Randy_Bell
June 3rd, 2005, 10:41 AM
- Panda Software's weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
MADRID, June 3, 2005 - The weekly report on virus and intruders for the week May 30 to June 3 describes three variants of the Mytob worm and the two Mitglieder.DC Trojans, as well as Rona.A.
The week started with the appearance of Mytob.DW, which has very similar characteristics to the two variants reported yesterday, Mytob.EB and Mytob.EC. Like the other members of the Mytob familily, they are mass-mailing worms, which spread via email. To do this, they collect all the addresses stored in certain files on the affected computer and send themselves out to them in a file attached to an email message with variable characteristics.
When they reach a computer, these worms create entries in the Windows Registry in order to ensure that they are run whenever the computer is started up. The main actions carried out by these worms are aimed at preventing the user from accessing the websites of security companies and opening a backdoor in the computer in order to connect to a server and wait for commands from a remote user. What's more, the EC variant prevents the antivirus from being updated, with negative consequences for traditional antivirus programs.
Mitglieder.DC is a highly dangerous Trojan, which has spread widely over the last few hours. Its main effects include ending the processes belonging to antivirus products and the update tools associated to them. Similarly, it deletes the Registry entries belonging to the settings of different IT applications in order to cancel them.
It also tries to download a file called OSA.GIF from a long list of URLs it includes. Although this file has a .GIF extension (corresponding to image files), it is actually an executable file belonging to the Downloader.CYB Trojan. Mitglieder.DC cannot spread on its own and must therefore be distributed manually through the usual means of transmission. Over the last few days it has been massively distributed via email.
Finally, Rona.A is a powerful Trojan designed to log the activity of the users that receive it. It is capable of monitoring active processes, the keystrokes entered and the websites visited, capturing screenshots and even videos of the user's activity. This Trojan is easy to identify, as it displays a dialog box that passes itself off as a program for securely exchanging messages. It cannot spread on its own and must therefore be distributed through traditional means: IRC, FTP, P2P file sharing applications, email and other physical supports for exchanging information.
To prevent these malware or any other malicious code from affecting your computer, Panda Software recommends keeping antivirus software up-to-date. Panda Software clients can already access the updates to detect and disinfect these malicious code.
For further information about these and other computer threats, visit Panda Software's Encyclopedia available at http://www.pandasoftware.com/virus_info/encyclopedia/
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
MADRID, June 3, 2005 - The weekly report on virus and intruders for the week May 30 to June 3 describes three variants of the Mytob worm and the two Mitglieder.DC Trojans, as well as Rona.A.
The week started with the appearance of Mytob.DW, which has very similar characteristics to the two variants reported yesterday, Mytob.EB and Mytob.EC. Like the other members of the Mytob familily, they are mass-mailing worms, which spread via email. To do this, they collect all the addresses stored in certain files on the affected computer and send themselves out to them in a file attached to an email message with variable characteristics.
When they reach a computer, these worms create entries in the Windows Registry in order to ensure that they are run whenever the computer is started up. The main actions carried out by these worms are aimed at preventing the user from accessing the websites of security companies and opening a backdoor in the computer in order to connect to a server and wait for commands from a remote user. What's more, the EC variant prevents the antivirus from being updated, with negative consequences for traditional antivirus programs.
Mitglieder.DC is a highly dangerous Trojan, which has spread widely over the last few hours. Its main effects include ending the processes belonging to antivirus products and the update tools associated to them. Similarly, it deletes the Registry entries belonging to the settings of different IT applications in order to cancel them.
It also tries to download a file called OSA.GIF from a long list of URLs it includes. Although this file has a .GIF extension (corresponding to image files), it is actually an executable file belonging to the Downloader.CYB Trojan. Mitglieder.DC cannot spread on its own and must therefore be distributed manually through the usual means of transmission. Over the last few days it has been massively distributed via email.
Finally, Rona.A is a powerful Trojan designed to log the activity of the users that receive it. It is capable of monitoring active processes, the keystrokes entered and the websites visited, capturing screenshots and even videos of the user's activity. This Trojan is easy to identify, as it displays a dialog box that passes itself off as a program for securely exchanging messages. It cannot spread on its own and must therefore be distributed through traditional means: IRC, FTP, P2P file sharing applications, email and other physical supports for exchanging information.
To prevent these malware or any other malicious code from affecting your computer, Panda Software recommends keeping antivirus software up-to-date. Panda Software clients can already access the updates to detect and disinfect these malicious code.
For further information about these and other computer threats, visit Panda Software's Encyclopedia available at http://www.pandasoftware.com/virus_info/encyclopedia/