A Week of Different Types of Malware
PandaLabs released its weekly (March 19 to March 25' 07) malware report on different kinds of malware that include the VideoCach adware, the ReverseClick.A Trojan horse, the PUP (potentially unwanted program) XPCSpy, and the Piggi.B worm. The lab also disclosed how malware writers are increasingly relying on rootkits.
The Piggi.B worm employs rootkit techniques to hide the infection in the system. This worm multiplies through e-mail and exploit fake sender addresses of security or Internet-related companies. The Piggi.B worm, while moving the original file (from a popular Internet browser) to the Windows system directory's subfolder, replicates itself as iexplore.exe to Programs Files folder. As a result, every time users run IE, they first have to run Piggi.B, reported net-security.org on March 16, 2007.
The Trojan ReverseClick.A is crafted to revert the function of primary and secondary buttons of the mouse and stop executable file from being operated. Also, it has several other irksome impacts for user - concealing the Desktop icons and My Computer disk drives, and disabling the Task Manager and Windows registry Editor. It eliminates other features, like Recycle Bin on the Desktop, or Windows Explorer Search button, and halts the menu shown when you right-click on an item.
PandaLabs has identified the emergence of a new adware variety, VideoCach. The malevolent code is designed with a purpose to deceitfully promote some security applications. It consists of the novelty of employing rootkit techniques. Adware VideoCach creates shortcuts on desktop and shows fake infection warnings. Also, it opens the IE windows fraudulently informing users about malware installation on the system.
Luis Corrons, Technical Director, PandaLabs, said that without remarking on the efficiency of these security applications, the main issue is the method of their promotion, using malevolent code like VideoCach and threatening users with fake reports of non-existing infections. home.nestor.minsk.by reported him on March 16, 2007 saying that users, under any circumstance, should not download security application via pop-advertisements, or through shortcuts appear suddenly on desktop.
XPCSpy too employs rootkit techniques to hide its activities. It's a PUP (potentially unwanted program) made to spy on the users who have installed it on their systems. It conducts nasty activities like capturing keystrokes or screenshots and keeps web log of pages visited, conversations held through IM (instant messaging), or e-mails sent.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 30-03-2007