French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Troj/Dloadr-BLP Information

Alert ID : FrSIRT/ALRT-2008-02839
Aliases : N/A
Size : N/A
Rated as : Low Risk 
Release Date : 2008-05-13

Description

Troj/Dloadr-BLP when run downloads further malware to the folder <Documents and Settings>\All Users\_qbothome. Troj/Dloadr-BLP also creates the following registry entry so that the downloaded files autorun at startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nwiz "C:\documents and settings\all users\_qbothome\_qbotinj.exe" "C:\documents and settings\all users\_qbothome\_qbot.dll" /c nwiz.exe /installquiet .

References

http://www.sophos.com/security/analyses/viruses-and-spyware/trojdloadrblp.html

Credits

Reported by Sophos

ChangeLog

2008-05-13 - Initial Release

Disclaimer

The information contained herein was obtained from third party sources and is solely based upon the data available at the time of publication.
 
 

Search
      

Mailinglist
    
 

IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability

IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability

IBM Hardware Management Console Cross Site Scripting Vulnerabilities

IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability

IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

IBM WebSphere Application Server Security Exposure Vulnerability

IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities

Cisco Products Remote DNS Cache Poisoning Vulnerability

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

Cisco Intrusion Prevention System Jumbo Frame Vulnerability

Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

Cisco Products SNMPv3 Authentication Packets Vulnerabilities

Cisco PIX and ASA Security Bypass and Denial of Service

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Firefox Unspecified Remote Command Execution Vulnerability

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy