Panda Virus Alert: Mitglieder.GB trojan

Discussion in 'malware problems & news' started by Randy_Bell, Nov 27, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    - Mitglieder Trojan overtakes Sober -
    Virus Alerts, by Panda Software (http://www.pandasoftware.com)​

    Madrid, November 24 2005 - PandaLabs has reported the appearance of a new variant of the Mitglieder family of Trojans, Mitglieder.GB, which is spreading rapidly, especially across Europe. The most affected countries are Poland, Belgium and France. It is currently the most frequently detected threat by the online antivirus solution Panda ActiveScan, overtaking Sober.AH. This Trojan was intercepted by Panda Software's TruPreventTM Technologies without prior identification, so users of these technologies have been protected against this threat from the outset. This family of Trojans caused a large number of infections on users' computers at the beginning of November, causing the alert level to reach orange.

    Like all Trojans, Mitglieder.GB cannot spread by itself and therefore, must be distributed manually. The samples received come from email messages with a variable subject and message body. However, all these messages contain an attachment in zip format that contains a copy of the Trojan.

    It is easy to identify if this Trojan has affected a computer as its symptoms are clearly visible. When it is run, it opens the predefined image viewer in Windows and shows an image of an operating system logo with a white background that is slightly blurred.

    Once it has been installed, Mitglieder.GB inserts keys in the Registry to ensure it is run whenever the computer is started up and randomly tries to connect to a series of 50 URLs, which are detailed in its code, in order to access the file z.php, which can be used to download other malware to the system, or be malware by itself.

    "We are experiencing a period of frenetic activity for certain malware families, such as Bagle, Mitglieder or Sober, with a large number of variants distributed over a short space of time," explains Luis Corrons, director of PandaLabs. "The main aim of these types of strategies is to release a large number of variants so that the number of infected email messages in circulation is extremely high, posing a risk in itself, due to the confusion it causes users".

    To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

    Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

    More information about this and other threats is available in Panda Software's Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    - ORANGE VIRUS ALERT: Mitglieder.GB Trojan poisons the Internet -
    Virus Alerts, by Panda Software (http://www.pandasoftware.com)​

    Madrid, November 25 2005 - The number of infections caused by the Mitglieder.GB Trojan continue to increase, and it now affects computers around the globe. According to data collected by PandaLabs, Belgium, Poland, Colombia and Portugal are the countries most affected by this threat, as it is already the malicious code most frequently detected worldwide by the online antivirus solution Panda ActiveScan (http://www.activescan.com). To help stop the spread of the new variant of Mitglieder, Panda Software has made its free PQRemove utility available to all users to effectively detect and eliminate Mitglieder.GB from any computer that could be infected. This utility can be downloaded from http://www.pandasoftware.com/download/utilities/

    Along with the distribution of the AH variant of the Sober worm, a large number of infected email messages are being put into circulation worldwide, which means that the current risk of infection is high. "Due to the nature of this Trojan, which unlike Sober cannot spread using its own means, we believe that the creators are making a huge effort to distribute it" explains Luis Corrons, director of PandaLabs. "This month we have seen various attacks of this type, which trust more in overflow techniques than sophisticated techniques to saturate the Internet with malware. This, in some way, "poisons" the Internet, as few emails in circulation are free from malware."

    It is easy know if this Trojan has affected a computer, as when it is run it shows an image of an operating system logo with a white background in the predefined image viewer in Windows. From then on, every four hours it will activate a connection to one of the URLs detailed in its code at random in order to access a z.php file, which could open the door to other malware or contain malware itself.

    This Trojan has been distributed in email messages with a variable subject and message body. However, all these messages contain an attachment in zip format that contains a copy of the Trojan. Therefore, users are advised to take precautions when opening this type of attachment that does not come from a reliable source.

    The proactive protection technologies, TruPreventTM, have detected and blocked Mitglieder.GB without needing to be able to identify it first, and therefore, without needing the updates. For this reason, computers with these technologies installed have been protected from the moment this threat first appeared.

    Panda Software clients that don't yet have TruPreventTM Technologies have the updates available to install them along with their antivirus and ensure they have prevented protection against unknown viruses and intruders. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the antivirus is updated, decreasing the risk of infection. More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent

    To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

    Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

    More information about this and other threats is available in Panda Software's Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/
     
Loading...
Thread Status:
Not open for further replies.