- Panda Software's weekly report on viruses and intruders-
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
Madrid, April 22, 2005 - This week's report on viruses and intruders includes several new threats that have emerged this week; two variants of the Mytob worm, a variant of the Mitglieder Trojan and a new version of the Bancos Trojan.
The new variants of Mytob -Mytob.BC and Mytob.BD- open backdoors in affected computers. This action allows the BC variant to connect to a web server and the BD variant to connect to an IRC server, where they wait for commands from a malicious user. What's more, they modify the system HOSTS file so that the user cannot access the websites of certain antivirus companies. These worms spread via email, across networks protected with weak passwords and by exploiting the LSASS vulnerability. They also download other malware, such as the Faribot.A worm.
The Bancos.FC Trojan has also appeared this week. This malicious code goes memory resident and has keylogger functions. Bancos.FC waits for a dialup modem connection to be established (it only affects this type of connection). When this happens, it checks if the websites visited coincide with the address of any of the banking entities included in its code. If it finds any matches, it collects the information entered through the keyboard and sends it to an Internet server. Bancos.FC cannot spread alone, it needs external intervention to do so.
Finally, Mitglieder.CG is a Trojan that aims to disable certain security tools (antivirus and firewalls), which could be installed on the computers it affects. To do this, it can delete files and Registry entries or end the processes running in memory. What's more, it modifies the system HOSTS file so that the user cannot access the websites of certain antivirus companies.
Mitglieder.CG seems to have been mass-mailed, either manually or through zombi computers, and tries to download other malware from different websites.
>
<< Home