http://www.norman.com Overview of current virus threats en Sun, 12 Feb 2012 05:25:01 +0100 Lime CMS 3.6 web@norman.no http://www.norman.com/security_center/virus_description_archive/80133 High 2010-04-25T11:02:00+02:00 custom replacement page for my_bank.com logindata_enddata_afterdata_endThe net result is usually that the user attempts to log into the bank using credentials demanded by the web page – i.e. the trojan. Then the trojan typically either tells the user to wait or shows some error message prompting the user to try to log in again (with new one-time codes) – all the while in the background, the access credentials are posted to an intruder somewhere else, who can now use legitimate access credentials to log into the bank and make transfers.If you notice any unusual behaviour when accessing your online bank, particularly if you notice long delays or strange error messages as you send your login credentials, it is advised that you contact your bank for more information.Rootkit functionalitySpyEye attemps to hide from view by intercepting several Windows APIs connected with listing files and registry settings. This has the effect that you normally will not see the trojan’s installation folder, but it can be detected indirectly – f. ex by attempting to create a new folder by the name “cleansweep.exe”. If you get the error”A file with the name you specified already exists”, you likely have SpyEye running.@img:2:center:size=original@Norman’s antivirus products detect and remove all variants known to us at this time, but new SpyEye variations are released continuosuly, so it is important to keep the antivirus product updated.Write-up by Snorre Fagerland]]> http://www.norman.com/security_center/virus_description_archive/w32_spyeye Medium 2011-02-17T14:24:00+02:00 http://www.norman.com/security_center/virus_description_archive/85143 Medium 2010-07-09T12:06:00+02:00 http://www.norman.com/security_center/virus_description_archive/78550 Medium 2010-03-15T13:39:00+02:00 http://www.norman.com/security_center/virus_description_archive/77200 Medium 2010-01-13T09:33:00+02:00 http://www.norman.com/security_center/virus_description_archive/69284 Medium 2009-06-04T11:17:00+02:00 http://www.norman.com/security_center/virus_description_archive/69263 Medium 2009-06-03T23:49:00+02:00 http://www.norman.com/security_center/virus_description_archive/67723 Medium 2009-01-08T12:42:00+02:00 http://www.norman.com/security_center/virus_description_archive/55943 Medium 2007-01-24T14:33:00+02:00 http://www.norman.com/security_center/virus_description_archive/55870 Medium 2005-06-08T14:52:00+02:00 http://www.norman.com/security_center/virus_description_archive/55853 Medium 2005-02-17T08:24:00+02:00 http://www.norman.com/security_center/virus_description_archive/55856 Medium 2004-07-26T17:19:00+02:00 http://www.norman.com/security_center/virus_description_archive/55883 Medium 2004-03-25T16:16:00+02:00 http://www.norman.com/security_center/virus_description_archive/55852 Low 2005-01-16T20:09:00+02:00 http://www.norman.com/security_center/virus_description_archive/55678 Low 2004-04-22T14:22:00+02:00