Panda Security's weekly report on viruses and intruders - 08/16/08

Panda Security's weekly report on viruses and intruders -
Virus Alerts, by Panda Security (http://www.pandasecurity.com)

This week's PandaLabs report looks at the PcClient.HV Trojan, and the
Autorun.ACA and P2PWorm.F worms.

Bck/PcClient.HV is a Trojan that opens a backdoor in the computer. This
malware inserts an entry in Run and copies three files to the system:
PCCORTR.DLL and 81.DLL in C:\WINDOWS, and WUAUCT.EXE in
C:\WINDOWS\SYSTEM32. All of them are detected as Bck/PcClient.HV.

The Trojan uses the libraries (.DLL files) to reduce the security level
of the browser and the WUAUCT.EXE file to connect to a remote address in
order to send out information about the infected computer.

When the user runs the infected file, a 12-slide PowerPoint presentation
is displayed with photos of the Olympic facilities in Beijing.

The Autorun.ACA worm reaches computers as an executable file that tries
to pass itself off as a Word document. Depending on the system
configuration, the actual extension of the 'document' might not be
displayed.

This worm is designed to copy itself to %Root% under the name
JONIEZZ.EXE and %SystemRoot%\LoLOxz as SMSS.EXE. Also, it copies itself
to external drives and shared drives with the name AUTORUN.INF. This
way, the worm tries to infect any user that might access these drives.

W32/P2PWorm.F spreads through mapped and removable drives and P2P
programs. To spread through file exchange networks it copies itself to
directories of P2P programs, keygens, game cracks, security programs, or
popular applications like instant messaging clients.

Also, it inserts entries in Run to run automatically when the computer
starts up. This malware collects information from the infected computer,
for example, passwords for programs like CUTE FTP, FlashFXP, TotalCmd,
SmartFTP, FileZilla, Sniff, etc.

source www.pandasecurity.com