Zyxel Threat Intelligence (Release Date: 2021-06-28)
Number of updated signatures: 42375
Total number of signatures(Full): 632655
Description: The Netsky family is a large family of worms that targets computers running certain versions of Microsoft Windows. The worm spread in infectious files that are attached to fake email messages. Once user opens the e-mail attachment that is built-in a Netsky variant, the worm is activated. Some variants copy the worm to network-share folders. Some variants contain a backdoor component and perform denial of service (DoS) attacks.
Win32/Netsky creates the following registry key which causes the worm to run when Windows restarts: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Description: Trojan: Win32/Qvod.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Trojan:Win32/Qvod.A creates the following files on an affected computer:
- %programfiles%\common files\msdown\hudw.ocx
- %programfiles%\common files\msdown\hujj.dll
- %programfiles%\common files\msdown\hujj.ocx
- %programfiles%\common files\msdown\hurun.dll
- %programfiles%\common files\msdown\hurun.ocx
- %programfiles%\common files\msdown\svcsoft.exe
- %programfiles%\common files\obdc\hudvd.dll
- %programfiles%\common files\obdc\hudvd.ocx
- %programfiles%\common files\obdc\xiaohu.js
- <current folder>\mybat.bat
- c:\documents and settings\all users\start menu\programs\startup\winlogon.exe
Contacts remote hosts
The malware may contact the following remote hosts:
- agent.qvod.com using port 80
- baky.dxkogg1018bak.info using port 969
- list.dx673tg.info using port 12311
- usy.usdx1019us4.us using port 999
- www.sina.com.cn using port 80
- yer.dxkogg1017er.info using port 6666
- yy1.dxkogg1016yi.info using port 555
Number of updated signatures: 11
Description: A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.
CVSS: 7.8 high
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.
CVSS: 7.8 high
Total number of added applications: 16
Total number of updated applications: 431
Total number of applications: 3759
Now you can easily buy and renew Zyxel licenses with just a single click from our online stores. We offer clear status of your service and give you intuitive automatic license activation after your purchase. For more advanced client management features, Circle is a simpler way for our partners to manage and grow their business.
Markterplace- one-stop, single click shop for online security license renewal.
Circle- Simplified licensing and subscription services, by bring them together.