“You Tube” And Dotex Worms - Top Malware In This Week

According to the news by Help Net Security on June 15, 2007, Panda labs report of this week examines two most harmful worms viz. Dotex.A and SpreadBanker.A. The report also studies the six security settlements initiated by Microsoft, to repair 15 flaws in many company's users.

The Dotex.A worm link itself to a web page from where it downloads two more malware flaws namely QQRob.OI Trojan and QQPass.AFD worm. Consequently, these two flaws connect to another web page and continue downloading various genres of Lineage family in the infected PC.

The worm Dotex.A comes in the infected PC as it copies itself as hidden file in various mapped drives and directories. For making the copies of worms not visible to the user, these worms delete and modify the Windows registry, thus, preventing the user from seeing the hidden files.

SpreadBanker.A worm is designed to leak out passwords from various online banks. Further, it can also steal the details of login for a series of games viz. Final Fantasy, GTA, War Craft, Unreal Tournament and Age of Mythology.

As per the news published by Help Net Security on June 15, 2007, Luis Corrons, Panda labs' Technical Director said that stealing password for online games had been gaining popularity. The excitement of getting high scores, add-ons and many 'premium content' for the games are some of the strong reasons to convince people to pay for it. This technique is greatly accessed by cyber-criminals to gain maximum profit by selling passwords from authorized users with high points.

As per the officials of Panda labs, the worm takes the help of YouTube video to cheat the users. This worm has two parts, when the user uses the first part; it shows a video and connects to the YouTube page. The major problem is that, at this point, it simultaneously installs the second component of the video.

The new worm SpreadBanker.A also replicates itself in various folders, which belong to P2P file-sharing applications and bring some changes in the Windows registry. These copied files have attractive names such as "crackwindowsvista" and "sexogratis" (free sex) to lure users of this genre and spread.

According to the reports by Computing News on June 13, 2007, Corrons explains that malware is emerging as a more sophisticated business as it is a perfect blend of the ability of Trojan to leak password with the propagation features of worms. Therefore, the hackers anticipate maximum profit from every attack.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 7/2/2007