Panda: Mitglieder.BO

Discussion in 'malware problems & news' started by Randy_Bell, Mar 6, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    Mitglieder.BO is a Trojan that heavily attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:

    * It deletes key files belonging to them from the affected computer.
    * It deletes the entries in the Windows Registry that allow them to be activated whenever Windows is started.
    * It stops services associated to those programs.
    * It also ends processes belonging to the applications that provide updates for antivirus programs.
    * It prevents access to the websites of their companies.

    Every six hours, Mitglieder.BO attempts to download a file from different web addresses. This file is detected by Panda Software as W32/Bagle.BN.worm.

    Mitglieder.BO is installed by a dropper type malware, which injects the executable file WINSHOST.EXE into the system process EXPLORER.EXE. This dropper is distributed via e-mail by the worm Bagle.BN itself.

    Tech Details:
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.