Worm:Win32/Slenfbot.A is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/Slenfbot.B is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/Slenfbot.C is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Backdoor:Win32/Berbew.AX.drv.dr is a Trojan that is dropped and executed by Backdoor:Win32/Berbew.AX, which targets computers running Windows 2000 or Windows XP. Backdoor:Win32/Berbew.AX.drv.dr installs a network driver that allows Backdoor:Win32/Berbew.AX to bypass certain software firewalls.   

Update: This threat has been renamed [URL]Backdoor:Win32/Mocbot.A.

 

Backdoor:Win32/Graweg.A is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Graweg.A begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Graweg.A is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Graweg.A could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Graweg.A may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Graweg.A includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Graweg.A has been assigned CME ID 482 and will be detected by Microsoft as

Update: This threat has been renamed Backdoor:Win32/Mocbot.A.

 

Backdoor:Win32/Graweg.B is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Graweg.B begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Graweg.B is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Graweg.B could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Graweg.B may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Graweg.B includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Graweg.B has been assigned CME ID 762 and will be detected by Microsoft as

Backdoor:Win32/Ryknos.A is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan opens a backdoor on the infected computer to receive commands from attackers. If the rootkit VirTool:WinNT/F4IRootkit is already installed on the target computer, the Trojan uses the rootkit to hide.

Backdoor:Win32/Berbew.AX.drv.dll is dropped by Backdoor:Win32/Berbew.AX.drv.dr. Backdoor:Win32/Berbew.AX.drv.dll provides an interface between Backdoor:Win32/Berbew.AX and a network driver that is installed by Backdoor:Win32/Berbew.AX.drv.dr.

TrojanDropper:Win32/Nuwar.gen!backdoor is a Trojan that drops and installs Backdoor:Win32/Nuwar.B onto an infected computer.

 

Backdoor:Win32/Nuwar.B is a Backdoor Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, registry entries and registry values.

 

Related Malware

VirTool:WinNT/Xantvi.gen!A is a generic detection for a kernel-mode rootkit driver that terminates processes and attempts to hide the presence of related malware on an affected machine.

PWS:Win32/Ldpinch.BC is a trojan that steals sensitive data. It also has backdoor capabilities, which allow the infected system to be remotely controlled by an attacker.

TrojanDownloader:Win32/Agent.AHD is a trojan that drops additional malware and downloads and executes arbitrary files.

Trojan:Win32/Tibs.gen!lds is generic detection for a component of Win32/Tibs. This trojan downloads and executes malware from predefined Web sites.