Panda Software´s Weekly Report on Viruses and Intruders
Panda Software´s Weekly Report on Viruses and Intruders
5/5/2006. - A worm, Nugache.A, the backdoor Trojan Hiviti.A and the Banker.CTD Trojan are the focus of this week’s PandaLabs report.
Nugache.A can spread in three different ways: exploiting the LSSAS and RPC DCOM known software vulnerabilities, through the popular MSN Messenger application, or via email.
When installed on a computer, Nugache.A creates a copy of itself in the Windows system directory, in a file with the name MSTC.EXE. In addition, it generates several Windows registry entries. Having done this, it opens several communication ports to connect to a series of IP addresses from which it receives remote instructions across P2P networks, allowing an attacker to take malicious action on the affected system.
Hiviti.A is a backdoor Trojan that cannot spread on its own, but requires the intervention a malicious user. When it is installed on a computer, it creates a copy of itself under the name LOADCNTR.EXE, it makes new entries in the Windows registry, and injects itself in the explorer.exe process so that it is not noticed by users. In this way, the Trojan waits to log keystrokes made by the user, thereby accessing all types of confidential information, such as user names, passwords, etc.. The data collected is then sent to certain predetermined email addresses.
We finish this week’s report with Banker.CTD, a new banker Trojan, i.e. designed to steal confidential data related to online banking services.
Banker.CTD waits for the user to access web pages belonging to certain banks, including Banking, Bradesco, NetBanking, Santander and Sudameris, in order to log the data entered by the user. It then sends the data to a certain email address.
Banker.CTD requires the intervention of an attacker in order to reach computers. The means of distribution used vary and include floppy disks, CD-ROMs, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
For further information about these and other computer threats, visit Panda Software´s Encyclopedia.
About PandaLabs
Since 1990, PandaLabs’ mission has been to analyze new threats as soon as possible to ensure that our clients are safe. Several teams specialized in each specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.) work 24x7 to offer global coverage. To do this they are supported by TruPrevent™ Technologies, a truly global early warning system made up of sensors that are strategically distributed and neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is the fastest in the industry to offer complete updates (more information at www.pandasoftware.com/pandalabs.asp).
Oxygen3 24h-365d
by Panda Software
Back
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel