Forums: Top Ten Viruses And Hoaxes Of February - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Top Ten Viruses And Hoaxes Of February

#1 User is offline   Blake 

  • Former Commander In Chief
  • Icon
  • Group: Retired General
  • Posts: 7,317
  • Joined: 24-September 02

Posted 27 February 2004 - 06:10 AM

LYNNFIELD, Mass., Feb. 27 /PRNewswire/ -- Sophos, a world leader in protecting businesses against spam and viruses, has revealed the top ten viruses and hoaxes causing problems for businesses around the world.
The report, which examines virus and hoax reports in the month of February 2004, shows MyDoom-A slipped from the top spot, to allow for Sober-C's return to the number one position.

The top ten viruses in February 2004 were as follows:

1. W32/Sober-C (Sober variant) 35.3%
2. W32/MyDoom-A (MyDoom worm) 25.3%
3. W32/Netsky-B (Netsky variant) 7.8% NEW ENTRY
4. W32/Bagle-B (Bagle variant) 5.3% NEW ENTRY
5. W32/Dumaru-A (Dumaru worm) 2.6%
6. W32/Mimail-J (Mimail variant) 2.4%
7. W32/Mimail-C (Mimail variant) 1.8%
8. W32/Mimail-Q (Mimail variant) 1.1%
9. W32/Bagle-A (Bagle worm) 1.1%
10. W32/Gibe-F (Gibe variant) 1.0%

Others 16.3%


"Sober-C, which first topped the chart in December, returned to the top spot again this month ahead of high profile worms, MyDoom-A, Netsky-B and Bagle-B," said Chris Belthoff, senior security analyst at Lynnfield, MA-based, Sophos, Inc. "Sober-C travels via email and peer-to-peer networks and continues to spread widely. Protection against this worm has been available for months. Those who are being affected should consider automating their anti-virus updates in order to maintain their defenses."more>>
Posted Image Subscribe To Our RSS Feed For the Latest News from GovernmentSecurity.org
Would you like to earn money posting on GSO?
0

#2 User is offline   zero-maitimax 

  • Sergeant First Class
  • Icon
  • Group: Members
  • Posts: 309
  • Joined: 16-December 03

Posted 01 March 2004 - 02:00 AM

W32/Netsky-B :D it's a dutch virus. i feel good about it :D
0

#3 User is offline   Hellraiseruk 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 141
  • Joined: 11-October 03

Posted 01 March 2004 - 07:16 AM

mydoom second not bad :D
0

#4 User is offline   Logan 

  • Specialist
  • Icon
  • Group: Specialist
  • Posts: 1,596
  • Joined: 29-February 04

Posted 01 March 2004 - 12:46 PM

lol, you two shouldn't really talk about it, it makes you sound like you're the creator (I wouldn't be surprised, but still)
Logan's Web Services
0

#5 Guest_ring0_*

  • Group: Guests

Posted 05 March 2004 - 10:23 AM

since i can't start a new thread... i'll start this discussion over here

Subject: Norton Antivirus 2002 fails to scan files with special character(s) properly.
Published: Friday, 05 March, 2004
Discovered By: Bipin Gautam ( hUNT3R )
Product Version: Norton Antivirus 2002 [ ver: 8.00.58 ] (~Only tested On...~)
Risk Impact: Low-Medium

* * *
Details:

During a 'manual scan' of a folder, if Norton Antivirus (NAV) encounters a file /folder name with 'some' ASCII characters ( 1-31) NAV can't further proceed the manual scan and its front-end 'NAVW32.exe' crashes! This Bug has no impact in the NAV Auto-Protect Engine.

Exploit: http://www.geocities...in/test_nav.zip
Create a folder (say: '!' ) and put some sub-folders and files in it. The file/sub-folder name must contain ASCII character(s) ( 1-31) . Have a manual scan of the folder named '!' NAV can't proceed the scan and crashes!

Disclaimer: The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information.
0

#6 User is offline   Logan 

  • Specialist
  • Icon
  • Group: Specialist
  • Posts: 1,596
  • Joined: 29-February 04

Posted 05 March 2004 - 12:07 PM

good post! it's a good post, but i think it's in the wrong place; basically this whole site has to do with that kind of stuff
Logan's Web Services
0

#7 Guest_ring0_*

  • Group: Guests

Posted 05 March 2004 - 08:13 PM

Subject: NAV bugs!
Published: Friday, 05 March, 2004
Updated: 06-Mar-04
Discovered By: Bipin Gautam ( hUNT3R ) ...myself ;)
Product Version: Norton Antivirus 2002 [ ver: 8.00.58 ] (~Only tested On...~)
Risk Impact: Low-Medium

* * *
Details:

During a 'manual scan' of a folder, if Norton Antivirus (NAV) encounters a file /folder name with 'some' ASCII characters ( 1-31) NAV can't further proceed the manual scan and its front-end 'NAVW32.exe' crashes! This Bug has no impact in the NAV Auto-Protect Engine.

Exploit 1). : Norton Antivirus 2002 fails to scan files with special character(s) properly.
http://www.geocities...in/test_nav.zip
Create a folder (say: '!' ) and put some sub-folders and files in it. The file/sub-folder name must contain ASCII character(s) ( 1-31) . Have a manual scan of the folder named '!' NAV can't proceed the scan and crashes!

Exploit 2). : Norton Antivirus Auto-protect fails to stop a HOSTILE CODE... that is in the last sub dir. that windows OS can create!

Run this batch script, first and make sure you have 95 sub-folders inside the folder named '----------------------------------------------------------------' in c:\ (root)



=-------CUT----------=
@echo off
echo ( you can use, http://www.eicar.org..._test_file.htm)
echo for a harmless test...
pause
cd\
c:
cd\
:hUNT3r
md 1
cd 1
if not errorlevel 1 goto :hUNT3r
:rename
cd\
c:
cd\
ren 1 ----------------------------------------------------------------
explorer c:
exit

=-------CUT----------=

Now... drag/drop a trojan named 1.exe (that NAV recognises as a hostile program) to the 93'rd sub-folder and execute the program from there........ NAV-AUTO PROTECT is unable to scan/block the program & the trojan gets executed.

[...THIS TECHNIQUE SHOULD WORK FOR SOME OTHER ANTIVIRUS PRODUCT TOO...]


[NOTE]---------------------------------------------------------------------------------------->
drag/drop the trojan code, in a scene...... FOR TEST PURPOSE you either temporarily disable your NAV and copy a trojan there and then enable NAV then and then execute the trojan . NAV is unable to scan/detect it as a virus...... when it gets executed!

OR

you create a blank file and / inject a hostile code named 1.* in the 93'rd sub directory....... and execute it! NAV IS UNABLE TO DETECT IT AS A VIRUS Ps: 93'rd directory is the last sub-folder that windows can create in the situation.....
NOTE]----------------------------------------------------------------------------------------<

Make sure the trojan/warm.exe just have a 1 character file-name! when it is executer from 93'rd sub directory! (...Last possible DIRECTORY where the file file can be copied!)


Disclaimer: The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information.


PS: PLEASE, anyone post this in a new thread...???
0

#8 Guest_ZeroQool007_*

  • Group: Guests

Posted 08 March 2004 - 03:40 AM

thx for this informations
0

#9 Guest_Ash_*

  • Group: Guests

Posted 05 April 2004 - 12:43 PM

Thats gonna come in handy :) cheers
0

#10 User is offline   qcred11 

  • Master Sergeant
  • Icon
  • Group: Second Lieutenant
  • Posts: 2,544
  • Joined: 25-February 04

Posted 05 April 2004 - 01:31 PM

News wasn't updated for atleast a month.
The top ten viruses end of the March beginning of April 2004:
1 W32/Netsky.D@mm 1 26,9 %
2 W32/Netsky.P@mm 2 25,8 %
3 W32/Netsky.Q@mm 2 15,3 %
4 W32/Netsky.B@mm 2 10 %
5 W32/Sobig.F@mm - 7,9 %
6 W32/Netsky.C@mm 2 2,4 %
7 W32/Sober.F@mm 2 1,3 %
8 W32/Swen.A@mm 1 1,2 %
9 W32/Mydoom.A@mm - 1,1 %
10 Trojandownloader.Win32.Dluca.P - 0,9 %
0

#11 Guest_Montague_*

  • Group: Guests

Posted 06 April 2004 - 01:44 AM

I found a new Virus called "ZeroQool007". It really chrashs every System :D

Sorry, I couldn't just sit there laughing

BacKZoiD :lol:
0

#12 User is offline   segv 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 20
  • Joined: 22-January 04

Posted 06 April 2004 - 04:04 AM

Interesting that Witty didn't even break the top ten qcred11.
0

#13 User is offline   migo 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 99
  • Joined: 21-February 04

Posted 06 April 2004 - 04:48 AM

interesting really
0

#14 User is offline   qcred11 

  • Master Sergeant
  • Icon
  • Group: Second Lieutenant
  • Posts: 2,544
  • Joined: 25-February 04

Posted 06 April 2004 - 06:56 AM

Quote

Interesting that Witty didn't even break the top ten qcred11.


Witty is a network worm that spreads through direct network connections, targeting machines that are running BlackIce security software.
If you're not running BlackIce software, this worm won't infect your system. This is the answer. Do you know a lot of people who's running BlackIce security software?
0

#15 User is offline   Charlievarley 

  • Private
  • Icon
  • Group: Members
  • Posts: 8
  • Joined: 03-June 03

Posted 16 April 2004 - 02:56 AM

Very interesting
0
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting