> Subject: Virus Alerts [Panda Security's weekly report on viruses and intruders - 05/15/09]
> Date: Friday, 15 May, 2009, 6:24 PM
> - Panda Security's weekly report on
> viruses and intruders -
>
> Virus Alerts, by Panda Security (http://www.pandasecurity.com)
>
> PandaLabs' report this week focuses on three worms:
> IRCBot.CNE,
> BckPatcher.C and Boface.BJ.
>
> IRCBot.CNE sends messages to the infected user's MSN
> Messenger contacts.
> Message subjects include:
>
> * Me miro boracho en video que me tomaron
> en youtube (I see myself
> drunk in a video on youtube).
> * Esta es mi casa de suenos!! (this is my
> dream house)
> * Mira que pedo andaba ayer en la fiesta
> (look how drunk I was at
> yesterday's party)
> * No me acuerdo si me dormir con esta
> vieja??no se que hacer? (I
> can't remember if I slept with this woman yesterday. I
> don't know what
> to do)
> * Santo Dios creo que eres tu!!!! (Oh my
> God, I think it's you!)
>
> These messages include an attachment which is a copy of the
> worm. On
> running the file, users are infected with a copy of the
> worm.
>
> BckPatcher.C on the other hand, is designed to modify the
> desktop
> background, the Windows Explorer background and the folder
> icons.
> Additionally, every time files with certain extensions are
> executed
> (DLL, EXE, JPG or RAR) the worm is run instead of the
> applications
> associated to those extensions.
>
> BckPatcher.C spreads through shared, mapped and removable
> drives,
> copying itself to them.
>
> You can see images of the modifications carried out by the
> worm here:
> http://www.flickr.com/photos/panda_security/tags/bckpatcherc/
>
> The Boface.BJ worm reaches computers in a different way:
> through email
> messages with attachments, Internet downloads, files
> transferred via
> FTP, IRC channels, P2P file-sharing networks, etc. Users
> are unaware of
> the infection.
>
> Once the PC is infected, it takes approximately four hours
> to trigger
> its payload. It does so when users access log into their
> Facebook
> account. Then, it uses the network to send them a message,
> including the
> affected user. http://www.flickr.com/photos/panda_security/3528707512/
>
> On clicking the link users are directed to a page that
> resembles YouTube
> (called "YuoTube") in which a video "should" be displayed.
> However, in
> order to do so, users are asked to download a player. If
> users accept,
> the fake antivirus is downloaded. Image here:
> http://www.flickr.com/photos/panda_security/3527896167/
>
> Once the download is accepted, the fake antivirus is
> installed on the
> computer. It then starts sending users messages informing
> them their PC
> is infected and telling them they should buy a solution.
> Here is the
> interface displayed by one of the fake antiviruses:
> http://www.flickr.com/photos/panda_security/3528707634/
>
> More information about these and other malicious codes is
> available in
> the Panda Security Encyclopedia
> ((http://www.pandasecurity.com/homeusers/security-info)
>
> Finally, Panda Security has launched a page for users to
> relate their
> experiences with malware (whether they have fallen victim
> to money or
> data theft, etc.). Users who send their comments will
> receive a free
> download of Panda Internet Security 2009 with two-month
> services. Check
> it out here:
> http://www.pandasecurity.com/homeusers/media/malware-stories/
>
> You can follow Panda Security's activity online on Twitter
> (http://www.twitter.com/panda_security),
> and the PandaLabs blog
> (www.pandalabs.com)
>
> ------------------------------------------------------------
> To unsubscribe from Virus Alerts, please visit:
> http://www.pandasecurity.com/about/unsubscribe.asp
>
> To contact with Panda Security, please visit:
> http://www.pandasecurity.com/about/contact/
> ------------------------------------------------------------
>
0 comments:
Post a Comment