Panda Software´s Weekly Report on Viruses and Intruders

12/8/2006. - FormShared.A is a worm aimed at spreading the SpyForms.S Trojan across P2P file-sharing programs.

To do this, FormShared.A uses its own P2P client. It creates a subfolder called SHARED in the Windows directory. This contains a series of files with false names in order to entice other users to download SpyForms.S voluntarily. These names include: 4SCREENS V3.19 BY MP2K.CZIP, 4T AV V1.8 CD-VERSION FOR PALMOS.CZIP, 4T PUBLICATION 1.2 FOR PALMOS.CZIP, or 4TEAM FOR MICROSOFT OUTLOOK 2002 V1.50.0202 RETAIL.CZIP.

Banker.FOH is a Trojan designed to steal confidential information, such as user names and passwords, from compromised computers. It does this by capturing keystrokes entered by the user, storing them and then sending them out by email.

If Banker.FOH runs on a computer without an Internet connection, an error screen is displayed with the text: Socket Error # 11004.

As with most Trojans, Banker.FOH is not able to spread by itself, and therefore needs the intervention of a malicious user. The means of distribution used vary and include floppy disks, CD-ROMs, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.

Finally, Banbra.DMW is a Trojan designed to steal confidential data from users of a well-known Brazilian bank. Interestingly, this is a ‘one-use’ malicious code which can only be run once on each computer it infects.

Every time it infects a computer, Banbra.DMW sends an email to the creator of the Trojan indicating the username and the time the computer was infected. Once has done this, it hijacks Internet Explorer and waits for the user to access the bank´s web page. Then, Banbra.DMW takes the user to a false web page -created by the Trojan itself- which is an imitation of the original page.

Finally, it compiles the stolen data and sends it out by email, allowing the attacker to commit identity theft and online fraud.

All users that want to know whether their computers have been attacked by these or other malicious code can use ActiveScan. Users can carry out a complete inspection, free of charge, of all the areas of their computers that they suspect may be infected.

For further information about these and other computer threats, visit Panda Software´s Encyclopedia.

About PandaLabs
Since 1990, PandaLabs’ mission has been to analyze new threats as soon as possible to ensure that our clients are safe. Several teams specialized in each specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.) work 24x7 to offer global coverage. To do this they are supported by TruPrevent™ Technologies, a truly global early warning system made up of sensors that are strategically distributed and neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is the fastest in the industry to offer complete updates (more information at www.pandasoftware.com/pandalabs.asp).

Oxygen3 24h-365d
by Panda Software

2006-12-08 12:18

Back

IT News: