Subject: Virus Alerts [Panda Security's weekly report on viruses and intruders - 04/17/09]
Date: Fri, 17 Apr 2009 12:00:32
From: Virus Alerts <virusalerts@PANDASECURITY.COM>
To: <VIRUSALERTSCOM@OXYGEN3.PANDASOFTWARE.COM>
- Panda Security's weekly report on viruses and intruders -
Virus Alerts, by Panda Security (http://www.pandasecurity.com)
This week's PandaLabs report looks at the Hiloti.A Trojan,
PersonalAntivirus and IRCBot.CML worm.
When run, the Hiloti.A Trojan sets the Mandatory Integrity Control level
(MIC) to low. This way, it can run any file downloaded without the user
noticing. In this case, it downloads the Lop adware, designed to show
advertising messages.
Additionally, Hiloti.A logs onto Internet Explorer as a BHO (Browser
Helper Object), monitoring Internet browsing. If users use Firefox, the
malware injects a code on the pages monitored (over a hundred) to
redirect searches carried out on those domains to pages that contain
more malware to be downloaded.
PersonalAntivirus is a fake antivirus. As with all such adware,
PersoanlAntivirus is designed to convince users that the system is
infected with malware. To do so, it performs a false scan of the
affected system, during which it detects several malware samples (image:
http://www.flickr.com/photos/panda_security/3448900109/)
If users click "Remove", a form will be displayed asking users to pay
for the license, and a false warning message will appear indicating the
computer is at risk (image:
http://www.flickr.com/photos/panda_security/3449714734/)
Finally, IRCBot.CML, is a worm that allows remote intruders to access
and control the computer via IRC. This worm passes itself off as a photo
to reach computers, but once run displays an error message with the
text: "Picture can not be displayed".
Next, IRCBot.CML opens several ports and tries to connect to an FTP
server to send the user's data, keystroke captures, etc.
This worm spreads through MSN Messenger, trying to infect all the user's
contacts.
Panda Security has created a page where users can relate their
experiences with malware (whether their money or data has been stolen,
etc.). On sending the comments, users receive a free download of Panda
Internet Security 2009 with two months' services. You can see the page
here:
http://www.pandasecurity.com/spain/homeusers/media/malware-stories/
You can receive the Panda Security news automatically by adding this URL
(http://feeds2.feedburner.com/panda_security) to your feed reader.
Finally, follow Panda Security's activity online on FriendFeed
(http://friendfeed.com/pandasecurity), and the PandaLabs blog
(www.pandalabs.com)
------------------------------------------------------------
To unsubscribe from Virus Alerts, please visit:
http://www.pandasecurity.com/about/unsubscribe.asp
To contact with Panda Security, please visit:
http://www.pandasecurity.com/about/contact/
------------------------------------------------------------
0 comments:
Post a Comment