Information about the W32/Sohanad.B Worm:

W32/Sohanad.B is a worm. The worm will infect Windows systems and spreads through Instant Messaging applications.
The worm arrives via the popular instant messaging applications.
Upon execution, this worm copies itself as SVHOST32.EXE or SVHOST.EXE in the Windows folder.
The worm modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

It also creates the following registry keys to modify the settings of Yahoo! Messenger:

HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz
HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast

The worm also modifies the registry to disable Registry Editor and Task Manager. It also changes the Internet Explorer (IE) home page. This worm propagates via Yahoo! Messenger, AIM, Windows Live Messenger or Windows Messenger by sending an instant message to all the contacts of an active user. This message contains a link to a remote copy of itself. When the recipient clicks the link, a copy of this worm is executed on the recipients’ system.

Read the rest of this entry »

Three main types of computer viruses.

• A true Virus: a program that attempts to cripple your computer by “infecting” key files and spreading itself on to others. It might change critical files or perform unwanted functions like erasing your hard drive.
• A Trojan Horse will leave your computer accessible for other people to use (a common Trojan Horse is Back Orifice). Once a Trojan Horse is installed it may “bounce” through your machine as a way to cover its tracks and do other damage. A Trojan Horse gives the hacker access to all the information stored on your hard drive, so he can read your files & personal information, or use your pc to store data, send email, etc.
• A Worm will travel from system to system, gather information and send it on, also doing collateral damage along the way.

Read the rest of this entry »

Perfspot is another social networking website for young professional and college students and one of the fastest growing social networking site in UK. Recently Trend Micro Content Security Team, found the spoofed logon page of perfspot that aims to trics users into giving away personal information, such as full name, password email add and date of birth.
Read the rest of the story….

According to F-Secure storm worm is still a threat. The Zhelatin.CQ worm started to spread very late on April 8th, 2007. The worm spreads in e-mails with war-related subjects as an attachment named “video.exe”, “movie.exe”, “click me.exe” and so on. The worm creates its own peer-to-peer network.

After the worm’s file is started by a user, it drops a randomly named file into the same folder where it was started from and runs it. This file installs a rootkit and p2p (peer-to-peer) component into the Windows System folder. The file name is wincom32.sys. The following startup key is created in the Registry for the dropped file:

• [HKLM\System\ControlSet001\Services\wincom32]
  @ = “%WinSysDir%\wincom32.sys”

read more …