Panda Virus Alert: Mitglieder.FK trojan

Discussion in 'malware problems & news' started by Randy_Bell, Nov 1, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    - New Mitglieder Trojan variant spreads worldwide -
    Virus Alerts, by Panda Software (http://www.pandasoftware.com)​

    Madrid, November 1, 2005 - PandaLabs reports on the new Mitglieder Trojan variant, named Mitglieder.FK, distributed in computers all over the World. The initial spread of this new variant has been distributed manually using spamming techniques in the last hours and infecting a large number of computers.

    This Trojan has been sent in e-mail messages with variable features: it includes no subject and the message body contains the texts "info" or "texte", and in every case includes a compressed attachment with different names from the following list:

    *Health_and_knowledge.zip
    *Sms_text.zip
    *Max.zip
    *Business.zip
    *The_new_price.zip
    *Info_prices.zip
    *Business_dealing.zip

    These attachments include an EXE archive which is a copy of the Trojan that if opened, will infect the system. If this happens, the Trojan will try to contact a series of URLs, from which it tries to download a file that is supposed to be copied in the Windows system directory with the name exefld\ and a random number appended. These URLs are hosted in domains from countries like Russia, Poland and Germany. Also, the Trojan would modify two registry keys in order to ensure its execution in every startup.

    "Even though the Trojan doesn't seem to be technically sophisticated, it has infected a significant number of computers, probably because it has been massively distributed to a great number of email addresses", states Luis Corrons, director of PandaLabs.

    To prevent Mitglieder.FK or other malicious code from getting into your computer, Panda Software advises all users to keep their antivirus software up-to-date. Panda Software has already made the corresponding updates to detect and eliminate this new malicious code available to clients.

    Platinum and Titanium 2006 users have always been protected against this threat thanks to the TruPrevent(tm) Technologies by Panda Software, which have proactively stopped the Trojan without knowing it.

    In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan.

    For more information, visit Panda Software's Virus Encyclopedia.
     
    Last edited: Nov 3, 2005
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Panda Virus Alert: Mitglieder.FK trojan removal tool

    - ORANGE ALERT: Panda Software offers a free tool
    to eliminate the Trojan Mitglieder.FK -
    Virus Alerts, by Panda Software (http://www.pandasoftware.com)​

    Madrid, November 2 2005 - To prevent the Mitglieder.FK Trojan from continuing to spread, above all across computers that do not have adequate anti-malware protection installed, Panda Software has made its free PQRemove utility available to all users to effectively detect and eliminate this threat from any computer that could be affected. This utility can be downloaded from http://www.pandasoftware.com/download/utilities/

    This Trojan is causing a significant number of incidents worldwide, above all in Poland, where it is already the most active threat over the last few hours, as well as in Spain and the USA. It is also one of the 5 most widespread attacks worldwide, according to data collected by the online anti-malware tool Panda ActiveScan. New variants of this Trojan have started to appear over the last few hours, with similar infection techniques.

    To avoid being affected by this threat, it is important to remember that this Trojan has been propagated in an email message with a blank subject and with texts like Texte" or "Info" in the message body. This message includes an attached file with a .zip extension and a variable name Health_and_knowledge, Sms_txt, Max, Business, The_new_price, Info_prices or Business_dealing).

    The compressed file contains an EXE file that, when run, installs the virus on the computer. When installed on a computer, the Trojan tries to download a file from a long list of URLs. At the time of writing this press release, these download links are inactive.

    TruPreventTM proactive detection technologies from Panda Software block this Trojan without the need for prior updates, so systems with these technologies installed have been protected from the moment that this malicious code appeared. More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent

    To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.pandasoftware.com/home/default.asp. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters/

    Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

    For more information about these and other malicious code, visit Panda Software's Virus Encyclopedia www.pandasoftware.com/virus_info/encyclopedia
     
    Last edited: Nov 3, 2005
Loading...
Thread Status:
Not open for further replies.