Panda Trojan alert.

Madrid, April 11, 2007 - As much as 57 percent of the malware in circulation reports received by PandaLabs in the last few hours have concerned Cimuz.EL. This malicious code reaches computers in stages. Firstly, a computer is infected with a part of the code that operates as a downloader. This then downloads the rest of the Trojan’s components, which in turn are responsible for the malicious actions.

Once completely installed on a system, Cimuz.EL steals and stores data about the affected computer: email and other programs’ passwords, hardware and software data, IP, location…

This Trojan is also designed to monitor users’ Internet activity. It does this by injecting a DLL in Internet Explorer. In this way, it manages to capture all the data that users enter in online forms (credit card numbers, passwords, etc.). All this information is then sent periodically to the malware creator through a server.

“The characteristics of this malware and the speed with which it is spreading make this one of the most dangerous members of the Cimuz family. Its ability to steal all signs of information, regardless of whether it is useful or not, highlights the interest of cyber-crooks to exploit every infection in order to gather as much data as possible,” explains Luis Corrons, technical director of PandaLabs.

“This Trojan cannot spread by itself, but uses numerous other channels to propagate: Internet downloads, CDs, infected memory sticks, email, etc. For this reason it is essential not to run any file that arrives from unreliable sources,” warns Corrons.