Panda Software´s Weekly Report on Viruses and Intruders
Panda Software´s Weekly Report on Viruses and Intruders
9/1/2006. - This week’s report from Panda Software will focus on the Trojans Clagge.B and Rizalof.HT, and the spyware program Zcodec.
Clagge.B is a downloader type Trojan that goes memory resident. It makes the modifications necessary to the Windows Registry to avoid the firewall control in order to execute malicious code. After doing this, it connects to a certain Internet address from which it downloads a file called suhoy341.exe, which belongs to the Trj/Banker.CZI Trojan, designed to steal users´ bank details.
Like most Trojans, Clagge.B cannot spread through its own means and requires intervention from a malicious user to distribute it manually. This Trojan can be included in files downloaded from the Internet, P2P (peer-to-peer) networks, attached to email messages, etc.
The second Trojan in this week’s report, Rizalof.HT, creates an anonymous proxy server on affected computers so that they can be used to send out spam. To do this, when it is run, it connects to a server from which it downloads other components and installs them on the computer. One of these components is used to spread spam. What’s more, it tries to end Windows security and update processes.
Finally, the Zcodec spyware program is included in a program that supposedly installs the codecs needed to play a certain multimedia format. Once on the system, a rootkit (a program designed to hide processes, files or registry entries) is installed so that users cannot see which files are being run. In this way, Zcodec installs two executable files. The first of these modifies the DNS settings on the compromised computer so that when a user clicks on results returned from search engines such as Google, a different page is displayed. This tactic is exploited by the creators of the program in order to profit from pay-per-click systems, or even to redirect users to pages designed to steal confidential data.
The second executable file can have two different actions, which are executed at random. In some cases, it installs the Ruins.MB Trojan, designed to download other malicious programs to the computer. And on other occasions, the file continually launches a casino application, asking for the user’s permission to install it. However, even if the user rejects installation of the program, an icon is created on the Windows desktop, which when clicked, will install the program.
To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters/.
For further information about these and other computer threats, visit Panda Software´s Encyclopedia.
About PandaLabs
Since 1990, PandaLabs’ mission has been to analyze new threats as soon as possible to ensure that our clients are safe. Several teams specialized in each specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.) work 24x7 to offer global coverage. To do this they are supported by TruPrevent™ Technologies, a truly global early warning system made up of sensors that are strategically distributed and neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is the fastest in the industry to offer complete updates (more information at www.pandasoftware.com/pandalabs.asp).
Oxygen3 24h-365d
by Panda Software
Back
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel