Top Ten Viruses And Hoaxes Of February

Full Version: Top Ten Viruses And Hoaxes Of February

GovernmentSecurity.org > General GSO > In The News

GSecur

Feb 27 2004, 02:10 PM

LYNNFIELD, Mass., Feb. 27 /PRNewswire/ -- Sophos, a world leader in protecting businesses against spam and viruses, has revealed the top ten viruses and hoaxes causing problems for businesses around the world.
The report, which examines virus and hoax reports in the month of February 2004, shows MyDoom-A slipped from the top spot, to allow for Sober-C's return to the number one position.

The top ten viruses in February 2004 were as follows:

1. W32/Sober-C (Sober variant) 35.3%
2. W32/MyDoom-A (MyDoom worm) 25.3%
3. W32/Netsky-B (Netsky variant) 7.8% NEW ENTRY
4. W32/Bagle-B (Bagle variant) 5.3% NEW ENTRY
5. W32/Dumaru-A (Dumaru worm) 2.6%
6. W32/Mimail-J (Mimail variant) 2.4%
7. W32/Mimail-C (Mimail variant) 1.8%
8. W32/Mimail-Q (Mimail variant) 1.1%
9. W32/Bagle-A (Bagle worm) 1.1%
10. W32/Gibe-F (Gibe variant) 1.0%

Others 16.3%

"Sober-C, which first topped the chart in December, returned to the top spot again this month ahead of high profile worms, MyDoom-A, Netsky-B and Bagle-B," said Chris Belthoff, senior security analyst at Lynnfield, MA-based, Sophos, Inc. "Sober-C travels via email and peer-to-peer networks and continues to spread widely. Protection against this worm has been available for months. Those who are being affected should consider automating their anti-virus updates in order to maintain their defenses."more>>

zero-maitimax

Mar 1 2004, 10:00 AM

W32/Netsky-B

it's a dutch virus. i feel good about it

Hellraiseruk

Mar 1 2004, 03:16 PM

mydoom second not bad

tweakz20

Mar 1 2004, 08:46 PM

lol, you two shouldn't really talk about it, it makes you sound like you're the creator (I wouldn't be surprised, but still)

ring0

Mar 5 2004, 06:23 PM

since i can't start a new thread... i'll start this discussion over here

Subject: Norton Antivirus 2002 fails to scan files with special character(s) properly.
Published: Friday, 05 March, 2004
Discovered By: Bipin Gautam ( hUNT3R )
Product Version: Norton Antivirus 2002 [ ver: 8.00.58 ] (~Only tested On...~)
Risk Impact: Low-Medium

* * *
Details:

During a 'manual scan' of a folder, if Norton Antivirus (NAV) encounters a file /folder name with 'some' ASCII characters ( 1-31) NAV can't further proceed the manual scan and its front-end 'NAVW32.exe' crashes! This Bug has no impact in the NAV Auto-Protect Engine.

Exploit: http://www.geocities.com/visitbipin/test_nav.zip
Create a folder (say: '!' ) and put some sub-folders and files in it. The file/sub-folder name must contain ASCII character(s) ( 1-31) . Have a manual scan of the folder named '!' NAV can't proceed the scan and crashes!

Disclaimer: The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information.

tweakz20

Mar 5 2004, 08:07 PM

good post! it's a good post, but i think it's in the wrong place; basically this whole site has to do with that kind of stuff

ring0

Mar 6 2004, 04:13 AM

Subject: NAV bugs!
Published: Friday, 05 March, 2004
Updated: 06-Mar-04
Discovered By: Bipin Gautam ( hUNT3R ) ...myself

Product Version: Norton Antivirus 2002 [ ver: 8.00.58 ] (~Only tested On...~)
Risk Impact: Low-Medium

* * *
Details:

During a 'manual scan' of a folder, if Norton Antivirus (NAV) encounters a file /folder name with 'some' ASCII characters ( 1-31) NAV can't further proceed the manual scan and its front-end 'NAVW32.exe' crashes! This Bug has no impact in the NAV Auto-Protect Engine.

Exploit 1). : Norton Antivirus 2002 fails to scan files with special character(s) properly.
http://www.geocities.com/visitbipin/test_nav.zip
Create a folder (say: '!' ) and put some sub-folders and files in it. The file/sub-folder name must contain ASCII character(s) ( 1-31) . Have a manual scan of the folder named '!' NAV can't proceed the scan and crashes!

Exploit 2). : Norton Antivirus Auto-protect fails to stop a HOSTILE CODE... that is in the last sub dir. that windows OS can create!

Run this batch script, first and make sure you have 95 sub-folders inside the folder named '----------------------------------------------------------------' in c:\ (root)

=-------CUT----------=
@echo off
echo ( you can use, http://www.eicar.org/anti_virus_test_file.htm)
echo for a harmless test...
pause
cd\
c:
cd\
:hUNT3r
md 1
cd 1
if not errorlevel 1 goto :hUNT3r
:rename
cd\
c:
cd\
ren 1 ----------------------------------------------------------------
explorer c:
exit

=-------CUT----------=

Now... drag/drop a trojan named 1.exe (that NAV recognises as a hostile program) to the 93'rd sub-folder and execute the program from there........ NAV-AUTO PROTECT is unable to scan/block the program & the trojan gets executed.

[...THIS TECHNIQUE SHOULD WORK FOR SOME OTHER ANTIVIRUS PRODUCT TOO...]

[NOTE]---------------------------------------------------------------------------------------->
drag/drop the trojan code, in a scene...... FOR TEST PURPOSE you either temporarily disable your NAV and copy a trojan there and then enable NAV then and then execute the trojan . NAV is unable to scan/detect it as a virus...... when it gets executed!

OR

you create a blank file and / inject a hostile code named 1.* in the 93'rd sub directory....... and execute it! NAV IS UNABLE TO DETECT IT AS A VIRUS Ps: 93'rd directory is the last sub-folder that windows can create in the situation.....
NOTE]----------------------------------------------------------------------------------------<

Make sure the trojan/warm.exe just have a 1 character file-name! when it is executer from 93'rd sub directory! (...Last possible DIRECTORY where the file file can be copied!)

Disclaimer: The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information.

PS: PLEASE, anyone post this in a new thread...???

ZeroQool007

Mar 8 2004, 11:40 AM

thx for this informations

Ash

Apr 5 2004, 08:43 PM

Thats gonna come in handy

cheers

qcred11

Apr 5 2004, 09:31 PM

News wasn't updated for atleast a month.
The top ten viruses end of the March beginning of April 2004:
1 W32/Netsky.D@mm 1 26,9 %
2 W32/Netsky.P@mm 2 25,8 %
3 W32/Netsky.Q@mm 2 15,3 %
4 W32/Netsky.B@mm 2 10 %
5 W32/Sobig.F@mm - 7,9 %
6 W32/Netsky.C@mm 2 2,4 %
7 W32/Sober.F@mm 2 1,3 %
8 W32/Swen.A@mm 1 1,2 %
9 W32/Mydoom.A@mm - 1,1 %
10 Trojandownloader.Win32.Dluca.P - 0,9 %

Montague

Apr 6 2004, 09:44 AM

I found a new Virus called "ZeroQool007". It really chrashs every System

Sorry, I couldn't just sit there laughing

BacKZoiD

segv

Apr 6 2004, 12:04 PM

Interesting that Witty didn't even break the top ten qcred11.

migo

Apr 6 2004, 12:48 PM

interesting really

qcred11

Apr 6 2004, 02:56 PM

QUOTE

Interesting that Witty didn't even break the top ten qcred11.

Witty is a network worm that spreads through direct network connections, targeting machines that are running BlackIce security software.
If you're not running BlackIce software, this worm won't infect your system. This is the answer. Do you know a lot of people who's running BlackIce security software?

Charlievarley

Apr 16 2004, 10:56 AM

Very interesting

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.