VírusTR/Vundo.ewz.9
Data em que surgiu:29/06/2008
Tipo:Trojan
Incluído na lista "In The Wild"Não
Nível de danos:Baixo
Nível de distribuição:Baixo
Nível de risco:Baixo
Ficheiro estático:Não
Tamanho:82.432 Bytes
Versão IVDF:7.00.05.19 - domingo, 29 de junho de 2008

 Vulgarmente Meio de transmissão:
   • Não tem rotinas de propagação


Alias:
   •  Kaspersky: Trojan.Win32.Monder.ahv
   •  Bitdefender: Trojan.Vundo.EWZ


Sistemas Operativos:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

 Roubos de informação – É iniciada uma rotina de logging depois de visitar um dos seguintes Web sites:
   • search.yahoo.com; search.msn.com; www.aolsearch.com; searchscout.com;
      kanoodle.com; search.ebay.com; search2.shopnav.com; earch.lycos.com;
      www.sirsearch.com; www.2020search.com; www.exactsearch.net;
      www.slotch.com; www.seekseek.com; is1.websearch.com; 66.220.17.157;
      search.perfectnav.com; 7search.com; mysearch.myway.com; web.ask.com;
      www.reference.com; landing.domainsponsor.com; www.yoogee.com;
      hp.qsrch.com; blazefind.com; 64.235.246.150; www.zestyfind.com;
      www.pwrsrch.com; www.searchassistant.net; www.altavista.com;
      www.mysearch.com; msxml.excite.com; search.startium.com; revenue.net;
      www.findthewebsiteyouneed.com; www.freeesearch.com; www.ntsearch.com;
      search.netzero.net; find.intelius.com; www.overture.com;
      search.naver.com; msxml.blowsearch.com; www.dogpile.com;
      global-finder.com; search.cometsystems.com; www.isearch.com;
      www.getfound.com; www.webcrawl.net; www.mywebsearch.com;
      www.featured-results.com; ms101.mysearch.com; www.whyppc.com;
      www.blazefind.com; searchpage.cc; search.information.com;
      kd.mysearch.myway.com; www.seeq.com; usseek.com; www.clearsearch.cc;
      www.searching.net; www.almightysearch.com; search.earthlink.net;
      search.aol.com; www.xpsn.com; search.netscape.com; www.marsfind.com;
      www2.seek2.com; www.simpli.com; ussearch.com; best-search.cc;
      searchco.com; domainhop.com; apps5.oingo.com; www.newtopsites.com;
      searchap.untd.com; www.searchreslt.com; www.180searchassistant.com;
      www.surveyscout.com; www.flashlightsearch.com; engine.metacharge.com;
      ad.searchsquire.com; images.trafficmp.com; z1.adserver.com;
      ads1.revenue.net; ad.doubleclick.net; adserver.sharewareonline.com;
      jbns2.cydoor.com; webpdp.gator.com; count.exitexchange.com;
      bannerfarm.ace.advertising.com; sr.adwave.com;
      oas-central.realmedia.com; ads.clickagents.com; www.jmnad1.com;
      banners.pennyweb.com; c1.zedo.com; jbigpops.cjt1.net;
      nitrous.exitfuel.com; ads.bidclix.com; ads.x10.com;
      nitrous.internetfuel.com; ads.partner2profit.com; ads.centralmedia.ws;
      e.rn11.com; ilead.itrack.it; ad.weatherbug.com; www.popuppers.com;
      ad.trafficmp.com; ads.addynamix.com; ads.peel.com; popup.msn.com;
      adserv.internetfuel.com; isg01.casalemedia.com; ads.specificpop.com;
      a.tribalfusion.com; jthedelfin.cjt1.net; isg02.casalemedia.com;
      isg03.casalemedia.com; popups.ad-logics.com; isg04.casalemedia.com;
      isg05.casalemedia.com; ads.dealhelper.com; jmediabuy1.cjt1.net;
      c1dcon.d8t.biz; adfarm.mediaplex.com; www.odysseusmarketing.com;
      cache.unicast.com; c5.zedo.com; aff.weatherbug.com;
      banners.valuead.com; www.trafficexplorer.com; icc.intellisrv.net;
      media.fastclick.net; servedby.advertising.com; as1.falkag.de;
      ads.flashtrack.net; oz.valueclick.com; ar.atwola.com;
      clients.valueclick.com; c.azjmp.com; cnt.rapidblaster.com;
      www2.yesadvertising.com; sbase30.com; www.nextag.com; www.advnt01.com;
      c4.zedo.com; object.passthison.com; us.rd.yahoo.com;
      us.f1.yahoofs.com; rds.yahoo.com; us.f2.yahoofs.com;
      www6.paypopup.com; downloads.aaa1screensavers.com; www1.paypopup.com;
      serve.alcena.com; www.clk4.com; www4.yesadvertising.com; advnt05.com;
      as.adwave.com; previewpops.com; pop.mircx.com;
      www5.yesadvertising.com; sw.interpolls.com; ww2.weatherbug.com;
      www.adshooter.com; c.casalemedia.com; c7.zedo.com; www.paypopup.com;
      images.bonzi.com; ads.wanadooregie.com; s1di.d8t.biz; banners.dot.tk;
      www.bravenet.com; jclickspring.cjt1.net; www8.paypopup.com;
      sp.trafficmarketplace.com; hop.clickbank.net; www.qksrv.net;
      www2.nextag.com; clk.atdmt.com; www.azoogleads.com; jicmedia.cjt1.net;
      media.adrevolver.com; ads.smni.com; http300.edge.ru4.com;
      banners.toteme.com; www.consumptionjunction.com; us.ard.yahoo.com;
      jimesh.cjt1.net; www.flowgo.com; banner2.inet-traffic.com;
      advertising.paltalk.com; adserver.trb.com; www.weatherbug.com;
      javatar.cjt1.net; server5.adsrve.com; ads.as4x.tmcs.net;
      oascentral.cciads.us; www9.paypopup.com; jadlogix.cjt1.net;
      clicks.toteme.com; fad-1107.nyc1.targetnet.com; www.look2me.com;
      www.cydoor.com; fad-413.mtl4.targetnet.com; www.emarketmakers.com;
      fad-1109.nyc1.targetnet.com; jp1.sb01.com; ads2.revenue.net;
      azoogleads.com; www.traffic-converter.com; fad-412.mtl4.targetnet.com;
      ads-direct.prodigy.net; affiliate.dtiserv.com;
      fad-1108.nyc1.targetnet.com; click.linksynergy.com; www.adsrve.com;
      traq.sublimoffer.com; image.atdmt.com; www.infinite-ads.com;
      www.bidclix.com; paypopup.com; clickit.go2net.com; www.7adpower.com;
      ad.insightexpress.com; ads.180solutions.com

 Detalhes do ficheiro Linguagem de programação:
 O programa de malware está escrito em Delphi.

Descrição enviada por Alexander Neth em terça-feira, 1 de julho de 2008
Descrição atualizada por Alexander Neth em terça-feira, 1 de julho de 2008

Voltar . . . .