PandaLabs Discovered New Worm, Trojan, Virus
In its weekly report, Pandalabs has disclosed a new Pahooka.A worm, a Sinowal.A ransomware Trojan and HiddenXLS.A Virus. According to the report, Pahooka.A worm replaces the computer's wallpaper of the desktop with a multicolored star with a blue background. It then replicates itself, on just one running, to all the mapped drives. Further, it completely alters the captions of all opened Windows, displaying the text "^_^Anti AntiVirus^_^".".
The worm leaves a file, which has the code to delete the contents of folders that belongs to some anti-virus programs. Moreover, it completely transforms the registry in order to conceal the options of Folder, the control panel options, the Run and Search options in start menu, network connections and the faxes and printers options.
Pahooka.A disallows the users to disable, enable or modify the restore settings of the PC. Also, it restricts task manager and registry editor to operate. It frequently connects with some web pages, which install more malware in the infected system and runs whenever the PC is started or a program with an .exe extension is run.
PandaLabs, in another discovery, have uncovered that HiddenXLS.A Virus is the deadly code, which attacks the Excel sheets on the targeted PC. HiddenXLS.A Virus searches for the files that have an .xls extension on a compromised PC, and inserts an executable file at the starting of these files, thus altering their extension to .exe. Hence, whenever the user opens the system, the deadly code operates first.
Last but not the least, Sinowal.A ransomware encrypts the file of a user, making it incapable to access and asks for a ransom to give them the solution to decrypt files and decryption key.
The text file contains the "ransom note" in the computer saying that your files are encrypted with RSA-4096 algorithm. It also says that few months will be taken if the users attempt to decrypt the files without their software. They also informed that all the personal data for last three months is with them. To be rid of this encryption, users need to buy their software that costs $300, as per the news by Net-Security on July 22, 2007.
Related article: PandaLabs Report Discusses Movie Trojan and Other Worms
» SPAMfighter News - 31-07-2007