http://www.securelist.com/en/ 17 May 2012 06:34:51 +0400 http://www.securelist.com/en/rss/klogo.gif http://www.securelist.com/en/ webmaster@securelist.com () This malware displays adult-content video clips. It is a Windows dynamic library (PE DLL file). It is 1 959 592 bytes in size. It is written in C++. http://www.securelist.com/en/descriptions/Porn-Tool.Win32.StripDance.d http://www.securelist.com/en/descriptions/Porn-Tool.Win32.StripDance.d 27 Apr 2012 16:36:00 +0400 webmaster@securelist.com () When the user opens the fraudulent resource in the browser, this HTML document opens in a frame on the main page. The domain names of such fraudulent resources nearly match the "Odnoklassniki.ru" site... http://www.securelist.com/en/descriptions/Hoax.HTML.OdKlas.a http://www.securelist.com/en/descriptions/Hoax.HTML.OdKlas.a 27 Apr 2012 16:32:00 +0400 webmaster@securelist.com () This hoax program imitates the download of Opera browser updates. It is an HTML page containing Java Script. It is 15 184 bytes in size. http://www.securelist.com/en/descriptions/Hoax.HTML.Agent.i http://www.securelist.com/en/descriptions/Hoax.HTML.Agent.i 27 Apr 2012 16:29:00 +0400 webmaster@securelist.com () This adware is designed to redirect user's search queries to other web resources. It is a Windows application (PE EXE file). It is 1 416 432 bytes in size. It is written in C++. Installation This... http://www.securelist.com/en/descriptions/not-a-virus:AdWare.Win32.Sushi.a http://www.securelist.com/en/descriptions/not-a-virus:AdWare.Win32.Sushi.a 26 Apr 2012 13:04:00 +0400 webmaster@securelist.com () When an infected page is opened, the Trojan launches its malicious script for execution. The Trojan then adds "mouseup" and "beforeunload" event handlers to this page. The malware tracks three user... http://www.securelist.com/en/descriptions/Trojan-Clicker.JS.Agent.op http://www.securelist.com/en/descriptions/Trojan-Clicker.JS.Agent.op 26 Apr 2012 12:57:00 +0400 webmaster@securelist.com () When an infected page is opened in the user's browser, the following HTML document is displayed: After the user sends an SMS to the premium rate number, nothing will change on this page. The... http://www.securelist.com/en/descriptions/Trojan.JS.Redirector.os http://www.securelist.com/en/descriptions/Trojan.JS.Redirector.os 26 Apr 2012 12:54:00 +0400 webmaster@securelist.com () When an infected page is opened in a browser, the user will be shown a message about malicious activity on the computer. The infected page then imitates an antivirus scanner, which finds... http://www.securelist.com/en/descriptions/Trojan.JS.Fraud.ba http://www.securelist.com/en/descriptions/Trojan.JS.Fraud.ba 25 Apr 2012 14:39:00 +0400 webmaster@securelist.com () This program downloads various malware from the Internet and installs it without the user's knowledge. It is a Windows application (PE EXE file). It is 129 288 bytes in size. It is packed using UPX.... http://www.securelist.com/en/descriptions/not-a-virus:AdWare.Win32.WhiteSmoke.a http://www.securelist.com/en/descriptions/not-a-virus:AdWare.Win32.WhiteSmoke.a 25 Apr 2012 14:10:00 +0400 webmaster@securelist.com () When the following files are available, the Trojan launches them for execution: C:\EEQQ\QQE.exe C:\EEQQ\EEQ.exe In a separate thread the Trojan searches for the following windows class names:... http://www.securelist.com/en/descriptions/Trojan-GameThief.Win32.Nilage.ipj http://www.securelist.com/en/descriptions/Trojan-GameThief.Win32.Nilage.ipj 25 Apr 2012 14:01:00 +0400 webmaster@securelist.com () Once launched, the Trojan uses additional JS scripts to strip obfuscations from its main malicious code. The Trojan then determines the operating system version, the current browser and the plugins... http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.ftu http://www.securelist.com/en/descriptions/Trojan-Downloader.JS.Agent.ftu 24 Apr 2012 17:15:00 +0400 webmaster@securelist.com () This Trojan downloads files from the Internet without the user's knowledge. It is a Java class file. It is 2555 bytes in size. http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.df http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.df 24 Apr 2012 17:12:00 +0400 webmaster@securelist.com () The malware is a component of a Trojan downloader from the "Trojan-Downloader.Java.OpenConnection" family and includes a class file named "bear", which downloads a file from the Internet, from a link... http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.dd http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.dd 24 Apr 2012 17:09:00 +0400 webmaster@securelist.com () The malware is a component of a Trojan downloader from the "Trojan-Downloader.Java.OpenConnection" family and includes a class file named "monoid", which downloads a file from the Internet, from a... http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.dc http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.dc 23 Apr 2012 18:30:00 +0400 webmaster@securelist.com () The malware is a component of a Trojan downloader and includes a class file named "a", which downloads a file from the Internet, from a link sent to it. The file is saved in the current user's... http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.cx http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.cx 23 Apr 2012 18:20:00 +0400 webmaster@securelist.com () This malware is a component of a Trojan, which downloads files from the Internet without the user's knowledge. It is a Java class file. It is 672 bytes in size. http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.cg http://www.securelist.com/en/descriptions/Trojan-Downloader.Java.OpenConnection.cg 23 Apr 2012 18:17:00 +0400 webmaster@securelist.com () When an infected page is opened in the browser, the Trojan launches a Java applet placed on the same server: http://<site>/games/tetris.jar Where <site> is the infected site's domain... http://www.securelist.com/en/descriptions/Trojan-Downloader.HTML.Agent.sn http://www.securelist.com/en/descriptions/Trojan-Downloader.HTML.Agent.sn 20 Apr 2012 16:30:00 +0400 webmaster@securelist.com () This Trojan opens different websites in the browser without the user's knowledge. It is an HTML page. It is 61 048 bytes in size. http://www.securelist.com/en/descriptions/Trojan-Downloader.HTML.Agent.sl http://www.securelist.com/en/descriptions/Trojan-Downloader.HTML.Agent.sl 20 Apr 2012 16:21:00 +0400 webmaster@securelist.com () Once an infected HTML page is opened, the Trojan sets a "cookie" in the browser until the year 2037 named "cook15" with the current date and time. The Trojan, in order to test the "cookies"... http://www.securelist.com/en/descriptions/Trojan-Clicker.JS.Agent.om http://www.securelist.com/en/descriptions/Trojan-Clicker.JS.Agent.om 20 Apr 2012 16:16:00 +0400 webmaster@securelist.com () The malicious user injects this script into infected HTML pages. Once launched, the Trojan decrypts its body, then in a hidden frame it opens the resource placed on the same server, where the infected... http://www.securelist.com/en/descriptions/Trojan.JS.Iframe.rg http://www.securelist.com/en/descriptions/Trojan.JS.Iframe.rg 10 Apr 2012 19:26:00 +0400 webmaster@securelist.com () This program has a malicious payload. It is an HTML document containing Java Script. It is 66 821 bytes in size. http://www.securelist.com/en/descriptions/Trojan.JS.Agent.bte http://www.securelist.com/en/descriptions/Trojan.JS.Agent.bte 10 Apr 2012 19:00:00 +0400