Sunday, April 09, 2006

Current Virus & Trojan Attacks

This week's report about viruses and intruders is a reflection of the current trend of criminalization of malware.

The creators of malicious code, bored perhaps with the futility of their craft, have opted to concentrate their efforts on digital theft.

The first example, the Banbra.BZY Trojan, searches Internet Explorer screens for certain texts, to see if the user is accessing certain online banking services.

If they are, users will see a web page identical to the one they were trying to access and which asks them to enter their data.

In this way, the creator of the malicious code can obtain the information needed to access the bank account as if they were the legitimate account holder.

Banbra.BZY does not spread automatically under its own steam, in the way that worms or traditional viruses do, but needs to be installed deliberately on the system.

This technique can be highly dangerous, as it is possible for a criminal to take advantage of a user (or company) using this code, thereby clearly entering the category of targeted attack.

Panda Software has created an animation to highlight the dangers of this type of attack and which is available at: http://www.pandasoftware.es/descargas/presentacionataques.

The next example of malware we are looking at in this week's Panda Software report is Mytob.NP.

This worm, once installed on a computer, connects to another system to receive commands through which an attacker could take complete control of the compromised computer.

To avoid detection, Mytob.NP terminates certain security processes, including those belonging to antivirus and firewall applications.

Mytob.NP reaches computers in a message that appears to come from the security department of the domain of the mail account of the target user.

This false message tries to get users to go to a website, apparently inoffensive, that really points to web page from which the malicious code will be downloaded.

Finally, this week's report looks at data provided by PandaLabs on KurtAgent.A, a password-stealer Trojan.

This Trojan logs users' keystrokes and can therefore record passwords entered. It also obtains other type of information, such as the addresses of websites visited, email accounts, etc.

KurtAgent.A also uses other malicious code to obtain information. KurtAgent.A needs to be spread by an attacker as it cannot spread itself automatically.