POLICY UPDATED BY SAX2

Hi Friends pls be careful about these backdoor trojans.

Policy Update of Sax2


1. SMTP_Trojan IRCBot attempt to send e-mail

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the sender of email is crap@crap.com.

2. HTTP_Trojan IRCBot attempt to establish a connection with the remote hosts

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the following internet connections wil lbe established on port 80:

204.0.5.51

208.53.183.20

208.53.183.46

67.210.170.179

205.188.59.194

64.12.90.98

67.43.232.36

and the data identified by the following URLs was then requested from the remote web server:

/fdc2.data

/fdc1.data

/jiri.data

/zero.data

/buda.data

/b7k.data

/44.data

/rs.data

http.icq.com.edgesuite.net/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exe

yutunrz.1dumb.com/reg?u=7710BA55&v=187&s=0&su=0&p=1&e=0&o=0&a=0&wr=75

3. TCP_Trojan IRCBot attempt to establish a connection with a remote IRC server

Type: Backdoor & Trojan

Description: This event is generated when sax2 detected some suspicious traffic, such as: JOIN #kok7, USERHOST FQixZtkC, USER sxanro sxanro sxanro :kyxiqeezkkdoxrdj.

4. HTTP_Trojan-PSW.Win32.Agent.skv attempt to request a URL from from the remote web server

Type: Backdoor & Trojan

Description: Exactly detect the Cookie stealing in network. If gain the Cookie, The attacker will gain sensitive information, such as user name, password, email box and so on, after stealing the Cookie.

6. HTTP_Trojan-Banker.Win32.Banbra attempt to request data from the remote host

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the data identified by the following URL was then requested from the remote web server: http://85.234.191.174/zz.php?id=t_a_d_01

6. HTTP_Trojan.FakeAV attempt to request data from the remote host

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the data identified by the following URL was then requested from the remote web server:

http://mediafulluns.com/any3/5-irect.ex

http://www.searchaverage.org/a/ad

http://searchaverage.org/readdatagateway.php?type=stats&affid=396&subid=landing&version=4.0&adwareok



II. Articles and Tutorials

1. How to detect and remove the Trojan.IRCBot

This article introduces what is Trojan.IRCBot and how to detect and remove the Trojan.IRCBot, more information...

III. Latest Threats

1. Email messages with subject "LinkedIn Alert" lead to malware

An certain amount of emails with the subject “LinkedIn Alert" were intercepted, it leads to a website with malicious software and redirects surfers to a online pharmacy web site, more information...

2.Trojan-PSW.Win32.Agent.skv

Trojan.PSW.Agent monitors and records your keystrokes and scans your computer for stored passwords. This information is then sent to the parasite authors. Trojan.PSW.Agent is highly dangerous and is a serious threat to your financial and personal information, more information...

3.Trojan-Banker.Win32.Banbra

Trojan-Banker.Win32.Banbra is a malicious Trojan designed to steal banking details. Trojan-Banker.Win32.Banbra uses stealth tactics to enter the PC before downloading other harmful files from the Internet. Trojan-Banker.Win32.Banbra steals financial data like credit card numbers and online banking login details by taking screen snapshots of user activity. Trojan-Banker.Win32.Banbra also downloads additional components and poses a severe security risk to computer safety, more information...

4. Trojan.FakeAV

Trojan.FakeAV is a malicious trojan horse that may represent a high security risk for the compromised system or its network environment. Trojan.FakeAV, also known as Trojan.Win32.Small.ccz, creates a startup registry entry and may display annoying fake alerts of malware payloads in order to persuade users to buy rogue antispyware products. Trojan.FakeAV contains characteristics of an identified security risk and should be removed once detected, more information...
Sincerely
Gurbinder  Sharma
IT Specialist