Panda: Mitglieder.BO

Discussion in 'malware problems & news' started by Randy_Bell, Mar 6, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    Mitglieder.BO is a Trojan that heavily attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:

    * It deletes key files belonging to them from the affected computer.
    * It deletes the entries in the Windows Registry that allow them to be activated whenever Windows is started.
    * It stops services associated to those programs.
    * It also ends processes belonging to the applications that provide updates for antivirus programs.
    * It prevents access to the websites of their companies.

    Every six hours, Mitglieder.BO attempts to download a file from different web addresses. This file is detected by Panda Software as W32/Bagle.BN.worm.

    Mitglieder.BO is installed by a dropper type malware, which injects the executable file WINSHOST.EXE into the system process EXPLORER.EXE. This dropper is distributed via e-mail by the worm Bagle.BN itself.

    Tech Details:
Thread Status:
Not open for further replies.