[virusinfo] Panda Software weekly report on viruses and intruders - 4/29/05]
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Fri, 29 Apr 2005 11:42:05 -0700
From; Panda Virus Alerts:
- Panda Software weekly report on viruses and intruders -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
Madrid, April 29, 2005 - This week's report on viruses and intruders looks
at the Kedebe.B and Nopir.A worms, as well as the Bancos.NL Trojan.
Kedebe.A is an email worm whose main danger lies in the fact that it leaves
systems defenseless against attacks from other malware. This malicious code
spreads in the form of attachments to other emails with variable
characteristics, as both the subject and the message text are selected from
a predefined list of options.
If a user were to run a file containing Kedebe.A, this would generate two
files on the system. One of these contains a copy of the worm, while the
other is a text file that reads: "Properly infected. Kill those fools,
Mydoom-er and Bagle-r!! They're DEAD!! EthioLove.X!!".
Kedebe.A finalizes memory processes corresponding to security and antivirus
applications. Similarly, it modifies the HOSTS file, to prevent access to
several web pages related to IT security. It also makes an entry in the
Windows registry to ensure it is run on every system start-up.
Nopir.A is designed to spread across P2P networks, deleting files with COM
and MP3 extensions that it finds on the computer. For this reason, some
media sources have dubbed it an "anti-pirate" worm, but really it is a
dangerous type of malware that can cause serious damage to systems. It
prevents systems from running Windows 2003/XP/2000/NT from starting up, as
it deletes the NTDETECT.COM file.
If a user were to run a file containing, an 'anti-pirate' image is
displayed on screen. At the same time, it disables the Windows registry
editor, the task administrator and the control panel. In order to spread,
Nopir.A uses the eMule file-sharing program. It does this by generating a
file called ANYDVD 5.1.0.1 CRACK+KEYGEN BY RAZOR.EXE in the folder of this
program which other users can download to their computers without realizing
that it really contains a copy of Nopir.A.
Finally, the Bancos.NL Trojan is designed to intercept confidential data
from clients of more than 2,500 bank portals. This Trojan cannot spread
under its own steam, and needs third-parties to intervene manually, using
traditional propagation methods such as floppies or CDs or through Internet
downloads, email, FTP transfers, P2P networks, etc.
Once a user runs a file containing the Trojan, it is installed on the
system as MSCVC.EXE, and starts to monitor the user's Internet activity,
waiting for it to connect to one of the 2,500 Internet addresses listed in
its code. When this happens, it logs the information entered by the user
related to credit cards, account numbers, passwords, etc. This information
is sent to a server where it can be collected by cyber-crooks.
More information these and other threats is available from Panda Software's
Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/
------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Panda Software weekly report on viruses and intruders - 4/29/05]
