<![CDATA[C.I.S.R.T.]]>

<![CDATA[C.I.S.R.T.]]> http://www.cisrt.com/enblog/index.php en-US http://www.cisrt.com/enblog/read.php?247 <![CDATA[Induc Virus]]> smallmo <smallmo@cisrt.com> Thu, 20 Aug 2009 01:13:01 +0000 http://www.cisrt.com/enblog/read.php?247 Win32/Induc together today.

According to Symantec's description:

Quotation

This threat attempts to infect Delphi files during the compilation process. It does this by placing an infection routine in the following file:
[DELPHI INSTALLATION FOLDER]\source\rtl\sys\SysConsts.dcu

............

Tags - win32/induc , virus.win32.induc.a ]]> http://www.cisrt.com/enblog/read.php?126 <![CDATA[Virus.Win32.Gpcode.ai]]> smallmo <smallmo@cisrt.com> Tue, 17 Jul 2007 14:56:34 +0000 http://www.cisrt.com/enblog/read.php?126 A: Virus.Win32.Gpcode is a kind of virus which can encrypt files with RSA algorithm.

Today, some vendors reported a variant of Virus.Win32.Gpcode, such as TrendMicro, Kaspersky, Pandalabs. According their reports, this variant uses a complex encryption algorithm to encrypt user files and archives, include Microsoft Office files (.DOC, .XLS, .PPT), PDF documents, archived files (.ZIP, .RAR) and so on. Upon execution, it drops the file "read_me.txt" in all folders, which contains the following text:
............

Tags - virus.win32.gpcode , ntos.exe , trojan.gpcoder.e ]]> http://www.cisrt.com/enblog/read.php?114 <![CDATA[Winhex PoC virus]]> smallmo <smallmo@cisrt.com> Fri, 15 Jun 2007 16:32:58 +0000 http://www.cisrt.com/enblog/read.php?114 IDA was appeared. Most AV vendors reported this virus, and named it as W32.Gatt (a.k.a Gattman).

And today, F-Secure gave a post about a proof-of-concept virus for Winhex on their blog.
............

Tags - vred.a , winhex , poc , proof-of-concept ]]> http://www.cisrt.com/enblog/read.php?107 <![CDATA[T89.GAARA, Calculator Virus]]> smallmo <smallmo@cisrt.com> Sun, 03 Jun 2007 15:47:34 +0000 http://www.cisrt.com/enblog/read.php?107 Symantec, Kaspersky, have reported a new type virus, Virus.TI.Tigraa.a (aka TIOS.Tigraa), which targets to Texas Instruments TI-89 calculators.

Yes, the platform is calculator, not Windows or other OS. Of course, it's just proof of concept code, and the source code has been already published in maillists by Piotr Bania since May.21.
............

Tags - tios.tigraa , t89.gaara , virus.ti.tigraa.a ]]> http://www.cisrt.com/enblog/read.php?74 <![CDATA[Spams about Britney Spears]]> smallmo <smallmo@cisrt.com> Fri, 06 Apr 2007 10:07:55 +0000 http://www.cisrt.com/enblog/read.php?74 Britney Spears. The mail is written in HTML. In the mail body, there is a sexy photo about Britney Spears, and when users click this photo, it will visit some sites that are hosting ANI exploit code. A variant of Virus.Win32.Grum will be downloaded and executed.

These spams are as the following:
............

Tags - virus.win32.grum , britneyspears.com , ibm-ssl.com ]]> http://www.cisrt.com/enblog/read.php?67 <![CDATA[Fake IE 7 Downloads spams]]> smallmo <smallmo@cisrt.com> Fri, 30 Mar 2007 15:34:45 +0000 http://www.cisrt.com/enblog/read.php?67 Internet Explorer 7 Downloads today. These spams look like from Microsoft, and a file "IE7.0.exe" will be downloaded. This is not real Internet Explorer 7, it's Virus.Win32.Grum.a. If you meet the same spam, please delete it at once.

The spam is as the following:
............

Tags - jpcommunications.net , tvz-archive.com , abnoba.net , ie7.0.exe , virus.win32.grum.a , virus.win32.grum , ie7.0 malware ]]>