The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
01/29/2015

Trojan.Filurkes.B

Type:  Trojan
Discovered:  29.01.2015
Updated:  29.01.2015
Affected systems:  Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
AV Vendor:  Symantec

Description:

When the Trojan is executed, it creates one of the following files:
  • %SystemDrive%\Documents and Settings\All Users\Application Data\man.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\fc.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\vw.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\wapi.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\setup.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\env.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\p10.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\theme.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\http.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\mm.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\pool.drv
  • %SystemDrive%\Documents and Settings\All Users\Application Data\sta.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\core.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\mi.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\dlg.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\in_32.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\el32.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\ER32.DLL
  • %SystemDrive%\Documents and Settings\All Users\Application Data\help.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\API32.DLL

The Trojan then creates one of the following data files:
  • %SystemDrive%\Documents and Settings\All Users\Application Data\ddd2.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\pdk2.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\km48.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\9llq.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\ddqq.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\834r.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\gi4q.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\wu3w.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\qq34.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\dqd6.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\w4ff.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\ok4l.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\kfii.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\ie31.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\4433.dat

Next, the Trojan creates the following registry entries:
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887}\"InProcServer32" = "[PATH TO DLL FILE]"
  • HKEY_CURRENT_USER\Software\Classes\Drive\ShellEx\FolderExtensions\{118BEDCC-A901-4203-B4F2-ADCB957D1887}\"DriveMask" = "0xffffffff"
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887}\InProcServer32\"ThreadingModel" = "Apartment"

The Trojan then connects to the following remote location:
  • peltry77relay.com

The Trojan may then download additional malware

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015