Panda Software's Weekly Report on Viruses and Intruders

This week's report looks at the Spamta.IC and Mytob.QA worms, and the well as the ProxyServer.D Trojan.
Spamta.IC is a worm designed to send the SpamtaLoad.N Trojan via email. Messages sent out purport to be 'send failure' notices, and include an attachment, containing the Trojan, with the typical text file icon. However, if the user runs the file, the system becomes infected by SpamtaLoad.N. This Trojan then carries out a series of actions including downloading Spamta.IC onto the target computer.

Also, Spamta.IC creates a series of entries in the Windows Registry in order to ensure it is run every time the system is started up.

Mytob.QA is a worm with backdoor characteristics that connects to a server waiting to receive commands from a remote attacker. In order to propagate, Mytob.QA looks for email addresses in the files of infected computers and sends out messages with the subject Account Alert. The actions performed by this worm include termination of memory processes belonging to several security tools such as antivirus programs or firewalls.

Finally, ProxyServer.D is a Trojan designed to download several files from a web page, using rootkit techniques to hide them. The Trojan also installs a driver and creates a proxy server on a random port of the affected computer. ProxyServer.D can even monitor the Internet connection speed of each computer it installs on. To do this, it tries to download the ICQ program from a web page and sends a call to several IP addresses to check the response time.

Like most Trojans, ProxyServer.D cannot spread automatically, but needs intervention from malicious users. The means of distribution used vary and include floppy disks, CD-ROMs, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.

write your comments about the article :: 2006 Computing News :: home page