Panda Weekly - viruses and intruders - 06/17/05

[Randy_Bell]

- Panda Software's weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)

MADRID, June 17, 2005 - This week, Panda Software's report looks at three examples of malware, the Trojan Downloader.DCM, the backdoor Trojan Dumador.BC, and the hacking tool Looxee. What's more, it includes six new vulnerabilities in Microsoft Windows, classified as critical.

Downloader.DCM is a Trojan that downloads Dumador.BC and runs it. Like the majority of Trojans, it must be manually distributed. When it is installed on a computer, it uses a sophisticated technique to hide from any firewalls that can be installed on the computer: It creates a remote run thread associated to the process explorer.exe, so that the firewall thinks that Explorer is accessing the Internet, when Downloader.DCM is actually accessing. When it connects to the Internet, this thread deletes the downloader file and downloads and runs another file (the backdoor Trojan) from a specific website, pretending to be a temporary file.

Dumador.BC, the file downloaded by the downloader, is a backdoor Trojan that cannot spread by itself. Its function is to allow remote control of the affected computer by opening TCP ports in the computer and receiving remote run command requests. It also logs different user details and modifies the system hosts file to prevent the computer from accessing the websites belonging to antivirus companies.

Looxee is a hacking tool that monitors and logs different activities carried out by the user of the affected computer, such as the email messages sent and received, chats via instant messaging, websites visited and it even captures screenshots, among other actions. Curiously, it has a characteristic that warns the user, if a certain key word is entered. This tool is not dangerous as such, but can be used for malicious purposes.

What's more, a series of vulnerabilities have been reported and are detailed by Microsoft in the bulletins MS05-025, MS05-026, MS05-027, MS05-028, MS05-029 and MS05-030. These vulnerabilities affect various Microsoft applications and have been classified as critical. Therefore, it is recommendable to apply the update in order to keep your computer protected from malware that can exploit these vulnerabilities to get into your computer. The affected applications are Explorer, Windows, SMB (Service Message Block), Web Client Service, Outlook Web Access for Exchange Server 5.5 and Outlook Express.

To prevent these malware or any other malicious code from affecting your computer, Panda Software recommends keeping antivirus software up-to-date. Panda Software clients can already access the updates to detect and disinfect these malicious code.

For further information about these and other computer threats, visit Panda Software's Encyclopedia.