Virus Alerts, by Panda Security

Panda Security's weekly report -
(http://www.pandasecurity.com)

Madrid, May 16, 2008 - PandaLabs' report this week focuses on the
Perwall.A and Radulambu.C worms, and the Ceckno.J, and HostChange.B
Trojans.

Perwall.A is a Trojan that spreads to all removable and mapped drives on
the computer. When run, Perwall.A creates copies of itself in several
places. It also generates the autorun.inf and Boom.vbs files and creates
several entries in the Windows registry to run on every system restart.

One of its symptoms includes opening the c:\windows\web\wallpaper folder
which stores desktop wallpaper images.

The Radulambu.C worm reaches computers with a typical image file icon,
called Palma.exe. When run, it copies itself in several computer
locations and mapped drives. It also creates a folder in C: called
Images, where it creates several copies of itself under different names,
and creates an autorun.inf file on the hard disk and mapped drives.

Additionally, Radulambu.C generates several entries in the Windows
registry. This way, it modifies the Internet Explorer title bar,
disables the system recovery or conceals file extensions.

Ceckno.J is a Trojan is designed to download other malware onto affected
computers and act as a backdoor.

This malicious code has a downloader component for downloading malware,
and a backdoor component downloaded by the downloader. . When installed
on the computer, it creates copies of itself and scans ports until it
downloads a backdoor or exhausts the number of possible attempts (15).
With each attempt, the port through which it tries to download malware
increases by one.

Once the backdoor component is downloaded, the downloader stops running,
preventing the system from detecting infection symptoms. Later on, the
backdoor is run and listens on a port.

Finally, HostChange.B is a Trojan that spreads through emails that
falsely report the death of, Hugo Chavez, president of Venezuela.

These messages purport to come from a famous communication channel in
Venezuela, to gain users' trust. Additionally, they include links to an
alleged video of the fake news story.

However, on clicking the links, a file that contains HostChange.B is
downloaded. This Trojan modifies the computer host file, associating the
website of a well-known financial company in Venezuela to another one
with a false page designed to capture users' confidential data.

You can subscribe to our Latest Threats service on RSS, at
http://www.pandasecurity.com/img/enc/rss_last_threats_es.xml?sitepanda=p
articulares

Panda Security offers several free tools for scanning PCs at:
http://www.infectedornot.com