Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
14 entries found.
Exploit:Win32/MS08067.gen!A
Exploit:Win32/MS08067.gen!A is a generic detection for code that attempts to exploit a vulnerability in SVCHOST.EXE. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled.
On targeted hosts running Windows 2003, XP, 2000 or NT, this remote attack may be performed by an unauthenticated user. Successful exploitation of the vulnerability on systems with default installations of Windows Vista and Windows Server 2008 require authentication due to protections introduced as part of user access control (UAC) that enforce additional levels of integrity.
Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.
Alert level:
severe
Backdoor:Win32/IRCbot.gen!O
Backdoor:Win32/IRCbot.gen!O is a generic detection for a trojan that allows unauthorized access and control of an affected machine by a remote attacker using IRC. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from an attacker. This particular detection may trigger on variants of several different IRC bot families, including Win32/Pushbot and Win32/Synigh.
Also detected as: Exploit:Win32/MS08067.gen!A(other)
Alert level:
severe
TrojanDownloader:Win32/VB.GS
TrojanDownloader:Win32/VB.GS is detection for a trojan that downloads and executes malware detected as Exploit:Win32/MS08067.gen!A from a remote website.
Alert level:
severe
Trojan:Win32/Killav.BS
Trojan:Win32/Killav.BS is a trojan that terminates a large number of security-related processes, including those for antivirus, monitoring, or debugging tools and installs Exploit:Win32/MS08067.gen!A.
Alert level:
severe
Worm:Win32/Kolabc.C
Worm:Win32/Kolabc.C is a worm that can spread to removable drives and to other networked computers by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-039, MS06-040 and MS08-067. The worm contains backdoor functionality that allows an attacker remote access and control of the infected computer.
Also detected as: Exploit:Win32/MS08067.gen!A(Microsoft)
Alert level:
severe
TrojanSpy:Win32/Gimmiv.A.dll
TrojanSpy:Win32/Gimmiv.A.dll is a trojan that gathers system information from the host computer on which it is installed. The trojan runs as a service for a short time and may delete itself after performing its data gathering routine.
Alert level:
severe
TrojanSpy:Win32/Arpoc.A.dll
TrojanSpy:Win32/Arpoc.A.dll is detection for components of TrojanSpy:Win32/Arpoc.A. Win32/Arpoc is a trojan that connects with computers across a local class C network searching for vulnerable target hosts that have not applied Security Bulletin MS08-067. This trojan exploits this specific vulnerability to install TrojanSpy:Win32/Gimmiv.A, a data collecting trojan.
Alert level:
severe
TrojanSpy:Win32/Arpoc.A
TrojanSpy:Win32/Arpoc.A is a trojan that connects with computers across a local class C network searching for vulnerable target hosts that have not applied Security Bulletin MS08-067. This trojan exploits this specific vulnerability to install TrojanSpy:Win32/Gimmiv.A, a data collecting trojan.
Alert level:
severe
TrojanSpy:Win32/Gimmiv.A
TrojanSpy:Win32/Gimmiv.A is a trojan that gathers system information from the host computer on which it is installed. The trojan may delete itself after performing its data gathering routine.
Alert level:
severe
TrojanDropper:Win32/Microjoin.gen!C
Windows Defender Antivirus detects and removes this threat.
This threat is a tool used to install malware without being detected. It's used to bundle multiple files, including clean and malware files, into a single installer.
Alert level:
severe
Win32/Gimmiv
Windows Defender Antivirus detects and removes this threat.
Win32/Gimmiv is a trojan that gathers system information from the host computer on which it is installed. The trojan may delete itself after performing its data gathering routine.
Alert level:
high