[virusinfo] [Panda Software's weekly report on viruses and intruders - 4/22/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Fri, 22 Apr 2005 09:02:33 -0700

From; Panda Virus Alerts:

- Panda Software's weekly report on viruses and intruders-
          Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, April 22, 2005 - This week's report on viruses and intruders
includes several new threats that have emerged this week; two variants of
the Mytob worm, a variant of the Mitglieder Trojan and a new version of the
Bancos Trojan.

The new variants of Mytob -Mytob.BC and Mytob.BD- open backdoors in
affected computers. This action allows the BC variant to connect to a web
server and the BD variant to connect to an IRC server, where they wait for
commands from a malicious user. What's more, they modify the system HOSTS
file so that the user cannot access the websites of certain antivirus
companies. These worms spread via email, across networks protected with
weak passwords and by exploiting the LSASS vulnerability. They also
download other malware, such as the Faribot.A worm. 

The Bancos.FC Trojan has also appeared this week. This malicious code goes
memory resident and has keylogger functions. Bancos.FC waits for a dialup
modem connection to be established (it only affects this type of
connection). When this happens, it checks if the websites visited coincide
with the address of any of the banking entities included in its code. If it
finds any matches, it collects the information entered through the keyboard
and sends it to an Internet server. Bancos.FC cannot spread alone, it needs
external intervention to do so.

Finally, Mitglieder.CG is a Trojan that aims to disable certain security
tools (antivirus and firewalls), which could be installed on the computers
it affects. To do this, it can delete files and Registry entries or end the
processes running in memory. What's more, it modifies the system HOSTS file
so that the user cannot access the websites of certain antivirus companies.

Mitglieder.CG seems to have been mass-mailed, either manually or through
zombi computers, and tries to download other malware from different
websites. 

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] [Panda Software's weekly report on viruses and intruders - 4/22/05

1. Home
2. virusinfo
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---