Panda Weekly - viruses and intruders - 07/22/05

- Panda Software's weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com) ​

MADRID, July 22, 2005 - Today's report looks at the A, B and C variants of the Lebreat worm, two hacking tools -RemoteLogger and AFXFireWall.A- and a type of adware called E-Eliminator.

Lebreat.A, Lebreat.B and Lebreat.C are three email worms with variable characteristics that can also spread via Internet, exploiting the LSASS vulnerability.

The A, B and C variants of Lebreat take a range of action on infected computers including:

- Downloading other malware.

- Launching denial of service attacks against a web page.

- Disabling several Windows tools, such as the task manager and the firewall in Windows XP.

- Creating a mutex to ensure that only one copy of the malicious code is active at any time.

The first hacking tool we're looking at today is RemoteLogger, which can be remotely installed by sending a small installer to the target computer and getting the user to run it. Once installed, it logs keystrokes and can be used to collect personal data -such as passwords- with the threat that this represents for user privacy. This hacking tool can also monitor different users of the same PC.

Information compiled by RemoteLogger can be sent out via email or uploaded to a certain FTP server.

AFXFireWall.A, filters SYN (SYNchronize) packets. When an SYN packet is sent to an unauthorized TCP port, AFXFireWall.A responds with an RST packet, automatically closing the connection. The files of this hacking tool can normally be found in a firewall called FIREWALL.ZIP.

We end today's report with E-Eliminator, an adware installed on computers when users visit certain pages with adult or illegal content. Once it has infected a computer, it displays a page in the browser announcing that all information about what the user has been doing online has been logged. To resolve the situation, the page recommends that users access certain software.

In order to further create a sense of insecurity, and therefore encourage the user to buy the recommended software, E-Eliminator changes the Internet Explorer home page. This adware also changes the search page.

More information about these and other threats is available in the Panda Software Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Mutex (Mutual Exclusion Object): a technique used to control access to resources (examples: programs or even other viruses) and prevent more than one process from simultaneously accessing the same resource.

- SYN packets (SYNchronize): packets used in TCP/IP protocol to syhncronize the connection.

More technical definitions at: http://www.pandasoftware.com/virus_info/glossary/default.aspx