Monday, April 24, 2006

Current Virus Threats

Here's our report on the most significant threats in the current malware panorama. This week's report includes two new codes that, although they have different functions and characteristics, share the same aim: steal user data.

A clear example of the new cyber-crime tendency is the Goldun.IL Trojan, which is a password stealer that tries to capture the e-gold payment details of the affected user.

To do this, it goes memory resident on computers without carry out any actions until it detects that the user has accessed the e-gold web page. When this happens, it captures the passwords typed and sends them to another computer.

The author of this code can collect the details from this computer and carry out operations with the user's account. Goldun.IL has been spread through spamming techniques. It has been mass-mailed in a file attached to an email message.

The message carrying the malicious file containing Goldun.IL encourages the user to install a Service Pack that supposedly blocks Trojans that try to steal e-gold details.

This week's report also refers to another Trojan called HarBag.A, whose basic mission is to collect email address to which to send the Bagle worm. To do this, it looks for 28 types of files and scans them for email addresses.

These file types are files that usually contain email addresses, such as the Windows Address Book, database, temporary Internet files, etc.After collecting the addresses, it sends them to a server where all the information is centralized.

A curious feature of HarBag.A is that it only runs once on each computer, so that the hacker that receives the email addresses collected does not receive the same addresses twice.

Finally, PandaLabs includes information about a false virus for blogs that is starting to generate confusion in the blogosphere. This is simply a joke created by a Dutch author which suggests inserting an animated graphic in blogs. The graphic is a picture of a virus that makes a series of comments, such as how it intends to infect blogs around the world.

Links to this post:

Create a Link

<< Home