[virusinfo] Mitglieder Trojan is being mass mailed- 4/21/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Fri, 22 Apr 2005 08:55:09 -0700

From; Panda Virus Alerts:

- A new variant of the Mitglieder Trojan is being mass mailed -
        Virus Alerts, by Panda Software (http://www.pandasoftware.es)

MADRID, April 21st, 2005 - PandaLabs has detected the mass mailing of spam
that contains the new and dangerous CG variant of the Mitglieder Trojan
(also known as Bagle.bn by other security companies). Data collected by the
international PandaLabs network shows that this new malicious code is
starting to spread rapidly across several countries.

The email messages in which this new Trojan has been detected have a blank
subject and message body and include an attached file called work.zip.
However, users should be careful, as this Trojan is being spammed out
manually or through zombi computers and therefore, the characteristics of
the email message carrying Mitglieder.CG could be totally different.

If the user runs the file containing Mitglieder.CG, the Notepad application
will be opened, displaying the word 'Sorry'. At the same time, a file
called winshost.exe is created in the Windows system directory on the
affected computer. When the computer restarts, this file will be run and
create another file called wiwhost.exe. This file will modify the host file
so that the user will not be able to access certain websites; mainly
websites related to antivirus programs and IT security. 

In addition, the Trojan deletes files and Registry entries and stops
processes related to security applications that could be installed on the
computer.

According to Luis Corrons: "the aim of Mitglieder.CG is to download malware
to the computer. It does this by connecting to a large number of Internet
addresses and trying to download files, which could predictably contain
other malware, such as backdoors, spyware, adware, bots, etc. This allows
the authors of these malicious code to create networks of infected
computers in order to launch attacks on other computers or collect hundreds
of thousands of email address to send spam to."

Due to the wide circulation of this Trojan, Panda Software advises users to
take precautions and to update their antivirus software. Panda Software has
made the corresponding updates available to its clients to detect and
disinfect this new malicious code.

Panda Software's clients can already access the updates for installing the
new TruPrevent(tm) Technologies along with their antivirus protection,
providing a preventive layer of protection against new malware. For users
with a different antivirus program installed, Panda TruPrevent(tm) Personal
is the perfect solution, as it is both compatible with and complements
these products, providing a second layer of preventive protection that acts
while the new virus is still being studied and the corresponding update is
incorporated into traditional antivirus programs, decreasing the risk of
infection. More information about TruPrevent(tm) Technologies at:
http://www.pandasoftware.com/truprevent.

In order to help as many users as possible scan and disinfect their
computers, Panda Software offers Panda ActiveScan, free of charge, at
http://www.pandasoftware.com. ActiveScan is also available to webmasters
that want to include it on their websites. Those who would like to include
it on their sites can request the HTML code from 
http://www.pandasoftware.com/partners/webmasters/

For further information about Mitglieder.CG, visit Panda Software's Virus
Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Mitglieder Trojan is being mass mailed- 4/21/05

1. Home
2. virusinfo
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---