Tuesday, November 4, 2014

The Pirate Bay Co-Founder Arrested:

The Pirate Bay is most visited torrent site in the world and it uses bit torrent protocol for peer to peer file sharing.
"Hans Fredrik Lennart Neij, known to hackers as TiAMO, was detained in the north-eastern Thai town of Nong Khai."- BBC

source: BBC
"Another Pirate Bay co-founder, Gottfrid Warg, was arrested in Cambodia in 2012 and sent back to Sweden to serve his sentence for the same conviction, as well as face a separate hacking trial in Denmark." -BBC



Post by
newWorld

Tuesday, September 30, 2014

Ello Down Due To DDOS Attack:

Ello is an ad free social network. And it is widely dubbed as rivalry for facebook. Imagine a social network site without ad, then you feel like a house in under construction. Ello looks the same but it is promising in social network.

If you read the Ello's privacy report: get clear idea...

"

Your Privacy is Important

As an ad-free network that does not sell data about its users to third parties, Ello has also taken unique steps that help you control how much information about you is shared when you use Ello.
Please read this document in its entirety and take it seriously. It explains Ello's privacy practices, and what information we collect when you use our web site, mobile apps, services, products, and other content; and also how you can opt-out of sharing some of this information."

Ello's privacy reports shows that they are clean and in purpose. Now we see the DDos attack.
Ello site faced a DDOS attack and appeared to be down. Ello takes corrective measures by blocking the Ip. 

In our opinion, Ello is growing more popular, so only it started facing these challenges.

Post made by 

Monday, September 29, 2014

A Codeless PE Binary File That Runs!!!

Recently, I came across article written in alex lonescu's blog. Its about the PE tricks that PE binary which having no codes.
As per his words:

the challenge is - "Write a portable executable (PE/EXE) file which can be spawned through a standard CreateProcess call and will result in STATUS_SUCCESS being returned as well as a valid Process Handle, but will not
  • Contain any actual x86/x64 assembly code section (i.e.: the whole PE should be read-only, no +X section)
  • Run a single instruction of what could be construed as x86 assembly code, which is part of the file itself (i.e.: random R/O data should not somehow be forced into being executed as machine code)
  • Crash or make any sort of interactive/visible notice to the user, event log entry, or other error condition."

He did it. 


Check the solution here: http://www.alex-ionescu.com/?cat=2


Post by newWorld


Malicious App - Windseeker (Advanced Injection And Hooking Technique)

 Very recently, our friends in Lacoon mobile security discovered a malicious app which implements the advanced injection and hooking techniques. It rise the eye brows, because they try to make in the same way of malicious routines in the PC based malware for this mobile based malware.


Eavesdrop :

The main function of this windseeker is to eavesdrop on Chinese Instant Messenger (IM) chats. The targeted device is rooted android platforms.


Threats :

Reach of the instant chat in the hand held devices such as Android phones, are now in pinnacle. These threat actors now targeting these device users with instant chat.

Lacoon quoted as follows- 
"Windseeker runs on rooted Android devices and enables the remote monitoring of two popular Instant Messaging (IM) apps, developed by Tencent (one of the largest Chinese Internet service portals):
  1. WeChat – A globally-used messaging apps boasting 100,000,000-500,000,000 downloads in the Google’s Play Store.
  2.  QQ – Mainly a Chinese-regional messaging app boasting ~800,000,000 users (a total of all mobile platforms, not just Android).
While this tool is intended for use in China due to the intended targets as Chinese instant messaging apps (WeChat and QQ) and monitored chats being in Chinese, it’s important to understand that this type of threat could be implemented anywhere."


 How this windseeker works?                                                                                                     
Using the process monitor threads, it will identify the whether instant messenger is running or not. Then it will indulge in hooking activity by injecting the malicious codes in to the process. Then it starts to spy on the IM chats. An api is called by app, and that api is already hooked which results in the spying. This is the overall picture of this windseeker malicious activity.


All in the hands of the users to aware what they installed in the devices, otherwise their privacy at risk.

                                                                                                                                                       Regards,
                                                                                                                                                                                                                             



Wednesday, August 6, 2014

Analysis of malicious VBscript:


Yesterday, AntiVir detects a vbscript as :VBS/Dldr.Agent.sver

I try had a hand with that and try to find what it is actually doing:

Malicious script

Formatted script using malzilla

If you look at the script, it set the site name as nosensetoblock and temp folder location as tfolder. It loads a cmd file in temp location as follows:

 var genesis is equal to "%TEMP%\\keybtc.cmd", autorotatedomain="images";

 Use the Try catch method for auto reply (refer the image).

 Its good detect these kind of scripts :).

Post made by
newWorld

Tuesday, August 5, 2014

Trojan: Wonton

VT Information about a malicious sample:

MD5e564d95cff4e3c7c14b8a149de41935a
SHA-1f9c256c5b2ae937a9b04d73ac88aaa782b8770dc
SHA-25657bab53ddf5ba525343218c78de26064d0e6b9a3cd739ebbe0ba2358ea2b7394
ssdeep12288:jN5mEjuyhoWgXk6Eqyli7B0d6hHBZ0FAb12:jNIEjuyhoWgXk6W07B0d6hHBqFAZ2
imphash a49926a7e80581b917867c2bd8cfdf8f
Size416.5 KB (426496 bytes)
TypeWin32 EXE
MagicPE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrIDWin32 Executable MS Visual C++ (generic) (64.5%) Win32 Dynamic Link Library (generic) (13.6%) Win32 Executable (generic) (9.3%) Clipper DOS Executable (4.1%) Generic Win/DOS Executable (4.1%)


 This malware through an error message when you execute:
But if you observe the changes in the system through process explorer and process monitoring tools, you will find some process with random character as process name which points to the %Application data%. This is obviously wired. And give one hundred percent confirmation to the user that we are executed a malware. If you use inctrl, it will log all the changes made in the files, folders and registries.                                              


Leading Antivirus such as Sophos detecting these set of malwares with the name :                                        

Troj/Wonton-FE



And Eset-Nod32 detect the same malwares with the name:

a variant of Win32/Agent.VNC



sophos write up
The above snap says what sophos says about the behavior of the samples. Sophos is pretty good AV.

Stay protected. Enjoy the cyber world.

Post made by 

Monday, August 4, 2014

Today's email scam:

Today i got a mail from BHC (as it claims like British High Commission) which i never heard. There is no message part in the mail and only an attachment (a pdf file) found. I downloaded it scan with my local exploit scanner. Nothing found.

snap of the mail

I checked what that pdf claims... it is same old 419 scams aka Nigerian scam...




snap of the pdf
It looks pretty legit and colorful... But people need to understand one thing, no one will give you million dollars without you doing nothing. 
So, my humble advice to delete these mails without read it. Also, educate your relatives and friends by creating awareness. Please check my blog for other Nigerian scams Aka 419 scams.


Post made by

Tuesday, June 17, 2014

Malware brief introduction:


Malware is a malicious software program (Mal+Ware=Malicious+software). Computer viruses, Trojan, Rootkits, Bootkits, Adware, Spyware, Backdoor, Crimeware, etc. comes under the category of malware. Malware is intended to infect the system, run the unauthorized programs in the system, utilize the system resources and even steal the credentials.

In dos virus era, computer viruses are used only for destruction purposes. And the earlier malware author did it for a fun and show their talent in the understanding of computers and its program's functionality. But the current trend is totally different. Yes, the current malware author not focusing on just destruction of the programs by infecting, their total focus on stealing the valuable credentials such as banking user name and password, email password, etc. Billions of Dollars were stolen using malware programs by malware authors.

Another important purpose of the malware is used as state of art and in other words as targeted attacks against a country or state, organisation by other arch-rival countries or organisation. It is known as APT (Advance persistent Threats). Threat actor may be underground cyber hacking groups or arch-rival Governments or state sponsored threat actors and its target is as we earlier told a country or state, big organisation (Billions of Dollars worth in terms of revenue).

Common people use the term virus (computer virus) for all the malicious programs, but computer virus is one of the malicious program or one of the categories in the malware. Virus files usually infect the system files and application files. So, it finally results in the malfunction of the computer programs. Only option is through disinfection method used by antivirus program or need to format the whole system and installing the operating system once again. Formatting the  system and installing the OS again, is time consuming work. Also, people will lost the important data stored in the system. If data may be songs and movies, but in greater extent, it was important official documents and it worth more than a movie or songs. In this case, using antivirus program is must. Since it have shield functionality to stop the known malware families or viruses to infect the system. Even infected program can be cleaned or disinfected by antivirus program, since they have cleaning routines for most of the virus families.

Antivirus or anti-malware engines will detect those malicious programs and remove it. Antivirus engine scan for signature in the all computer programs present in the system and notify the user. Signature is nothing but malicious code or routine and it only triggering the malicious event to happen. If such routines present in the file, then it will be detected by the antivirus engine. We can see more about on the same category in upcoming posts.

Monday, June 16, 2014

Etumbot - APT Backdoor

AV results for Etumbot Backdoor (malware -APT):


MD5 ff5a7a610746ab5492cc6ab284138852
SHA-1 34e4692f35e809bb281fa7455f661057c6d5c9e2
SHA-256 89983ea32ba4ddf50ef488653be07d30ed77c09d77b03c5bd3eaac5e8497970e


AVG SHeur4.BSAN 20140613
Ad-Aware Trojan.GenericKD.1597427 20140613
Agnitum Trojan.Agent!Bn8DSJ/FD8s 20140614
AhnLab-V3 Dropper/Win32.Agent 20140613
AntiVir TR/Dropper.Gen 20140613
Antiy-AVL Trojan/Win32.Agent 20140613
Baidu-International Trojan.Win32.Agent.aN 20140613
BitDefender Trojan.GenericKD.1597427 20140613
DrWeb Trojan.DownLoader9.41796 20140613
Emsisoft Trojan.GenericKD.1597427 (B) 20140613
F-Secure Trojan.GenericKD.1597427 20140613
Fortinet W32/Agent.AFSHQ!tr 20140613
GData Trojan.GenericKD.1597427 20140613
Ikarus Trojan.Win32.Agent 20140613
K7AntiVirus Riskware ( 0040eff71 ) 20140613
K7GW Trojan ( 050000001 ) 20140613
Kaspersky Trojan.Win32.Agent.afshq 20140613
McAfee RDN/Generic BackDoor!xi 20140613
McAfee-GW-Edition RDN/Generic BackDoor!xi 20140615
MicroWorld-eScan Trojan.GenericKD.1597427 20140613
Microsoft Trojan:Win32/Dynamer 20140613
NANO-Antivirus Trojan.Win32.Agent.cufuaq 20140613
Norman Obfuscated.W!genr 20140613
Qihoo-360 HEUR/Malware.QVM07.Gen 20140613
Rising PE:Malware.FakeXLS@CV!1.6AC3 20140613
Sophos Troj/Etumbot-B 20140613
TotalDefense Win32/FakeExcel_i 20140613
TrendMicro BKDR_ETUMBOT.UQU 20140613
TrendMicro-HouseCall BKDR_ETUMBOT.UQU 20140613
VIPRE Trojan.Win32.Generic!BT 20140613
nProtect Trojan/W32.Agent.94720.ACP 20140613

Is a Win32 executable
  Size of header      00000040h / 64
  File size in header 00000490h / 1168
  Entrypoint          00000040h / 64
  Overlay size        00016D70h / 93552
  No relocation entries

  PE EXE at offset 000000D0h / 208
    Entrypoint             0000258Bh / 9611
    Entrypoint RVA         0000318Bh
    Entrypoint section     .text
    Calculated PE EXE size 00017200h / 94720
    Image base             00400000h / 4194304
    Required CPU type      80386
    Required OS            4.00 - Win 95 or NT 4
    Subsystem              Windows GUI
    Linker version         6.00
    Stack reserve          00100000h / 1048576
    Stack commit           00001000h / 4096
    Heap reserve           00100000h / 1048576
    Heap commit            00001000h / 4096
    Flags:
      Relocation info stripped from file
      File is executable
      Line numbers stripped from file
      Local symbols stripped from file
      Machine based on 32-bit-word architecture

    Sections according to section table (section align: 00001000h):
      Name      RVA        Virt size  Phys offs  Phys size  Phys end   Flags

      .text     00001000h  00005A94h  00000400h  00005C00h  00006000h  60000020

      .rdata    00007000h  00000A1Ah  00006000h  00000C00h  00006C00h  40000040

      .data     00008000h  0000F65Ch  00006C00h  00000A00h  00007600h  C0000040

      .rsrc     00018000h  0000FA98h  00007600h  0000FC00h  00017200h  40000040


    Listing of all used data directory entries (used: 3, total: 16):
                         Name  Phys offs  RVA        Phys size  Section
                 Import Table  000064D4h  000074D4h  0000003Ch  .rdata
              Ressource Table  00007600h  00018000h  0000FA98h  .rsrc
         Import Address Table  00006000h  00007000h  000000F4h  .rdata

    Functions from the following DLLs are imported:
      [0] KERNEL32.dll
      [1] SHELL32.dll

    Resources at offset 00007600h (RVA 00018000h) for 64152 bytes:
        Type 80000268h / 2147484264:
          ID: 00002AF9h / 11001
            RVA: 00018280h; Offset: 00007880h; Size: 35260 bytes
          ID: 00002AFAh / 11002
            RVA: 00020C40h; Offset: 00010240h; Size: 4699 bytes
        Icon:
          ID: 00000001h / 1
            RVA: 00021EA0h; Offset: 000114A0h; Size: 744 bytes
          ID: 00000002h / 2
            RVA: 00022188h; Offset: 00011788h; Size: 296 bytes
          ID: 00000003h / 3
            RVA: 000222B0h; Offset: 000118B0h; Size: 3752 bytes
          ID: 00000004h / 4
            RVA: 00023158h; Offset: 00012758h; Size: 2216 bytes
          ID: 00000005h / 5
            RVA: 00023A00h; Offset: 00013000h; Size: 1384 bytes
          ID: 00000006h / 6
            RVA: 00023F68h; Offset: 00013568h; Size: 9640 bytes
          ID: 00000007h / 7
            RVA: 00026510h; Offset: 00015B10h; Size: 4264 bytes
          ID: 00000008h / 8
            RVA: 000275B8h; Offset: 00016BB8h; Size: 1128 bytes
        Icon Group:
          ID: 00000065h / 101
            RVA: 00027A20h; Offset: 00017020h; Size: 118 bytes
      Total resource size: 64117 bytes (data: 63501 bytes, TOC: 616 bytes)

    Processed/created with:
      Found compiler 'Visual C++ 6.0 (EXE) (nodebug)'

PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text  4096 23188 23552 6.50 b78540e7b33a8d01255c8d2b72037cbf
.rdata  28672 2586 3072 4.77 97b2c12ed2c68162a3e15aa8f77723f3
.data  32768 63068 2560 1.96 59c0be0a6652bb90ca2ec4b18b8fd598
.rsrc  98304 64152 64512 7.26 8894f5928962010ad245a1f61d8a3f60



 PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-04 00:19:59
Link date 1:19 AM 3/4/2014
Entry Point 0x0000318B
Number of sections 4


PE imports:
[+] KERNEL32.dll
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
SetFileTime
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
SizeofResource
GetFileSize
LockResource
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
SetStdHandle
GetFileTime
SetFilePointer
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
SetFileAttributesA
TerminateProcess
GetEnvironmentStrings
CreateProcessA
GetEnvironmentVariableA
LoadResource
VirtualFree
GetFileType
CreateFileA
HeapAlloc
GetVersion
FindResourceA
VirtualAlloc
HeapCreate

[+] SHELL32.dll
ShellExecuteA


File Icon:

Monday, May 19, 2014

Kovter Ransomware Grows

Ransomware is not new to the malware game but there is one especially dirty player that is surfacing more frequently. Damballa’s threat research team has seen infections related to the Kovter malware double over the past month – up from 7,000 infections to about 15,000 infections. As with many other varieties of Ransomware, the threat operator takes control of your computer and displays a message saying you broke the law. The ‘ransom’ is to pay a fine (typically around $300) to regain normal use of your computer. The warning states you will face severe fines and prison time if you don’t pay the fine before the deadline.
In the US, Kovter uses the prepaid card MoneyPak as the payment method of choice while Ukash and paysafecard are used for victims in other locations. These payment methods give attackers untraceable, readily accessible funds in electronic cash with no red tape.

Thursday, May 8, 2014

Analysis of Cryptlocker

Cryptlocker

Environment: Sandbox without internet in my xp.

MD5: 444C339F422420BC317711DAC06F3545



Behavior:

Run the file in my sandboxie.
It drops exe files in appdata location,which is started execution and the target file gets terminated.

Run entry created as :

HKEY_USERS\Sandbox_xxxxxxxxxxx_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Run
 value part as cryptoLocker and the data part points to the file dropped in app data "C:\Documents and Settings\xxxxxxxxxxx\Application Data\Ctzwwvskobndnvbt.exe".

Memory strings of the running file:
GetWindowTextLengthW
DestroyWindow
USER32.dll
CryptExportKey
CryptAcquireContextW
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptHashData
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegSetValueExW


Plenty of crpyt related strings are found in the dropped file.

And some strings relates to requesting the server:
HttpSendRequestExA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetWriteFile
HttpOpenRequestA
HttpEndRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
WININET.dll
GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipCreateBitmapFromStream

And some more crypt strings:

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CRYPT32.dll


Regarding more about encryption and about moneypak is found in the memory strings:


{\rtf1\ansi\ansicpg1252\deff0\deftab708{\fonttbl{\f0\fnil\fcharset0 Tahoma;}}
{\colortbl ;\red0\green0\blue0;\red0\green176\blue80;\red0\green0\blue255;\red240\green0\blue0;}
\viewkind4\uc1\pard\nowidctlpar\cf1\lang9\f0\fs20 Your important files \b encryption\b0  produced on this computer: photos, videos, documents, etc. \cf2\ul\b{\field{\*\fldinst{HYPERLINK "viewfiles"}}{\fldrslt{Here}}}\cf1\ulnone\b0\f0\fs20  is a complete list of encrypted files, and you can personally verify this.\par
\par
Encryption was produced using a \b unique\b0  public key \cf2\ul\b{\field{\*\fldinst{HYPERLINK "http://en.wikipedia.org/wiki/RSA_%28algorithm%29"}}{\fldrslt{RSA-2048}}}\cf1\ulnone\b0\f0\fs20  generated for this computer. To decrypt files you need to obtain the \b private key.\par
\b0\par
The \b single copy \b0 of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will \b destroy\b0  the key after a time specified in this window. After that, \b nobody and never will be able\b0  to restore files...\par
\par
\b To obtain\b0  the private key for this computer, which will automatically decrypt files, you need to pay \b %AMOUNT_USD% USD\b0  / \b %AMOUNT_EUR% EUR\b0  / similar amount in another currency.\par
\par
Click \'abNext\'bb to select the method of payment.\par
\par
\cf4\b Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server.\b0\par
{\rtf1\ansi\ansicpg1252\deff0\deftab708{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset2 Symbol;}}
{\colortbl ;\red240\green0\blue0;\red0\green0\blue0;\red0\green176\blue80;\red0\green0\blue255;}
\viewkind4\uc1\pard\nowidctlpar\cf1\lang1033\kerning1\b\f0\fs20 It was not able to find payment receipt server on the Internet. This could happen due to following reasons:\par
\cf0\par
\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\nowidctlpar\fi-360\li720\cf2\b0 You are disconnected from the Internet. Check your connection!\b\par
\pard\nowidctlpar\par
\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\nowidctlpar\fi-360\li720\b0 Make sure your current time/date is set properly (used for server search).\b\par
\pard\nowidctlpar\par
\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\nowidctlpar\fi-360\li720\b0 Your ISP has blocked an access to this server. Try to use another ISP, or \cf3\ul\b{\field{\*\fldinst{HYPERLINK "proxysettings"}}{\fldrslt{configure}}}\cf2\ulnone\b0\f0\fs20  proxy server to bypass this limitation.\b\par
\pard\nowidctlpar\par
\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\nowidctlpar\fi-360\li720\b0 Server is temporarily blocked due to complaints of malware researchers. Keep waiting, this will get back to work soon!\b\par
\pard\nowidctlpar\par
\b0 Anyway, do not worry for your files, if you entered payment details correctly, your key will not be destructed until your computer payment status is confirmed.\par
\b\par
\cf1 This message will disappear within 5-10 minutes, after you eliminate the error cause.\cf0\lang9\kerning0\b0\par
{\rtf1\ansi\ansicpg1252\deff0\deftab708{\fonttbl{\f0\fnil\fcharset0 Tahoma;}}
{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;\red0\green176\blue80;}
\viewkind4\uc1\pard\nowidctlpar\cf1\lang9\kerning1\f0\fs20 MoneyPak is an easy and convenient way to send money to where you need it. The MoneyPak works as a \lquote cash top-up card\rquote . \par
\par
You have to purchase MoneyPak card, load it with \b $%AMOUNT_USD%\b0  and enter the MoneyPak number on the next page.\par
\b\par
Where can wepurchase a MoneyPak?\b0\par
MoneyPak can be purchased at thousands of stores nationwide, including major retailers such as Walmart, Walgreens, CVS/pharmacy, Rite Aid, Kmart and Kroger. Click {\field{\*\fldinst{HYPERLINK "https://www.moneypak.com/StoreLocator.aspx" }}{\fldrslt{\cf3\ul\b here}}}\cf1\ulnone\b0\f0\fs20  to find a store near you.\par
\par
\b How do webuy a MoneyPak at the store?\b0\par
Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.\par
\par
\cf3\b{\field{\*\fldinst{HYPERLINK "https://www.moneypak.com/"}}{\fldrslt{\ul Home Page}}}\ulnone\f0\fs20\par
{\field{\*\fldinst{HYPERLINK "https://www.moneypak.com/StoreLocator.aspx"}}{\fldrslt{\ul MoneyPak Store Locator}}}\cf1\kerning0\ulnone\b0\f0\fs20\par
\par
{\rtf1\ansi\ansicpg1252\deff0\deftab708{\fonttbl{\f0\fnil\fcharset0 Tahoma;}}
{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;\red0\green176\blue80;}
\viewkind4\uc1\pard\nowidctlpar\cf1\lang9\f0\fs20 Bitcoin is a cryptocurrency where the creation and transfer of bitcoins is based on an open-source cryptographic protocol that is independent of any central authority. Bitcoins can be transferred through a computer or smartphone without an intermediate financial institution.\par
\par
You have to send \b %AMOUNT_BTC% BTC\b0  to Bitcoin address \b{\field{\*\fldinst{HYPERLINK "bitcoin:%BITCOIN_ADDRESS%?amount=%AMOUNT_BTC%"}}{\fldrslt{%BITCOIN_ADDRESS%}}}\b0\f0\fs20  and specify the Transaction ID on the next page, which will be verified and confirmed.\par
\par
\pard\cf3\b{\field{\*\fldinst{HYPERLINK "http://bitcoin.org/en/"}}{\fldrslt{\ul Home Page}}}\ulnone\f0\fs20\par
{\field{\*\fldinst{HYPERLINK "http://bitcoin.org/en/getting-started"}}{\fldrslt{\ul Getting started with Bitcoin}}}\cf1\ulnone\b0\f0\fs20\par
\pard\nowidctlpar\par
<?xml version='1.0' encoding='UTF-8' standalone='yes'?><assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'><dependency><dependentAssembly><assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'/></dependentAssembly></dependency></assembly>
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>



(File in the Appdata)
Ctzwwvskobndnvbt.exe 2340
Ctzwwvskobndnvbt.exe 2380

Process: Ctzwwvskobndnvbt.exe Pid: 2380

Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \Sandbox\xxxxxxxxxxx\DefaultBox\Session_0\BaseNamedObjects\crypt32LogoffEvent
File C:\Sandbox\xxxxxxxxxxx\DefaultBox\user\current\Application Data





Thursday, April 17, 2014

Mobile Viruses

Mobile Threats

The table below lists the mobile threats covered by the FortiGuard Antivirus service.
Fortinet Family Virus Name
Variants
Adware/Fakeapp
Adware/Fakeapp!Android
Adware/Geyser
Adware/Geyser!Android
Adware/LBTM
Adware/LBTM!iPhoneOS
Adware/SslCrypt
Adware/SslCrypt!SymbOS
Android/Actehc
Android/Actehc.A!tr.spy
Android/AckPosts
Android/AckPosts.A!tr
Android/AdSms
Android/AdSms.A!tr
Android/AdwLaunch
Android/AdwLaunch.A!tr
Android/AndroRat
Android/AndroRat.A!tr.spy
Android/Anserver
Android/Anserver.A!tr
Android/AnSmCon
Android/AnSmCon.A!tr.spy
Android/Antammi
Android/Antammi.A!tr, Android/Antammi.E!tr
Android/Armour
Android/Armour.A!tr
Android/Arspam
Android/Arspam.A!tr
Android/Badao
Android/Badao.A!tr.spy
Android/BadNews
Android/BadNews.A!tr.dldr
Android/Basebridge
Android/Basebridge.A!trAndroid/Basebridge.B!tr
Android/Chuli
Android/Chuli.A!tr.spy
Android/Citmo
Android/Citmo.A!tr.spy
Android/Claco
Android/Claco.A!tr
Android/Coogos
Android/Coogos.A!tr.bdr
Android/Copon
Android/Copon.A!tr.spyAndroid/Copon.B!tr.spy
Android/CrazyVampire
Android/CrazyVampire.A!tr
Android/Crosate
Android/Crosate.A!tr
Android/CruseWin
Android/CruseWin.A!tr
Android/Dogowar
Android/Dogowar.A!tr
Android/Dougalek
Android/Dougalek.A!tr
Android/DrdDream
Android/DrdDream.A!tr, Android/DrdDream.A!exploit.CVE2010EASY
Android/DrdLight
Android/DrdLight.A!trAndroid/DrdLight.B!tr
Android/DriveGenie
Android/DriveGenie.A!tr
Android/DroidCoupon
Android/DroidCoupon.A!tr
Android/DroidKungFu
Android/DroidKungFu.A!trAndroid/DroidKungFu.B!trAndroid/DroidKungFu.C!tr,Android/DroidKungFu.D!trAndroid/DroidKungFu.E!trAndroid/DroidKungFu.F!tr,Android/DroidKungFu.G!tr
Android/EWalls
Android/EWalls.A!tr.spy
Android/Exprspam
Android/Exprspam.A!tr
Android/Exyroot
Android/Exyroot.A!exploit
Android/Fake10086
Android/Fake10086.A!tr, Android/Fake10086.C!tr, Android/Fake10086.D!tr, Android/Fake10086.F!tr, Android/Fake10086.G!tr
Android/FakeAngry
Android/FakeAngry.A
Android/FakeDoc
Android/FakeDoc.A!tr
Android/FakeDefend
Android/FakeDefend.A!trAndroid/FakeDefend.B!trAndroid/FakeDefend.C!tr,Android/FakeDefend.D!tr
Android/Fakeguard
Android/Fakeguard.A!tr.spy
Android/FakeInst
Android/FakeInst.A!tr.dialAndroid/FakeInst.B!trAndroid/FakeInst.C!tr,Android/FakeInst.D!tr.dldrAndroid/FakeInst.E!trAndroid/FakeInst.F!trAndroid/FakeInst.GA!tr
Android/FakeJob
Android/FakeJob.A!tr
Android/Fakelash
Android/Fakelash.A!tr.spy
Android/Fakemart
Android/Fakemart.A!trAndroid/Fakemart.B!tr, Android/Fakemart.C!tr, Android/Fakemart.D!tr, Android/Fakemart.E!tr
Android/FakeNefix
Android/FakeNefix.A!tr.pws, Android/FakeNefix.C!tr.pws
Android/FakeNotify
Android/FakeNotify.A!tr.dial
Android/FakePlay
Android/FakePlay.A!tr.spy, Android/FakePlay.B!tr, Android/FakePlay.C!tr.spy
Android/FakePlayer
Android/FakePlayer.A!trAndroid/FakePlayer.B!trAndroid/FakePlayer.K!tr
Android/FakeProtect
Android/FakeProtect.A!tr.spy
Android/FakeRegSms
Android/FakeRegSms.A!tr
Android/FakeTimer
Android/FakeTimer.A!tr
Android/FakeUpdates
Android/FakeUpdates.A, Android/FakeUpdates.B
Android/Fjcon
Android/Fjcon.A!tr
Android/FkLookT
Android/FkLookT.A!tr.spy
Android/FkSite
Android/FkSite.A!tr.spy
Android/FkToken
Android/FkToken.A!tr.spy
Android/Flexispy
Android/Flexispy.E!tr, Android/Flexispy.B!tr, Android/Flexispy.D!tr, Android/Flexispy.C!tr, Android/Flexispy.K!tr.spy
Android/FindCall
Android/FindCall.A!tr.spy
Android/FinSpy
Android/FinSpy.A!tr.spy
Android/Foncy
Android/Foncy.A!trAndroid/Foncy.B!trAndroid/Foncy.B!tr.bdrAndroid/Foncy.B!tr.dldr,Android/Foncy.C!tr.dial
Android/FynCopy
Android/FynCopy.A!tr
Android/GGSmart
Android/GGSmart.A
Android/GGTracker
Android/GGTracker.A!tr, Android/GGTracker.C!tr, Android/GGTracker.J!tr, Android/GGTracker.K!tr
Android/Gamex
Android/Gamex.A!tr
Android/Gappusin
Android/Gappusin.A
Android/Geinimi
Android/Geinimi.A!trAndroid/Geinimi.B!tr
Android/GingerMaster
Android/GingerMaster.A!tr, Android/GingerMaster.A!exploit.CVE20111823
Android/GoManag
Android/GoManag.A!tr.bdr, Android/GoManag.B!tr.bdr
Android/GoldDream
Android/GoldDream.A!tr.spy, Android/GoldDream.AB!tr.spy, Android/GoldDream.AI!tr.spy, Android/GoldDream.AK!tr.spy, Android/GoldDream.AL!tr.spy
Android/GoldenEagle
Android/GoldenEagle.A!tr.spy
Android/Hesperbot
Android/Hesperbot.A!tr.spy
Android/HippoSms
Android/HippoSms.A!tr
Android/Honeyboom
Android/Honeyboom.A!exploit.CVE20111823
Android/Hongtoutou
Android/Hongtoutou.A!tr
Android/IknoSpy
Android/IknoSpy.A!tr.spy
Android/JSmsHider
Android/JSmsHider.A!trAndroid/JSmsHider.B!tr
Android/JxAgent
Android/JxAgent.A
Android/Langya
Android/Langya.A!tr.spy
Android/Loozfon
Android/Loozfon.A!trAndroid/Loozfon.B!tr
Android/Lotoor
Android/Lotoor!exploit.CVE2010EASY
Android/Lovetrap
Android/Lovetrap.A!tr
Android/Luckycat
Android/Luckycat.A
Android/Malapp
Android/Malapp.A!tr.spyAndroid/Malapp.B!tr.spyAndroid/Malapp.C!tr.spy
Android/Mania
Android/Mania.A!tr.dial
Android/MMarketPay
Android/MMarketPay.A!tr
Android/MobileTx
Android/MobileTx.A!tr
Android/Moghava
Android/Moghava.A!tr
Android/Mseg
Android/Mseg.A!tr.spy
Android/MSNewsSpy
Android/MSNewsSpy.A!tr.spy
Android/MSteal
Android/MSteal.A!tr.spyAndroid/MSteal.B!tr.spy
Android/Netisend
Android/Netisend.A!tr, Android/Netisend.B!tr
Android/NickiSpy
Android/NickiSpy.A!tr.spyAndroid/NickiSpy.B!tr.spyAndroid/NickiSpy.C!tr.spy, Android/NickiSpy.D!tr.spy, Android/NickiSpy.E!tr, Android/NickiSpy.H!tr, Android/NickiSpy.L!tr, Android/NickiSpy.M!tr, Android/NickiSpy.Q!tr, Android/NickiSpy.T!tr, Android/NickiSpy.U!tr, Android/NickiSpy.V!tr
Android/Nitmo
Android/Nitmo.A!tr.spy
Android/NotCompatible
Android/NotCompatible.A!tr.bdr
Android/OldBoot
Android/OldBoot.A!tr.rkitAndroid/OldBoot.A!tr.pws
Android/OpFake
Android/OpFake.A!tr.dial, Android/OpFake.AE!tr, Android/OpFake.AF!tr, Android/OpFake.AH!tr, Android/OpFake.AS!tr, Android/OpFake.AW!tr, Android/OpFake.B!tr.dial, Android/OpFake.BA!tr, Android/OpFake.BB!tr, Android/OpFake.BE!tr, Android/OpFake.BH!tr, Android/OpFake.BL!tr, Android/OpFake.BN!tr, Android/OpFake.BP!tr, Android/OpFake.BQ!tr, Android/OpFake.C!tr.dial, Android/OpFake.S!tr, Android/OpFake.Z!tr
Android/Ozotshielder
Android/Ozotshielder.A!tr, Android/Ozotshielder.AK!tr.bdr, Android/Ozotshielder.AL!tr.bdr, Android/Ozotshielder.AM!tr.bdr, Android/Ozotshielder.AN!tr.bdr, Android/Ozotshielder.AO!tr.bdr, Android/Ozotshielder.AP!tr.bdr Android/Ozotshielder.AQ!tr.bdr, Android/Ozotshielder.AR!tr.bdr, Android/Ozotshielder.AS!tr.bdr, Android/Ozotshielder.AT!tr.bdr
Android/Perkel
Android/Perkel.A!tr.spy
Android/Pincer
Android/Pincer.A!tr.spy
Android/Pirates
Android/Pirates.A!tr
Android/Pjapps
Android/Pjapps.A!trAndroid/Pjapps.B!tr, Android/Pjapps.B, Android/Pjapps.C, Android/Pjapps.D, Android/Pjapps.E
Android/Placms
Android/Placms.A!tr, Android/Placms.B!tr, Android/Placms.C!tr
Android/Plankton
Android/Plankton.A!trAndroid/Plankton.A!tr.dldr
Android/Qicsomos
Android/Qicsomos.A!tr
Android/Retok
Android/Retok.A!tr.dldrAndroid/Retok.A!tr
Android/Rmspy
Android/Rmspy.A!tr.spy
Android/RogueSPPush
Android/RogueSPPush.A!tr, Android/RogueSPPush.C!tr, Android/RogueSPPush.D!tr, Android/RogueSPPush.E!tr, Android/RogueSPPush.F!tr, Android/RogueSPPush.H!tr, Android/RogueSPPush.I!tr, Android/RogueSPPush.L!tr, Android/RogueSPPush.Q!tr, Android/RogueSPPush.R!tr, Android/RogueSPPush.S!tr
Android/RuFraud
Android/RuFraud.A!tr.dialAndroid/RuFraud.B!tr
Android/Saiva
Android/Saiva.A!tr
Android/SaurFtp
Android/SaurFtp.A!tr.spy
Android/SeaWeth
Android/SeaWeth.A!trAndroid/SeaWeth.B!tr
Android/Secretspy
Android/Secretspy.A!tr.spy
Android/SmsAge
Android/SmsAge.A!tr
Android/SMSFreeApps
Android/SMSFreeApps.A!tr
Android/SmsHowU
Android/SmsHowU.A!tr.spy
Android/Smsilence
Android/Smsilence.A!tr.spy
Android/SmsMngr
Android/SmsMngr.A!tr.spy
Android/Smspacem
Android/Smspacem.A!tr, Android/Smspacem.A!worm, Android/Smspacem.E!worm
Android/SmsSend
Android/SmsSend.ND!tr
Android/SmsSpy
Android/SmsSpy.A!tr.spy, Android/SmsSpy.C!tr.spy, Android/SmsSpy.F!tr.spy, Android/SmsSpy.G!tr.spy
Android/Smstibook
Android/Smstibook.A!tr, Android/Smstibook.B!tr, Android/Smstibook.N!tr, Android/Smstibook.Q!tr, Android/Smstibook.T!tr, Android/Smstibook.U!tr, Android/Smstibook.V!tr, Android/Smstibook.W!tr
Android/SMSZombie
Android/SMSZombie.A!trAndroid/SMSZombie.B!tr
Android/SndApp
Android/SndApp.A!tr.spyAndroid/SndApp.B!tr
Android/Spitmo
Android/Spitmo.A!tr.spy, Android/Spitmo.B!tr.spyAndroid/Spitmo.C!tr.spy
Android/Spyoo
Android/Spyoo.A!tr.spy
Android/Stealer
Android/Stealer.A!tr, Android/Stealer.B!tr, Android/Stealer.C!tr
Android/Steek
Android/Steek.A!tr
Android/Stels
Android/Stels.A!tr
Android/Stiniter
Android/Stiniter.A!tr
Android/Sumzand
Android/Sumzand.A!tr
Android/TapSnake
Android/TapSnake.A!tr.spy, Android/TapSnake.B!tr.spy
Android/Tascudap
Android/Tascudap.A!tr
Android/Temai
Android/Temai.A!tr
Android/Tetus
Android/Tetus.A!tr.spy
Android/TigerBot
Android/TigerBot.A!tr.spy
Android/UsbCleaver
Android/UsbCleaver.A!tr.spy
Android/Vdloader
Android/Vdloader.A!tr
Android/Vidro
Android/Vidro.A!tr
Android/VoiceChanger
Android/VoiceChanger.A!tr.dial
Android/WWebDdos
Android/WWebDdos.A
Android/Walkinwat
Android/Walkinwat.A!tr
Android/YzhcSms
Android/YzhcSms.A!tr, Android/YzhcSms.AA!tr.bdr, Android/YzhcSms.AC!tr.bdr, Android/YzhcSms.AD!tr.bdr, Android/YzhcSms.AF!tr.bdr, Android/YzhcSms.AG!tr.bdr, Android/YzhcSms.AS!tr.bdr, Android/YzhcSms.AU!tr.bdr, Android/YzhcSms.AV!tr.bdr, Android/YzhcSms.B!tr, Android/YzhcSms.C!tr, Android/YzhcSms.D!tr, Android/YzhcSms.E!tr, Android/YzhcSms.F!tr, Android/YzhcSms.G!tr, Android/YzhcSms.O!tr.bdr, Android/YzhcSms.Q!tr.bdr, Android/YzhcSms.R!tr.bdr, Android/YzhcSms.U!tr.bdr, Android/YzhcSms.V!tr.bdr, Android/YzhcSms.Z!tr.bdr
Android/Zitmo
Android/Zitmo.A!trAndroid/Zitmo.C!tr.spyAndroid/Zitmo.D!tr.spyAndroid/Zitmo.E!tr.spy
BlackBerry/Phonesnoop
BlackBerry/Phonesnoop!tr.spy
BlackBerry/Zitmo
BlackBerry/Zitmo.A!tr, BlackBerry/Zitmo.B!tr, BlackBerry/Zitmo.C!tr
Dial/Pornidal
Dial/Pornidal!SymbOS
Dial/SmsReg
Dial/SmsReg!Android
HackerTool/BtTerror
HackerTool/BtTerror!SymbOS
HackerTool/DrSheep
Android/DrSheep!Android
HackerTool/Kiser
HackerTool/Kiser!Android
HackerTool/SMSBomber
HackerTool/SMSBomber!Android
HackerTool/Skypwned
HackerTool/Skypwned!Android
Palm/BuggyProg
Palm/BuggyProg
Palm/Liberty
Palm/Liberty.A
Palm/Phage
Palm/Phage, Palm/Phage.A
Palm/Vapor
Palm/Vapor.A!tr
RAZR/Jpg
RAZR/Jpg!exploit.ZDI08033
Riskware/Bacsta
Riskware/Bacsta!Android
Riskware/Biige
Riskware/Biige!Android
Riskware/CarrierIQ
Riskware/CarrierIQ!Android
Riskware/CounterClank
Riskware/CounterClank!Android
Riskware/CuteSms
Riskware/CuteSms!Android
Riskware/Dolphin
Riskware/Dolphin!Android
Riskware/DroidDeluxe
Riskware/DroidDeluxe!Android
Riskware/EliteBomb
Riskware/EliteBomb!Android
Riskware/ESSecurity
Riskware/ESSecurity!Android
Riskware/FakeInst
Riskware/FakeInst!Android
Riskware/ForwardUtb
Riskware/ForwardUtb!Android
Riskware/GPSpy
Riskware/GPSpy!Android
Riskware/GoneSixty
Riskware/GoneSixty!Android
Riskware/Iconosys
Riskware/Iconosys!Android
Riskware/InfiniteSms
Riskware/InfiniteSms!Android
Riskware/IRoot
Riskware/IRoot!Android
Riskware/Jifake
Riskware/Jifake!Android
Riskware/KavHack
Riskware/KavHack!Android
Riskware/Killmob
Riskware/Killmob!AndroidRiskware/Killmob!BlackberryRiskware/Killmob!iOS,Riskware/Killmob!SymbOS
Riskware/KingRoot
Riskware/KingRoot!Android
Riskware/LifeMon
Riskware/LifeMon!Android
Riskware/Mobinauten
Riskware/Mobinauten!Android
Riskware/MobiStealth
Riskware/MobiStealth!Android
Riskware/Pdaspy
Riskware/Pdaspy!Android
Riskware/Premiumtext
Riskware/Premiumtext!Android
Riskware/RetinaSpy
Riskware/RetinaSpy!Android
Riskware/Sheriff
Riskware/Sheriff!Android
Riskware/SmsCred
Riskware/SmsCred!Android
Riskware/SmsReg
Riskware/SmsReg!Android
Riskware/SmsSend
Riskware/SmsSend!Android
Riskware/SmsSpammer
Riskware/SmsSpammer!Android
Riskware/SmsSpy
Riskware/SmsSpy!Android
Riskware/SpyBoo
Riskware/SpyBoo!Android
Riskware/SpyBubble
Riskware/SpyBubble!Android
Riskware/Spyoo
Riskware/Spyoo!Android
Riskware/SpyTrack
Riskware/SpyTrack!Android
Riskware/Superoot
Riskware/Superoot!Android
Riskware/Triangleroot
Riskware/Triangleroot!Android
Riskware/Univroot
Riskware/Univroot!Android
Riskware/Z4Root
Riskware/Z4Root!Android
Spy/CallMagic
Spy/CallMagic!SymbOS
Spy/CellSnitch
Spy/CellSnitch!Android
Spy/Maverick
Spy/Maverick!SymbOSSpy/Maverick!WinCESpy/Maverick!BlackBerry
Spy/MobileDefense
Spy/MobileDefense!Android
Spy/MobileSpy
Spy/MobileSpy!BlackBerry, Spy/MobileSpy!AndroidSpy/MobileSpy!SymbOS,Spy/MobileSpy!iPhoneOSSpy/MobileSpy!WinCE
Spy/PhotoSpy
Spy/PhotoSpy!SymbOS
Spy/Prey
Spy/Prey!Android
Spy/RemoteWipe
Spy/RemoteWipe!Android
Spy/SeekDroid
Spy/SeekDroid!Android
Spy/Sensyscan
Spy/Sensyscan!SymbOS
Spy/Sgwdlbox
Spy/Sgwdlbox!Android
Spy/SmartSpy
Spy/SmartSpy!SymbOS
Spy/Spyiolan
Spy/Spyiolan!SymbOS
Spy/TheftAware
Spy/TheftAware!SymbOSSpy/TheftAware!Android
Spy/TimedSpy
Spy/TimedSpy!SymbOS
Spy/WaveSecure
Spy/WaveSecure!WinCESpy/WaveSecure!AndroidSpy/WaveSecure!SymbOS
Spy/XWodiSpy
Spy/XWodiSpy!WinCE
Spy/iKeyGuard
Spy/iKeyGuard!iPhoneOS
SymbOS/AVKiller
SymbOS/AVKiller.A!tr
SymbOS/Acallno
SymbOS/Acallno.A!tr.spySymbOS/Acallno.B!tr.spy, SymbOS/Acallno.A!tr
SymbOS/AdSms
SymbOS/AdSms.A!tr
SymbOS/Agent
SymbOS/Agent.A!tr, SymbOS/Agent.AD!tr, SymbOS/Agent.C!tr, SymbOS/Agent.B!tr, SymbOS/Agent.AD!dr, SymbOS/Agent.A!dr
SymbOS/Album
SymbOS/Album.A!tr
SymbOS/Alien
SymbOS/Alien.A!trSymbOS/Alien.B!tr, SymbOS/Alien.A
SymbOS/AppBug
SymbOS/AppBug.A!tr
SymbOS/Appdisabler
SymbOS/Appdisabler.X!tr, SymbOS/Appdisabler.J!tr, SymbOS/Appdisabler.V!tr, SymbOS/Appdisabler.P!tr, SymbOS/Appdisabler.L!tr, SymbOS/Appdisabler.Q!tr,SymbOS/Appdisabler.U!tr, SymbOS/Appdisabler.K!tr, SymbOS/Appdisabler.A!tr,SymbOS/Appdisabler.C!tr, SymbOS/Appdisabler.E!tr, SymbOS/Appdisabler, SymbOS/Appdisabler.C,SymbOS/Appdisabler.D!trSymbOS/Appdisabler.H!tr
SymbOS/Arifat
SymbOS/Arifat.A!tr
SymbOS/BadAssist
SymbOS/BadAssist.B!tr, SymbOS/BadAssist.A!tr
SymbOS/BeSeLo
SymbOS/BeSeLo.A!worm.dam, SymbOS/BeSeLo.B.VAR!worm.dam, SymbOS/BeSeLo.B.VAR!worm,SymbOS/BeSeLo.C!worm.dam, SymbOS/BeSeLo.A!dam, SymbOS/BeSeLo.C!dam, SymbOS/BeSeLo.B!worm.dam, SymbOS/BeSeLo.C!wormSymbOS/BeSeLo.B!dam,SymbOS/BeSeLo.B!worm
SymbOS/Beauty
SymbOS/Beauty.A!worm, SymbOS/Beauty.D!worm, SymbOS/Beauty.C!worm, SymbOS/Beauty.B!worm
SymbOS/Beselo
SymbOS/Beselo.B!tr, SymbOS/Beselo.A!worm
SymbOS/BkmarkDisabl
SymbOS/BkmarkDisabl.A!tr
SymbOS/Blankfont
SymbOS/Blankfont.A!tr
SymbOS/Bootton
SymbOS/Bootton.A!tr, SymbOS/Bootton.E!trSymbOS/Bootton.C!tr, SymbOS/Bootton.H!tr, SymbOS/Bootton.I!tr, SymbOS/Bootton.N!tr, SymbOS/Bootton.B!tr, SymbOS/Bootton.E!dr
SymbOS/BrokenLog
SymbOS/BrokenLog.A!tr
SymbOS/Brontok
SymbOS/Brontok.C@mm
SymbOS/CReadMe
SymbOS/CReadMe.C!tr, SymbOS/CReadMe.A!tr
SymbOS/Cabir
SymbOS/Cabir.L!wormSymbOS/Cabir.E465!worm, SymbOS/Cabir.K!worm.dam, SymbOS/Cabir.O!worm, SymbOS/Cabir.M!wormSymbOS/Cabir.E!wormSymbOS/Cabir.A!worm,SymbOS/Cabir.K!wormSymbOS/Cabir.M@mmSymbOS/Cabir.F!tr, SymbOS/Cabir.F!worm, SymbOS/Cabir.BE17!worm, SymbOS/Cabir.AG!worm, SymbOS/Cabir.A!worm, SymbOS/Cabir.A!tr, SymbOS/Cabir.T!tr, SymbOS/Cabir.I!worm, SymbOS/Cabir.H!worm, SymbOS/Cabir.G!worm, SymbOS/Cabir.C!worm, SymbOS/Cabir.AD!worm, SymbOS/Cabir.AC!worm, SymbOS/Cabir.AIF, SymbOS/Cabir!tr, SymbOS/Cabir.Q!tr, SymbOS/Cabir.K!tr, SymbOS/Cabir.AB!worm, SymbOS/Cabir.N!worm, SymbOS/Cabir.E, SymbOS/Cabir.EZBOOT, SymbOS/Cabir,SymbOS/Cabir.B!worm, SymbOS/Cabir.D, SymbOS/Cabir.H, SymbOS/Cabir.I, SymbOS/Cabir.F,SymbOS/Cabir.C
SymbOS/CabirEzboot
SymbOS/CabirEzboot.AH, SymbOS/CabirEzboot.AE, SymbOS/CabirEzboot.X, SymbOS/CabirEzboot.O, SymbOS/CabirEzboot.P, SymbOS/CabirEzboot.N, SymbOS/CabirEzboot.Y, SymbOS/CabirEzboot.V, SymbOS/CabirEzboot.Q, SymbOS/CabirEzboot.F
SymbOS/CardLost
SymbOS/CardLost.A!tr
SymbOS/CardTrap
SymbOS/CardTrap.K!tr
SymbOS/Cardblock
SymbOS/Cardblock.A!tr
SymbOS/Cardtrap
SymbOS/Cardtrap.Y!trSymbOS/Cardtrap.X!tr, SymbOS/Cardtrap.V!tr, SymbOS/Cardtrap.W!tr, SymbOS/Cardtrap.U!tr, SymbOS/Cardtrap.Q!tr, SymbOS/Cardtrap.S!tr, SymbOS/Cardtrap.P!tr, SymbOS/Cardtrap.O!tr, SymbOS/Cardtrap.M!tr, SymbOS/Cardtrap.H!tr, SymbOS/Cardtrap.J!tr, SymbOS/Cardtrap.AU!tr, SymbOS/Cardtrap.AQ!tr, SymbOS/Cardtrap.AK!tr, SymbOS/Cardtrap.AI!tr, SymbOS/Cardtrap.I!tr, SymbOS/Cardtrap.F!tr, SymbOS/Cardtrap.E!tr, SymbOS/Cardtrap.D!tr, SymbOS/Cardtrap.B!tr, SymbOS/Cardtrap.B!worm,SymbOS/Cardtrap.A!worm
SymbOS/Codewar
SymbOS/Codewar.fam!worm
SymbOS/CommDN
SymbOS/CommDN.A!tr
SymbOS/Comwar
SymbOS/Comwar.J!worm, SymbOS/Comwar.v10!worm.dam,SymbOS/Comwar.v20pro.VAR!worm.damSymbOS/Comwar.v10b.SP!worm.dam, SymbOS/Comwar.AB!worm, SymbOS/Comwar.v10b!damSymbOS/Comwar.v10b!worm.dam,SymbOS/Comwar.v10b.TURKISH!wormSymbOS/Comwar.3.0!worm,SymbOS/Comwar.v30lite!wormSymbOS/Comwar.v30.VAR!worm.dam,SymbOS/Comwar.v30.VAR!wormSymbOS/Comwar.v30!worm,SymbOS/Comwar.v20pro.VAR!worm SymbOS/Comwar.v20pro!worm,SymbOS/Comwar.v10b.SP!worm SymbOS/Comwar.v10b.NOSTR!worm ,SymbOS/Comwar.v10b.VAR!wormSymbOS/Comwar.v10.SP!worm ,SymbOS/Comwar.v10.NOSTR!wormSymbOS/Comwar.v10.VAR!worm,SymbOS/Comwar.v10!wormSymbOS/Comwar.v10b!worm,SymbOS/Comwar.v10.NOSTR!worm.damSymbOS/Comwar.v10b.TK!worm,SymbOS/Comwar.v10b.VAR!worm.damSymbOS/Comwar.v10.VAR!worm.dam, SymbOS/Comwar.TURKISH!worm, SymbOS/Comwar.B!wormSymbOS/Comwar.C!worm, SymbOS/Comwar.2.0.VAR!worm, SymbOS/Comwar.CB!worm, SymbOS/Comwar.1.0.B!worm, SymbOS/Comwar.1.0.B.VAR!worm, SymbOS/Comwar.1.0.A.VAR!worm, SymbOS/Comwar.H!worm, SymbOS/Comwar.I!worm, SymbOS/Comwar.E!worm,SymbOS/Comwar.fam!wormSymbOS/Comwar.gen!wormSymbOS/Comwar.D!worm, SymbOS/Comwar.BA!worm, SymbOS/Comwar.Q!wormSymbOS/Comwar.A!worm
SymbOS/ConBot
SymbOS/ConBot.A!tr
SymbOS/CrashDown
SymbOS/CrashDown.B!trSymbOS/CrashDown.A!tr
SymbOS/CrashMMC
SymbOS/CrashMMC.A!tr
SymbOS/DaddySpy
SymbOS/DaddySpy.B!tr.spySymbOS/DaddySpy.A!tr.spy
SymbOS/Dampig
SymbOS/Dampig.A!tr, SymbOS/Dampig.A!worm
SymbOS/DefWatch
SymbOS/DefWatch.A!tr
SymbOS/DelFiles
SymbOS/DelFiles.C!trSymbOS/DelFiles.A!tr
SymbOS/Dianshe
SymbOS/Dianshe.A!tr.python
SymbOS/Doomboot
SymbOS/Doomboot.T!tr, SymbOS/Doomboot.N!tr, SymbOS/Doomboot.D!tr, SymbOS/Doomboot.A!tr, SymbOS/Doomboot.O!tr, SymbOS/Doomboot.B!tr, SymbOS/Doomboot.H!tr, SymbOS/Doomboot.G!tr, SymbOS/Doomboot.F!tr
SymbOS/Doombot
SymbOS/Doombot.Q!tr, SymbOS/Doombot.P!tr, SymbOS/Doombot!tr, SymbOS/Doombot.I!tr, SymbOS/Doombot.F!tr
SymbOS/Doomed
SymbOS/Doomed.D!tr
SymbOS/Downsis
SymbOS/Downsis.A!tr
SymbOS/Drever
SymbOS/Drever.D, SymbOS/Drever.D!tr, SymbOS/Drever.C!worm, SymbOS/Drever.B!worm, SymbOS/Drever.A!worm, SymbOS/Drever.C
SymbOS/EICAR_Test_File
SymbOS/EICAR_Test_File.C!tr
SymbOS/Enoriv
SymbOS/Enoriv.A!tr.dial
SymbOS/Fake360
SymbOS/Fake360.A!tr
SymbOS/FakeAppman
SymbOS/FakeAppman.A!tr
SymbOS/Fakee
SymbOS/Fakee.A!tr
SymbOS/Feak
SymbOS/Feak.A!worm, SymbOS/Feak.A!tr
SymbOS/Feixiang
SymbOS/Feixiang.A!tr
SymbOS/FlashScreen
SymbOS/FlashScreen.A!tr
SymbOS/Flerprox
SymbOS/Flerprox.B!trSymbOS/Flerprox.A!tr
SymbOS/Flexispy
SymbOS/Flexispy.E!tr.spy, SymbOS/Flexispy.B!tr.spySymbOS/Flexispy.A!tr.spy, SymbOS/Flexispy.B!tr, SymbOS/Flexispy
SymbOS/Flocker
SymbOS/Flocker.B!tr.python, SymbOS/Flocker.A!tr, SymbOS/Flocker.B!tr,SymbOS/Flocker.C!tr.pythonSymbOS/Flocker.AF!tr.pythonSymbOS/Flocker.AE!tr.python,SymbOS/Flocker.AD!tr.pythonSymbOS/Flocker.AB!tr.pythonSymbOS/Flocker.AC!tr.python, SymbOS/Flocker.fam!tr, SymbOS/Flocker.A!tr.python
SymbOS/Fontal
SymbOS/Fontal.I!tr, SymbOS/Fontal.A!tr, SymbOS/Fontal.G!tr, SymbOS/Fontal.C!tr, SymbOS/Fontal.D!tr, SymbOS/Fontal.E!tr, SymbOS/Fontal.B!tr, SymbOS/Fontal.H!tr, SymbOS/Fontal.A
SymbOS/Fwdsms
SymbOS/Fwdsms.C!tr.spy, SymbOS/Fwdsms.D!tr.dam, SymbOS/Fwdsms.D!tr.spy,SymbOS/Fwdsms.B!tr.spySymbOS/Fwdsms.A!tr.spy
SymbOS/GamePackage
SymbOS/GamePackage.E!trSymbOS/GamePackage.G!trSymbOS/GamePackage.F!tr,SymbOS/GamePackage.D!tr, SymbOS/GamePackage.B!tr
SymbOS/HOBBES
SymbOS/HOBBES.A!tr
SymbOS/HatiHati
SymbOS/HatiHati.A!worm
SymbOS/Hidmenu
SymbOS/Hidmenu.A!tr
SymbOS/Hobble
SymbOS/Hobble.A!tr
SymbOS/Iambs
SymbOS/Iambs.C!trSymbOS/Iambs.B!trSymbOS/Iambs.A!tr
SymbOS/InSpirit
SymbOS/InSpirit.A!tr
SymbOS/InitRun
SymbOS/InitRun.A!tr
SymbOS/InstAlarm
SymbOS/InstAlarm.A!tr.dldr
SymbOS/InstGuide
SymbOS/InstGuide.B!trSymbOS/InstGuide.C!tr
SymbOS/Kangen
SymbOS/Kangen.A
SymbOS/Keaf
SymbOS/Keaf.A
SymbOS/KillPhone
SymbOS/KillPhone.E!tr
SymbOS/Kinap
SymbOS/Kinap.B!trSymbOS/Kinap.A!tr
SymbOS/KsmKiller
SymbOS/KsmKiller.A!trSymbOS/KsmKiller.B!tr
SymbOS/Lasco
SymbOS/Lasco.A!tr, SymbOS/Lasco.A!worm, SymbOS/Lasco.A
SymbOS/LianFeng
SymbOS/LianFeng.A!tr
SymbOS/LinkHttp
SymbOS/LinkHttp.A!tr
SymbOS/LnchErr
SymbOS/LnchErr.B!tr
SymbOS/LockNut
SymbOS/LockNut.A
SymbOS/LockPhn
SymbOS/LockPhn.A!tr
SymbOS/Locker
SymbOS/Locker.A!tr
SymbOS/Locknut
SymbOS/Locknut.A!tr, SymbOS/Locknut.A!worm, SymbOS/Locknut!tr, SymbOS/Locknut.B!tr, SymbOS/Locknut.C!tr
SymbOS/Locknut_ezboot
SymbOS/Locknut_ezboot.B!worm
SymbOS/Lopsoy
SymbOS/Lopsoy.B!tr, SymbOS/Lopsoy.A!tr, SymbOS/Lopsoy.E!tr
SymbOS/Mabir
SymbOS/Mabir.A!worm, SymbOS/Mabir.A
SymbOS/Marku
SymbOS/Marku.A!tr.spy
SymbOS/Merogo
SymbOS/Merogo.B!trSymbOS/Merogo.C!tr
SymbOS/MessageDemo
SymbOS/MessageDemo.A!tr
SymbOS/Mobler
SymbOS/Mobler.PKG, SymbOS/Mobler.B!worm, SymbOS/Mobler.A!worm, SymbOS/Mobler
SymbOS/Mosquit
SymbOS/Mosquit.A!tr
SymbOS/Mquito
SymbOS/Mquito.A!tr
SymbOS/Mrex
SymbOS/Mrex.A!tr
SymbOS/MsSver
SymbOS/MsSver.A!tr
SymbOS/Msg135
SymbOS/Msg135.A!tr
SymbOS/Multidr
SymbOS/Multidr.DC!trSymbOS/Multidr.R!tr, SymbOS/Multidr.E!worm, SymbOS/Multidr.H!tr, SymbOS/Multidr.BG!worm, SymbOS/Multidr.BF!worm, SymbOS/Multidr.B!worm, SymbOS/Multidr.E!tr, SymbOS/Multidr.B!tr
SymbOS/NMPlugin
SymbOS/NMPlugin.A!tr
SymbOS/Netbus_20
SymbOS/Netbus_20.A!tr.bdr, SymbOS/Netbus_20.A!bdr
SymbOS/NickiSpy
SymbOS/NickiSpy.A!tr.spy
SymbOS/NmapPlug
SymbOS/NmapPlug.A!tr
SymbOS/Nwtsms
SymbOS/Nwtsms.A!tr
SymbOS/OneHop
SymbOS/OneHop!sis
SymbOS/OpFake
SymbOS/OpFake.B!tr, SymbOS/OpFake.A!tr.dial, SymbOS/OpFake.A!tr
SymbOS/Orc
SymbOS/Orc.A!tr
SymbOS/OwnSkin
SymbOS/OwnSkin.A!tr
SymbOS/PBSTEAL
SymbOS/PBSTEAL.C, SymbOS/PBSTEAL.B
SymbOS/PBSteal
SymbOS/PBSteal
SymbOS/PBsender
SymbOS/PBsender
SymbOS/PStarter
SymbOS/PStarter.A!tr
SymbOS/PbBlister
SymbOS/PbBlister.A!tr
SymbOS/Pbstealer
SymbOS/Pbstealer.A!trSymbOS/Pbstealer.F!tr, SymbOS/Pbstealer.D!tr, SymbOS/Pbstealer.C!tr, SymbOS/Pbstealer, SymbOS/Pbstealer!sis, SymbOS/Pbstealer!tr
SymbOS/QQForwd
SymbOS/QQForwd.A!tr, SymbOS/QQForwd!tr
SymbOS/QuickBatch
SymbOS/QuickBatch.F!tr, SymbOS/QuickBatch.E!tr, SymbOS/QuickBatch.D!tr, SymbOS/QuickBatch.F!dr, SymbOS/QuickBatch.E!dr, SymbOS/QuickBatch.D!dr
SymbOS/ROMRIDE
SymbOS/ROMRIDE.K
SymbOS/RomRide
SymbOS/RomRide.B!tr
SymbOS/RommWar
SymbOS/RommWar.C!trSymbOS/RommWar.D!tr
SymbOS/Romride
SymbOS/Romride.I!trSymbOS/Romride.F!tr, SymbOS/Romride.G!tr, SymbOS/Romride.C!tr, SymbOS/Romride.D!tr, SymbOS/Romride.A!tr, SymbOS/Romride.E!tr, SymbOS/Romride.H!tr
SymbOS/Romsilly
SymbOS/Romsilly.B!tr
SymbOS/SKUDOO
SymbOS/SKUDOO.B!worm, SymbOS/SKUDOO.A!worm
SymbOS/Sagasi
SymbOS/Sagasi.A!tr
SymbOS/Scrs
SymbOS/Scrs.A!tr
SymbOS/ShadowSrv
SymbOS/ShadowSrv.A!tr
SymbOS/Shurufa
SymbOS/Shurufa.A!tr.dldr
SymbOS/Singlejump
SymbOS/Singlejump.A!tr, SymbOS/Singlejump.C!tr, SymbOS/Singlejump.B!tr
SymbOS/SkinServer
SymbOS/SkinServer.A!tr
SymbOS/Skudoo
SymbOS/Skudoo.C!tr
SymbOS/Skull
SymbOS/Skull.A!worm
SymbOS/Skuller
SymbOS/Skuller.AD!tr, SymbOS/Skuller.AF!tr, SymbOS/Skuller.V!tr, SymbOS/Skuller.M!tr, SymbOS/Skuller.AB!tr, SymbOS/Skuller.C!trSymbOS/Skuller.R!tr, SymbOS/Skuller.CI!tr, SymbOS/Skuller.B!tr, SymbOS/Skuller.AC!trSymbOS/Skuller!tr, SymbOS/Skuller.X!tr, SymbOS/Skuller.U!tr, SymbOS/Skuller.I!tr, SymbOS/Skuller.H!tr, SymbOS/Skuller.G!tr, SymbOS/Skuller.F!tr, SymbOS/Skuller.BX!tr, SymbOS/Skuller.BS!tr, SymbOS/Skuller.BV!tr, SymbOS/Skuller.BQ!tr, SymbOS/Skuller.BO!tr, SymbOS/Skuller.BM!tr, SymbOS/Skuller.BI!tr, SymbOS/Skuller.E!tr, SymbOS/Skuller.T!tr
SymbOS/Skulls
SymbOS/Skulls.CI!tr.EZBOOT, SymbOS/Skulls.CF!worm, SymbOS/Skulls.ISymbOS/Skulls.fam!tr,SymbOS/Skulls.ESymbOS/Skulls.T!trSymbOS/Skulls.F!wormSymbOS/Skulls.F!tr,SymbOS/Skulls.R!trSymbOS/Skulls.C!trSymbOS/Skulls.A!tr, SymbOS/Skulls.N!tr.dr, SymbOS/Skulls.AC!tr, SymbOS/Skulls.D!tr, SymbOS/Skulls.K!tr, SymbOS/Skulls.O!tr, SymbOS/Skulls.N!tr, SymbOS/Skulls.M!tr, SymbOS/Skulls.L!tr, SymbOS/Skulls.J!tr, SymbOS/Skulls.I!tr, SymbOS/Skulls.G!tr, SymbOS/Skulls.AIF, SymbOS/Skulls.DB54!tr, SymbOS/Skulls.D7CE!tr, SymbOS/Skulls.E04C!tr, SymbOS/Skulls.CE64!tr, SymbOS/Skulls.CDA4!tr, SymbOS/Skulls.D675!tr, SymbOS/Skulls.B8FB!tr, SymbOS/Skulls.BC46!tr, SymbOS/Skulls.C4F3!tr, SymbOS/Skulls.AD1E!tr, SymbOS/Skulls.B638!tr, SymbOS/Skulls.AD43!tr, SymbOS/Skulls.A8FC!tr, SymbOS/Skulls.96E3!tr, SymbOS/Skulls.A7B5!tr, SymbOS/Skulls.87EA!tr, SymbOS/Skulls.8543!tr, SymbOS/Skulls.8D84!tr, SymbOS/Skulls.7F12!tr, SymbOS/Skulls.844E!tr, SymbOS/Skulls.833E!tr, SymbOS/Skulls.6EB3!tr, SymbOS/Skulls.77E8!tr, SymbOS/Skulls.7481!tr, SymbOS/Skulls.7E94!tr, SymbOS/Skulls.644C!tr, SymbOS/Skulls.62C6!tr, SymbOS/Skulls.5795!tr, SymbOS/Skulls.573A!tr, SymbOS/Skulls.5DF5!tr, SymbOS/Skulls.5B11!tr, SymbOS/Skulls.53AA!tr, SymbOS/Skulls.559D!tr, SymbOS/Skulls.47DD!tr, SymbOS/Skulls.4A04!tr, SymbOS/Skulls.4FF8!tr, SymbOS/Skulls.4B82!tr, SymbOS/Skulls.45C1!tr, SymbOS/Skulls.449C!tr, SymbOS/Skulls.4160!tr, SymbOS/Skulls.3EBF!tr, SymbOS/Skulls.320D!tr, SymbOS/Skulls.38F3!tr, SymbOS/Skulls.2F8B!tr, SymbOS/Skulls.221C!tr, SymbOS/Skulls.18E5!tr, SymbOS/Skulls.1289!tr, SymbOS/Skulls.0A8C!tr, SymbOS/Skulls.1184!tr,SymbOS/Skulls, SymbOS/Skulls.Q, SymbOS/Skulls.P, SymbOS/Skulls.DSymbOS/Skulls.B
SymbOS/Smametsys
SymbOS/Smametsys!tr
SymbOS/SmsSpy
SymbOS/SmsSpy.A!tr
SymbOS/Spinilog
SymbOS/Spinilog.A!tr.bdr, SymbOS/Spinilog.A!tr
SymbOS/SpitBro
SymbOS/SpitBro.A!tr
SymbOS/Spitmo
SymbOS/Spitmo.A!tr
SymbOS/Splashstall
SymbOS/Splashstall
SymbOS/SpyPhone
SymbOS/SpyPhone.A!tr
SymbOS/SrvSender
SymbOS/SrvSender.A!tr
SymbOS/SuperFairy
SymbOS/SuperFairy.D!tr
SymbOS/SymGam
SymbOS/SymGam.A!tr
SymbOS/Syssrv
SymbOS/Syssrv.A!tr
SymbOS/ThemeShell
SymbOS/ThemeShell.A!tr
SymbOS/ThemeTool
SymbOS/ThemeTool.A!tr
SymbOS/Trapsms
SymbOS/Trapsms.A!tr.spy
SymbOS/Viver
SymbOS/Viver.A!tr, SymbOS/Viver, SymbOS/Viver!tr
SymbOS/Vlasco
SymbOS/Vlasco.C, SymbOS/Vlasco.A
SymbOS/Yakki
SymbOS/Yakki.A!tr
SymbOS/Yxes
SymbOS/Yxes.J!worm, SymbOS/Yxes.I!worm, SymbOS/Yxes.H!worm, SymbOS/Yxes.G!tr,SymbOS/Yxes.F!tr, SymbOS/Yxes.E!worm, SymbOS/Yxes.A!wormSymbOS/Yxes.C!worm,SymbOS/Yxes.D!wormSymbOS/Yxes.B!worm
SymbOS/Zhaomiao
SymbOS/Zhaomiao.D!tr.dldr
SymbOS/Zitmo
SymbOS/Zitmo.B!trSymbOS/Zitmo.A!tr.spy
SymbOS/ZvirPython
SymbOS/ZvirPython.A!tr.dial
SymbOS/cabir
SymbOS/cabir.d!worm
WinCE/Abcmag
WinCE/Abcmag.A!tr
WinCE/Brador
WinCE/Brador.B!tr.bdr, WinCE/Brador.A!tr
WinCE/Cripper
WinCE/Cripper.D!tr, WinCE/Cripper.A!tr, WinCE/Cripper.B!tr
WinCE/Cyppy
WinCE/Cyppy.M!tr, WinCE/Cyppy.Q!tr, WinCE/Cyppy.S!tr, WinCE/Cyppy.R!tr, WinCE/Cyppy.P!tr, WinCE/Cyppy.W!tr, WinCE/Cyppy.V!tr, WinCE/Cyppy.U!tr, WinCE/Cyppy.T!tr, WinCE/Cyppy.E!tr, WinCE/Cyppy.C!tr, WinCE/Cyppy.A!tr, WinCE/Cyppy.F!tr, WinCE/Cyppy.G!tr, WinCE/Cyppy.N!tr, WinCE/Cyppy.O!tr, WinCE/Cyppy.L!tr, WinCE/Cyppy.J!tr, WinCE/Cyppy.I!tr, WinCE/Cyppy.H!tr
WinCE/Duts
WinCE/Duts.1520.A, WinCE/Duts.A
WinCE/InfoJack
WinCE/InfoJack.A!worm, WinCE/InfoJack.C, WinCE/InfoJack.C!worm, WinCE/InfoJack.A!tr, WinCE/InfoJack.B!tr
WinCE/MobUn
WinCE/MobUn.B!tr, WinCE/MobUn.B!tr.dldr, WinCE/MobUn.A!tr, WinCE/MobUn.A!tr.dldr
WinCE/Opfake
WinCE/Opfake.A!tr
WinCE/PMCryptic
WinCE/PMCryptic.A!worm
WinCE/PhoneCreep
WinCE/PhoneCreep.A!tr.bdr
WinCE/Pocha
WinCE/Pocha.D!tr, WinCE/Pocha.B!tr, WinCE/Pocha.C!tr, WinCE/Pocha.A!tr
WinCE/Redoc
WinCE/Redoc.B!tr, WinCE/Redoc.F!tr, WinCE/Redoc.H!tr, WinCE/Redoc.A!tr, WinCE/Redoc.S!tr,WinCE/Redoc.Q!tr, WinCE/Redoc.P!tr, WinCE/Redoc.M!tr, WinCE/Redoc.GA!tr, WinCE/Redoc.GA,WinCE/Redoc.G!trWinCE/Redoc.E!trWinCE/Redoc.O!trWinCE/Redoc.L!trWinCE/Redoc.J!tr,WinCE/Redoc.K!trWinCE/Redoc.D!trWinCE/Redoc.I!trWinCE/Redoc.C!tr
WinCE/Sejweek
WinCE/Sejweek.D!trWinCE/Sejweek.B!tr, WinCE/Sejweek.A!tr
WinCE/Smil
WinCE/Smil.A!exploit
WinCE/SmilRegion
WinCE/SmilRegion.A!exploit
WinCE/Terdial
WinCE/Terdial.C!tr, WinCE/Terdial.B!tr.dial, WinCE/Terdial.B!tr, WinCE/Terdial.A!tr.dial, WinCE/Terdial.A!tr
WinCE/Zitmo
WinCE/Zitmo.B!tr
iOS/AdThief
iOS/AdThief.A!tr
iOS/Eeki
iOS/Eeki.D!worm, iOS/Eeki.A!wormiOS/Eeki.B!worm
iOS/FindCall
iOS/FindCall.A!tr.spy
iOS/Ikee
iOS/Ikee.B!worm, iOS/Ikee.B
iOS/Toires
iOS/Toires.A!tr.spy
iOS/Trapsms
iOS/Trapsms.A!tr.spy

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...