PandaLabs Discusses A Trojan and Two Worms in its Weekly Malware Report
In its weekly malware report for June 2007 PandaLabs focuses on the BankFake.F Trojan, the first two variants of MSNHideOptions worm, and the Grogotix.A worm.
The BankFake.F Trojan is highly malicious because it corrupts nine financial entities. This malware spreads via e-mail or infected downloads. It creeps into PCs in the form of two small tortoises icon. The other Trojan examples are designed for phishing that steals users' bank account information. The latest examples are BanKey.A and BankFake.A.
While these two trojans run, they show a fake page on an online bank website. There the users are asked to key in their bank passwords and account numbers. Unsuspecting users who enter their information end up disclosing their data to fraudsters. To prevent any suspicion by the users, the trojans display an error message regretting a temporary error. This of course happens after the user has entered his data.
This action is a social engineering technique. Malware writers use different ways to lure users so that they infect themselves. Therefore users need to be very careful and simply not open messages they receive from unknown entities however tempting or curious they might be, advises Luis Corrons, technical director of PandaLabs. ComputingNews published this in the end week of May 2007.
When the Grogotix.A worm infects a PC, it creates six copies of itself and all stay on the system. Whenever the user reaches a folder the worm creates a copy of itself giving it the same name as the folder in the same directory and the one preceding it. Also whenever the user operates a file with a name as the original one, the worm again creates a copy of itself.
PandaLabs discovered the A and B versions of the MSNHideOptions worm, also in the first week of June 2007. This worm changes the first page of Internet Explorer where it conceals the Desktop icons and the clock from the alert area.
These Trojan viruses are dangerous in the way they can be easily modified to act on various banks, payment agencies, online casinos etc, said Corrons. HelpNetSecurity published Corron's statement in early June 2007.
Related article: PandaLabs Report Discusses Movie Trojan and Other Worms
» SPAMfighter News - 25-06-2007