs/trojan_w32_reveton.shtml Trojan:W32/Reveton is a Ransomware application. It fraudulently claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a 'fine' must be paid to restore normal access. http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml Trojan-Downloader:OSX/Flashback.K connects to a remote site to download its payload; on successful infection, the malware modifies targeted webpages displayed in the web browser. http://www.f-secure.com/v-descs/backdoor_w32_binanen_a.shtml A dropper Trojan that contains malicious or potentially unwanted software, which it 'drops' and installs on the affected system. http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml Trojan-Downloader:OSX/Flashback.I connects to a remote site to download its payload; on successful infection, the malware redirects web traffic. http://www.f-secure.com/v-descs/trojan-dropper_osx_revir_c.shtml Trojan-Dropper:OSX/Revir.C silently drops other malicious programs onto the machine; on execution, Revir.C displays a titillating image to distract the user from the program's malicious activities. http://www.f-secure.com/v-descs/exploit_java_blackhole.shtml Exploit:Java/Blackhole identifies a Java class module used as part of an exploit kit known as Blackhole. http://www.f-secure.com/sw-desc/application_w32_installcore.shtml InstallCore is an advertising module that displayed targeted advertising material. http://www.f-secure.com/v-descs/rootkit_w32_zaccess.shtml Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information. http://www.f-secure.com/v-descs/backdoor_osx_devilrobber_a.shtml Backdoor:OSX/DevilRobber.A silently installs applications related to Bitcoin-mining; it may also harvest data from the infected machine and listen for additional commands from a remote user. http://www.f-secure.com/v-descs/backdoor_osx_tsunami_a.shtml Backdoor:OSX/Tsunami.A is a distributed denial-of-service (DDoS) flooder that is also capable of downloading files and executing shell commands in an infected system. http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_c.shtml Trojan-Downloader:OSX/Flashback.C poses as a Flash Player installer and connects to a remote host to obtain further installation files and configuration. http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_b.shtml Trojan-Downloader:OSX/Flashback.B poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files. http://www.f-secure.com/v-descs/trojan-dropper_osx_revir_b.shtml Trojan-Dropper:OSX/Revir.B drops and executes a backdoor program onto the system, while camouflaging its activity by opening a JPG file to distract the user. http://www.f-secure.com/v-descs/monitoring-tool_android_simchecker_a.shtml Monitoring-Tool:Android/SimChecker.A collects geolocation and other device information, and sends out this information via SMS messages and e-mails. http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_a.shtml Trojan-Downloader:OSX/Flashback.A poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files. http://www.f-secure.com/v-descs/backdoor_osx_imuler_a.shtml Backdoor:OSX/Imuler.A contacts a remote server for instructions; it may then steal files or capture a screenshot of the infected computer system, which is then forwarded to the remote server. http://www.f-secure.com/v-descs/trojan-dropper_osx_revir_a.shtml Trojan-Dropper:OSX/Revir.A drops a downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user. http://www.f-secure.com/v-descs/worm_w32_morto_a.shtml Worm:W32/Morto.A propagates through Remote Desktop Services on Windows servers by brute-forcing the login credentials of the server. http://www.f-secure.com/v-descs/trojan_android_ginmaster_a.shtml Trojan:Android/GinMaster.A steals confidential information from the device and sends it to a remote website. http://www.f-secure.com/v-descs/trojan_w32_yakes.shtml Trojan:W32/Yakes variants attempt to connect to and download files from remote servers. http://www.f-secure.com/v-descs/trojan_android_droidkungfu_c.shtml Trojan:Android/DroidKungFu.C forwards confidential details to a remote server. http://www.f-secure.com/v-descs/trojan_android_autospsubscribe_a.shtml Trojan:Android/AutoSPSubscribe.A is a malicious app that targets Android users in China, and is distributed through unofficial markets. http://www.f-secure.com/v-descs/trojan_bash_qhost_wb.shtml Trojan:BASH/QHost.WB hijacks web traffic by modifying the hosts. http://www.f-secure.com/v-descs/trojan_android_yzhcsms_a.shtml Trojan:Android/YZHCSMS.A sends SMS/MMS messages to premium rate numbers, potentially incurring unexpected/unwanted usage charges. http://www.f-secure.com/v-descs/monitoring-tool_android_spybubble_a.shtml Monitoring-Tool:Android/SpyBubble.A is a commercially available tracking tool. http://www.f-secure.com/v-descs/trojan_android_basebridge_a.shtml Trojan:Android/BaseBridge.A forwards confidential details to a remote server. http://www.f-secure.com/sw-desc/spyware_android_flexispy_k.shtml Spyware:Android/Flexispy.K is a commercially available monitoring program. http://www.f-secure.com/v-descs/rogue_osx_fakemacdef_a.shtml Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected. http://www.f-secure.com/v-descs/trojan_w32_murofet_a.shtml This trojan attempts to download a file (presumably malicious) from a randomly generated domain. http://www.f-secure.com/v-descs/virus_w32_ramnit_n.shtml A program that secretly and maliciously integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.