News archive about antivirus software, virus threats, trojans

May 2003

Virus pattern replicates to new models -- Posted by Igor_Donchenko on Thursday, May 29 2003
BitDefender, an antivirus software producer, reports a new version of Nocan (Win32.Nocan.B@mm), a mass-mailer virus, very similar to the high-spreading virus Sobig.B (previously known as Palyh). The virus uses mainly the e-mail and the file-sharing networks in order to spread. For the moment, just a few reports of infection, most probable from the author himself, have been received, but the virus has a high-spreading potential.
The specialists believe that the author is Melhacker - the same as in the case of Maax.B - a virus discovered during the last week. He might be a member of the VX (virus authors) community. The virus has even the ability to update itself from a web address, which seems to belong to that community.
"The latest viruses, beginning from Yahaa.B and until this one, use the same mechanisms and probably share the same database of tricks (e-mail subjects, content, antivirus services to be terminated, etc.). They are all Trojans, backdoors, mass-mailers and worms, key-loggers and password-stealers, using in most cases the same techniques to spread and to infect computers", Patrick Vicol, Virus Researcher at BitDefender stated. "Only the programming approach is a little different. For example, Nocan is made in Visual Basic programming environment - using a very complex structure, with a strong update potential", Patrick concluded.
Complexity seems to be the keyword for this last virus: the code contains instructions to copy the virus file into the System32 folder, to modify Windows registry keys, to attempt termination of data security software installed on the system, to send itself as e-mail message to all contacts in the Address Book, to search for most popular IM applications and to copy itself into their shared folders under different, tricky names. The virus is also able to perform DoS attacks against 10 IP addresses, to deface the existing IIS site on the system, to delete files on the hard-drive (C:\Safeweb and all files on the root folder and on the D:\ partition), to steal information (subsequently e-mailed to the address chatza@phreaker.net), to create a backdoor and to download a file (for updating purposes) from a certain URL.
BitDefender has updated all its antivirus solutions, to detect and stop the spreading of this new threat. BitDefender experts recommended all users to use the update feature in order to stay protected against any other new viruses.

AntivirusWorld recommends:   Buy EZ Antivirus - automatic defense against the viruses eTrust EZ Antivirus detects and removes 100% of computer viruses "in the wild" - keeping you safe from virtually all known virus threats. Plus, with automatic software updates, new threats that emerge daily won't stand a chance.

	News archive

• May 2007
• April 2007
• March 2007
• February 2007
• May 2006
• April 2006
• March 2006
• January 2006
• October 2005
• September 2005
• August 2005
• July 2005
• June 2005
• May 2005
• April 2005
• March 2005
• February 2005
• January 2005
• December 2004
• November 2004
• October 2004
• September 2004
• August 2004
• July 2004
• June 2004
• May 2004
• April 2004
• March 2004
• February 2004
• January 2004
• December 2003
• November 2003
• October 2003
• September 2003
• August 2003
• July 2003
• June 2003
• May 2003
• March 2003
• February 2003
• January 2003
• December 2002
• November 2002
• October 2002
• September 2002
• August 2002
• July 2002
• June 2002
• May 2002
• April 2002
• March 2002
• February 2002