Resources

The 232 Disconnect Beta application launches a Denial of Service (DoS) attack.

A DoS attack tries to make a system’s resource unavailable to the user. DoS attacks usually prevent a user from connecting to a certain website or the Internet. DoS attacks work by forcing a vulnerable computer to use up its resources. A user’s computer stops rendering service when it uses up its resources.

DoS attacks are also capable of taking control of a user’s computer. The user’s computer is then used to send threats or spam e-mails to certain addresses in the vulnerable system. These attacks are reportedly in violation of the Internet Architecture Board’s (IAB) Internet proper use policy.

The 232 Disconnect Beta application is capable of disconnecting users from the Yahoo Messenger program and other Yahoo related websites and services.

The 232 Disconnect Beta application infects a computer through flaws in the security system. These flaws act as loopholes for threats like the 232 Disconnect Beta application to penetrate the user’s computer.

Threats may also penetrate a system through spam e-mails. The 232 Disconnect Beta application can possibly be executed through a spam e-mail. DoS attacks may use these spam e-mails to attack a certain computer. A computer gets flooded with spam e-mail and may possibly overflow and affect the server.

The 232 Disconnect Beta application is also known by the names Flooder/ 232 Disconnect Beta and 232_Disconnect_Beta.

The 232 Disconnect Beta application comes in 136,192 bytes. Al Kapone, Inc. reportedly authored the malicious software. It was first detected in December 2003. The executable file for the malware program is 232disconnect(beta).exe.

A computer infected with the 232 Disconnect Beta application may have slower computer performance and browsing activity. It may also show unavailability of a certain or any website.  There may also be an increase in spam mails received, unexplainable high bandwidth usage and low disk space.

The 232 Disconnect Beta application reportedly runs on Windows 95, Windows 98, Windows 2000, Windows 2003 Server, Windows Me, Windows NT, and Windows XP.

The AADL.dll application changes settings of the Web browser without user’s consent.

The AADL.dll program is approximately 161 kb in size. The spyware program embeds itself to the system as a Browser Helper Object (BHO). Developers use it to modify the Internet Explorer Web browser. BHO programs are DLL (Dynamic Link Library) modules. This allows it to access all the events, processes and information regarding Web browsing sessions. This is often done by injecting the module file to the browser program’s main executable file.

The BHO program runs automatically every time the Web browser starts. They were originally designed for the Internet Explorer Web browser. The most common ones add toolbars to the browser’s interface. Personal firewalls do not stop BHO programs from loading, as the firewall applications see BHO programs as part of the browser.

The AADL.dll program may be installed without the user’s consent. The malware program can come bundled with freeware and shareware applications like toolbar accessories.

Visiting websites that offer hoax products and services can cause an AADL.dll program infection in the system. This kind of program runs on 32-bit versions of Windows Operating System only.

Some of the files created by the AADL.dll program are as follows:

• systemroot+\system\aadl.dll;
• systemroot+\system32\aadl.dll;
• systemroot+\system\aadl.dll;
• and systemroot+\system32\aadl.dll.

Users report that the AADL.dll program controls the Web browser. It often redirects web page requests to www.superlogy.com.

Once installed, the AADL.dll application can monitor the websites the user visits, display unwanted pop-up advertisements and change banner advertisements. It can also install other adware programs, slow down browsing performance and detect events on the system.

The program can also be used in setting the home page setting to another site without user’s consent, redirecting Web browser to other sites and collecting information from the browser history. Creation of windows to display additional information on a viewed page as well as corruption of system functions are also functions that the program can do.

The AB System Spy Server program is a monitoring tool flagged as spyware.

Experts claim that the AB System Spy Server application is capable of recording all computer activities of the user. Allegedly, the information gathered by this program is recovered by a remote user who then enables the remote control of the computer.

This application is purportedly an intrusive spyware tool that allegedly performs recording keystrokes and taking screenshots. It is also said to log file modifications. It can also monitor processes and Internet transfers. Some say that is has the capability of creating log files and conveying log files.

Various reports claim that the AB System Spy Server program can record user information. It also permits remote influence and renders programs and the system inoperative. It also consumes disproportionate system resources and installs without the consent of the user.

If installed on the computer, this program can reportedly send logs to an intruder. When the AB System Spy Server program runs, it reportedly executes the processes which are creating the following AB System Spy Server registry values and creating AB System Spy Server registry keys.

Users’ accounts allege that the presence of the following indicators may suggest infection with the spyware. There may be a number of unwanted popups keep appearing on the user’s desktop. Modification of the user’s preferred Internet settings and decreased system speed may also be exhibited. Appearance of unnecessary browser components that were not installed or downloaded by the user may also occur.

Security experts also claim that the AB System Spy Server application can not be easily detected by anti-spyware programs primarily because of its stealth capabilities.

The Accent Office Password application allows users to recover passwords.

The Accent Office Password program is a commercially available product. It has a free trial version as well as a retail version. The AccentSoft Team developed, and distributes the Accent Office Password application. The vendor’s website is www.passwordrecoverytools.com. Its file size is 650 Kb.

The Accent Office Password application recovers passwords from Microsoft Office applications. These applications include Microsoft Word - word processor; Microsoft Excel - spreadsheet program; and Microsoft Access - database management software.

Some files associated with the Accent Office Password application include the following:

• %PROGRAMFILES%\ Accent WORD Password Recovery\ awrdpr.exe;
• %PROGRAMFILES%\ Accent WORD Password Recovery\ uninst.exe;
• %DESKTOP%\ Accent WORD Password Recovery.lnk;
• %START_PROGRAMS%\ Accent WORD Password Recovery\ Accent WORD Password Recovery.lnk;
• and %START_PROGRAMS%\ Accent WORD Password Recovery\ Uninstall.lnk.

Some programs similar with the Accent Office Password application include Accent Internet Password Recovery, Accent Money Password Recovery, and Accent Keyword Extractor.

The Accent Office Password program works on Windows 95, Windows 98, Windows 2000, Windows Me, Windows NT, Windows 2003 Server, and Windows XP.

The program is being marketed as a utility for users who forget their passwords. It is able to guess the password by using two methods. The first method is called the brute force attack. It uses all possible character combinations, including letters, numbers and symbols. The second method is called the dictionary attack. This method derives possible password from a list of words found in the dictionary.

The application needs to be installed by the user before it functions. Some people may use the program to crack the password placed on Microsoft Office files that have been sent to them. It may also be used when a user forgets the password set for their files. Other people may use the application to gain access to files they are not authorized to view.

The AdonAi application downloads harmful files into the user’s computer.

The AdonAi software enters the machine by detecting weaknesses in the computer’s security. Machines that were previously infected with malicious software or backdoor programs are especially vulnerable. The user may have also downloaded the AdonAi software inadvertently.

The AdonAi application uses this vulnerability in the system to connect to a website. It receives commands from the remote server that it will execute in the system. It can also download information that may cause the computer damage. The AdonAi program usually does so without the user’s consent.

The AdonAi application is also known as a browser hijacker. Hijackers can alter Web browser settings. The AdonAi program accesses the hosts file when the user attempts to connect to a security-related site. It can then redirect the user to a site that posts advertisements. The AdonAi software can also redirect it to a malicious site that can trigger malware downloads. One indication of browser hijacking is when the home page has changed even if the user has not changed it.

The AdonAi program can allow an intruder to perform Denial of Service (DoS) attacks. Intruders can disable programs remotely. They usually disable anti-virus and firewall programs. They can crash the infected machine. Hackers can use the infected computer to attack servers. They can also use the AdonAi application to block the user’s access in the Internet.

The AdonAi software creates the following processes once it enters the system: 

• %Temp%\exploit.win32.adonai\exploit.win32.adonai;
• %Temp%\exploit.win32.hmd\exploit.win32.hmd;
• %Temp%\Packed.Win32.Tibs.d\Packed.Win32.Tibs.d;
• %Temp%\Exploit.Win32.MS04-034.b\Exploit.Win32.MS04-034.b;
• %Temp%\Packed.Win32.Klone.b\Packed.Win32.Klone.b;
• and %Temp%\Packed.Win32.Klone.e\Packed.Win32.Klone.e.

These allow the AdonAi application to manipulate Web browser settings and create a backdoor for hackers.

The AdonAi program then stops the remote access connection manager, application layer gateway service and telephony to completely invade the user’s browser and connection:

The hacker Del_Armg0 reportedly developed the AdonAi program. The AdonAi application can allegedly be accessed at http://hammer.prohosting.com/~dellya.

Other names commonly used to identify the application are:

• Win32/Adonai;
• Win32/Adonai.A.Trojan;
• Backdoor.Win32.Celine;
• BackDoor-OY;
• Bck/Celine;
• Win32.Celine;
• Win32/Celine Trojan;

and Exploit.Win32.Adonai.

The AdPartner program is an adware that displays obtrusive pop-up ads.

The AdPartner application inserts search tools and browser helper objects to the Internet Explorer. It modifies the settings of the Web browser without asking for permission from the user. It shows advertisements frequently without any user intervention.

The AdPartner program installs itself into the victim’s computer without him knowing about it. Moreover, it does not offer a way for the user to uninstall it. The vx2x.nls file and the apslp.dll module are part of AdPartner, both of which gather information regarding the websites visited by the user, creating log files and then sending them to a particular computer.

This adware is also a Layered Socket Provider (LSP) that monitors all Internet traffic to and from the victim’s computer. The aplsp.dll component attempts to inject itself into the TCP/IP stack through the application of the Winsock API. The AdPartner program then processes all Internet traffic and submits a report to another computer connected to the Internet for analysis of the user’s interests for a more effective and targeted advertising through unsolicited e-mail.

The effects of the AdPartner program on the infected computer and its user may result to sudden appearances of exasperating ads on the screen while the user is surfing the Web.  There may also be a reduction of the user’s productivity as a result of these disturbing ads because the user has to click on a pop-up ad to shut it down every time it appears.

The program is capable of slowing down the computer’s speed in processing legitimate programs, thereby causing further reduction in productivity. There is also a bigger possibility that a cyber criminal would exploit the capability of AdPartner to track the user’s activities for criminal pursuits such as theft and blackmail. The registry key of the Winsock catalog may also be corrupted if the user attempts to unregistered this adware and does it improperly.