McAfee maintain a list and profile of nearly all the viruses out in the computer world, and also grade their current risk status. Computer users who want to keep themselves abreast of each new virus threat, would do well to consult this list occasionally.
It’s an illuminating line-up, bringing home to computer users the high levels of risk and danger that they face in their everyday dealings with computers.
Let’s take one day in particular, when McAfee drew our attention to three new Trojan viruses. On the 26th October, 2006, McAfee added to their list of viruses to look out for the following three names:
- Generic Dropper!bei!1938a8cf8776;
- Generic PWS.y!bce!eac18f0df91a.
All are trojans and before we take a quick look at the first one in the list, the Generic Dropper!bei!1938a8cf8776, lets remind ourselves what a trojan is.
Named for very apt reasons after the Trojan Horse in Greek mythology, a trojan is malware which appears to have a desirable, or necessary function, but in reality allows unauthorised access to a user’s computer. In other words, just like the Trojan Horse which was presented as a gift, only to conceal soldiers that gained unwanted access.
What distinguishes them from viruses and worms, is that they are not self-replicating. What’s more, to fulfil their evil deeds, they require a degree of interaction from the hacker, or cybercriminal. And trojans need not be faithful to their creators; hackers can, by using a port scanner to scan network computers, be on the hunt for an available trojan which will give them access to a vulnerable machine.
Because they don’t self-replicate, they have to be spread manually by unwitting computer users, or hackers. They are most commonly activated executing programmes distributed by e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Infection symptoms of the detection are the files, registry and network communication detailed in the McAfee virus characterisation section. Here McAfee provides bares the Generic Dropper!bei!1938a8cf8776 to the public, including file name (in this case virus.exe), its length (81,920 bytes) and its CRC (2581E782).
It’s known by other computer security companies as:
- Avast – Win32:Malware-gen;
- Avira – TR/Drop.Agent.AP;
- Dr.Web – BackDoor.IRC.Sdbot.4889;
- Eset – a variant of Win32/Injector.AEH;
- FortiNet – W32/VB.AD!tr;
- Kaspersky – Trojan-Dropper.Win32.VB.mwb;
- Sophos – Mal/VB-AD;
- Symantec – W32.SillyFDC.
Guest Article by Neil Camp