Panda Weekly - viruses and intruders - 09/02/05

Discussion in 'other security issues & news' started by Randy_Bell, Sep 2, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    - Panda Software's weekly report on viruses and intruders -
    Virus Alerts, by Panda Software (​

    Madrid, September 2, 2005 - This week's report will look at two Trojans called Banker.AMQ and Downloader.ENC and two hacking tools, 007Spy and KeyMask.

    Banker.AMQ carries out several actions on the computers it infects, including the following:

    - It checks if an Internet connection is available and if there is, it sends an email to an account belonging to the domain, notifying its author that it has installed itself on the computer.

    - It monitors if the user visits web pages belonging to various Brazilian banking entities. If the user visits one of these pages, it displays a malicious web page in Internet Explorer, which is a copy of the page requested by the user, requesting confidential details, such as the user name and password, depending on the bank it is imitating. After collecting the information, it returns an error message in Portuguese in order to try to confuse the user and avoid raising suspicion. Then, it sends the data it has obtained to an email address.

    - It looks for files belonging to the Windows Address Book and digital certificates and sends them to a server via FTP.

    The second Trojan is Downloader.ENC, which has been found in certain web pages, one of which is dedicated to hurricane Katrina and the Zotob worm. In order to download and run on computers, this worm exploits the vulnerability reported in the Microsoft bulletin MS05-001. Once installed on a computer, Downloader.ENC tries to download a variant of the Dedler worm from a web page.

    The first hacking tool in today's report is 007Spy, which can capture screenshots and log keystrokes, as well as registering the websites and files accessed by the user. It can send the information it collects via email or FTP.

    007Spy can run hidden in the system, so that the user is not aware that it is installed on the computer. What's more, it can avoid being detected by several antispyware programs and allows a password to be set to prevent anybody from accessing the program.

    We are going to finish today's report with KeyMask, a hacking tool that logs the keystrokes entered by the user. To control the monitoring process, it creates a file called KH.DLL, which exports the following functions: Stara, StartMaskKey and StopMaskKey.

    KeyMask can collect passwords and other confidential information, compromising user privacy.

    More information about these and other IT threats is available in Panda Software's Encyclopedia at
Thread Status:
Not open for further replies.