PandaLabs Reports a Trojan and Two Worms
A Trojan dubbed Nukulus.A that steals data from users' computers and two other worms namely Addon.A and Winko.A have surfaced on the Internet, according to the weekly report of PandaLabs.
The treacherous Nukulus.A grabs various kinds of information, like banking details, data entered in online forms via HTTP, information filled in Web forms, digital signatures and local certificates. It also diverts web addresses to malevolent web pages designed to conduct online fraud. In this manner, the Trojan attempts to collect users' confidential information.
Nukulus.A is unable to spread of its own. For that, it requires the intervention of the targeted user to enter the affected PC. There are various means through which the Trojan transmits itself to the computer. These are attachments in e-mails, CD-ROMS, floppy disks, IRC channels, FTP, peer-to-peer file sharing networks and so on.
Most often, the cyber crooks combine the password-stealing Trojan with a phishing trick. Such a strategy raises the success rate of the attacks, explained Luis Corrons, technical director of PandaLabs, as published by Pandalabs on July 13, 2007.
The Trojan downloads its own updates alongwith different kinds of malicious files. In addition, it makes many entries to Windows registry. One of these entries makes sure that every time the Windows starts up, the Trojan runs on the computer.
Addon.A (one of the two worms that PandaLabs has reported) downloads nasty files. It spreads via the Foto_cellular.zip file. On running the file, the worm installs the ntoskrnl.exe file in its vulnerable version, which displaces the earlier file. This vulnerability is capable of exploitation by a hacker to gain control of the weakened computer along with its administrator rights. The Addon.A virus runs on every restart of the PC.
The other worm, Winko.A is crafted to download malware onto the infected PC including trojans like Lineage and QQRob that steal passwords. In addition, it downloads the Alexa adware on the affected computer. The worm even creates its own copies on all the available drives like the USB, hard disks, etc.
The Nukulus.A, Addon.A and Winko.A - all three are hard to detect, as they do not give any warning about their presence.
Related article: PandaLabs Report Discusses Movie Trojan and Other Worms
» SPAMfighter News - 26-07-2007