PandaLabs Reports Three Critical Malware
In the fourth week of August 2007, PandaLabs analyzed three critical malware samples - the Nugache.M and MSNHorn.A worms, and the Legmir.ASG Trojan.
The MSNHorn.A worm spreads through an attachment in a message on MSN Messenger, infecting the user's computer and other contacts on it in the process. The infection spreads by opening the attachment.
According to PandaLabs, online miscreants use such types of messages to lure users into opening the attached document file that installs the malware and infects their computer systems. Help Net Security published this on August 24, 2007.
PandaLabs further described the MSNHorn.A as a downloader Trojan that downloads a large number of malware items onto computers. These also include Torpig.DX and Inject.K trojans that are crafted to grab confidential information.
A variant of the worm, called 'W32/Rodok-A' or 'Henpeck', first appeared on the Internet in 2002 by spreading through MSN Messenger instant messaging application of Microsoft.
Anti-virus provider Sophos reported that the worm creates a backdoor on the infected system and e-mails product keys for well-known computer games like 'Half-Life' to an unknown e-mail account on the Web.
The second worm, Nugache.M, that PandaLabs reported spreads via e-mail messages showing different subjects like 'ok', 'hey', and 'here'. The messages have an attached file named 'my pic.sc' and 'self nude.scr' that contains the worm. Any user who opens the attachment infects his/her machine. The malware is also capable of spreading through IRC and instant messaging.
Nugache.M performs various malicious activities after infecting the computer. First it records the user's keystrokes and collects the victim's credentials. And it makes a connection to an IRC server and carries out the instructions of its creator. Such instructions could be to launch Denial of Service (DoS) attacks by linking to an FTP server or using the affected PC as a Web server.
Another harmful Trojan, the Legmir.ASG Trojan, infects computers through e-mails or via downloaded files. The malicious code is capable of disabling some anti-virus programs thus helping it to perform malicious actions such as creating a malicious file capable of its own deletion, and adding new entries to the Windows registry.
Related article: PandaLabs Report Discusses Movie Trojan and Other Worms
» SPAMfighter News - 11-09-2007