[virusinfo] Panda Weekly report on viruses and intruders - 03/20/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Sun, 20 Mar 2005 12:00:32 -0800

From;
Panda Oxygen3:

"Perfection of means and confusion of goals seem 
             -in my opinion- to characterize our age." 
    Albert Einstein (1879-1955); German-Swiss-U.S. scientist.

            - Weekly report on viruses and intruders -
 Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 20, 2005 - In this week's report on viruses and intruders we
will be looking at three worms, Tobecho.A, Mytob.E; and Elitper.D.

Tobecho.A is a worm with some backdoor Trojan characteristics, as it
listens for remote instructions through a TCP/IP port. These can be
instructions to restart the system, download files, steal information from
the compromised computer, etc. When it runs, it displays a false run-time 
error message.

Tobecho.A spreads via email, in a message that simulates a mail delivery
error message and through the MSN Messenger program.

This worm also prevents users and the applications running on the computer
from accessing the websites of certain antivirus and security companies. It
also terminates certain processes including those belonging to variants of
Netsky, Bagle and Blaster. Finally, Tobecho.A alters the settings of the
affected computer and prevents users from accessing the Windows Registry
Editor, as well as disabling remote administration of the computer's
passwords.

The second worm in this report is Mytob.E, which spreads via email. The
message received by users try to trick them into thinking that they contain
an interesting application (images, etc.). When users run the attachment,
the computer will be infected.

To send itself to other users, Mytob.E looks for email addresses in files
with extensions like HTM, HTML, TXT, etc.

The last interesting malicious code in this report is Elitper.D. It uses
P2P file sharing programs, getting users to voluntarily download one of the
files created by Elitper.D, thinking that it is some kind of interesting
file, films , images, etc., when really they are downloading a copy of the
worm onto their computer.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Panda Weekly report on viruses and intruders - 03/20/05

1. Home
2. virusinfo
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---