PandaLabs Reports One Trojan & Three Worms as Top Malware
As per a PandaLabs report, the most active malware that emerged during January 25-31, 2008 were Trojan Nabload.CXU and worms Chike.B, Lineage.HIT, and WoW.SI. An adware named Comet, which displays banners, pop-ups, ads etc., occupied the third place. Net-security.org published the report on February 2, 2008.
The new Nabload.CXU Trojan horse spreads through e-mails using the title "A Pessoa com o Maior Rabo do Mundo" and text, both in Portuguese-language, as well as a video link. Users who try the link would really be downloading the Trojan horse onto their systems following which the malware plays a video from YouTube to hide its actions.
Though a worm, Lineage.HIT has the features of Trojan. It captures infected systems' sensitive information and also usernames and passwords used to sign up online games like Maple Story.
The similar password-stealing worm WoW.SI drops a copy of itself on the system drives' root directories. As a result, it can drop copies of itself on removable devices like USB sticks, hard disk (external) etc., and spread to other computers to which the device is connected. The worm also installs a rootkit onto the infected computer to conceal its actions while its detection becomes difficult. In addition, WoW.SI links to a HTTP address to download its own copy and a malware-laden file.
The worm Chike.B proliferates by dropping its own copies on shared folders and removable drives. This malware changes the settings on Windows Explorer, deactivates the Windows registry and cripples the feature for system restoration.
According to Director Matt Richard of iDefense Rapid, this attack has several components such as implanting malicious software and grabbing private credentials, which, together with the money spinning component, could help criminals turn it to their advantage, as reported by Washingtonpost on January 25, 2008.
Richard added that the problem scammers with these malware face is that they can cash in on the stolen bank account and credit card credentials by either selling them off or by hiring people to assist them in clearing money from the accounts.
Data collected at the 'infected or not' Website revealed that the Bagle.HX virus caused most infections. Also, about 27.15% of protected computers had some malware infection.
Related article: PandaLabs Report Discusses Movie Trojan and Other Worms
» SPAMfighter News - 12-02-2008