- Panda Security's weekly report on viruses and intruders -
Virus Alerts, by Panda Security (http://www.pandasecurity.com)
Madrid, June 13, 2008 - PandaLabs' report this week focuses on the
Banbra.FUD and Dadobra.APK Trojans, and the MalwareProtector 2008
adware.
The Banbra.FUD Trojan uses the Microsoft Internet Explorer icon. When
run, the file with the malicious code establishes an FTP connection with
a specific IP address, loading the file with the name of the affected
computer followed by the word Aviso (Warning).
Banbra.FUD creates several files on the infected system and keys in the
Windows registry. When users connect to specific online Brazilian banks,
an error message is displayed and a window with a spoof bank url is
opened where users are asked to enter their login details. .
On reentering their credentials, the Trojan intercepts them and adds
them to the text file, which is later sent via FTP to the IP address
mentioned earlier.
Additionally, this Trojan deletes security application files and other
banker malware files.
The Dadobra.APK Trojan is designed to download other files infected by
banker malware, generically detected as Banbra.FTX by Panda Security
solutions.
When users run a file infected by Dadobra.APK, a video in which a
football field is shown is played, to fool users while the Trojans
continue carrying out malicious actions. .
Finally, MalwareProtector 2008 is an adware (program designed to show
unwanted advertising) which simulates system scans and encourages users
to buy software to delete the malware which has supposedly been found.
When run, it modifies the desktop wallpaper, displaying a message
informing users the computer is infected by spyware. Then, a window is
displayed recommending users to download anti-spyware software. If the
download is rejected, a screensaver with cockroaches eating the desktop
wallpaper is displayed.
If users download the application, it simulates a computer scan and
displays a list of the malware supposedly installed on the system. If
users choose to delete the malicious code, a message is returned
claiming the software is not registered and users must pay to use it.
Labels
- Antivirus (19)
- AVG (1)
- Computer Security (27)
- Internet Security (5)
- Kaspersky (1)
- Others (13)
- Panda Antivirus (6)
- Symantec (1)
- Trojan (3)
- Virus Alert (1)
0 comments:
Post a Comment