The SpreadBanker.A Worm Detected by PandaLabs

A new worm, SpreadBanker.A, uses a YouTube video to trick users and spread, according to PandaLabs. The worm has two components. When the user runs the first of these, it connects to the YouTube page and displays a video. The problem is that at the same time it is downloading the second part of the worm.

SpreadBanker.A is programmed to steal passwords entered in several online banks. Similarly, it can steal the login details for a range of games including Age Of Mythology, GTA, Unreal Tournament, WarCraft or Final Fantasy.

It also makes modifications to the Windows registry and creates copies of itself in several folders belonging to P2P file-sharing applications. These copies have enticing names such as "sexogratis" (free sex) or "crackwindowsvista" to attract users of these networks and spread.

The worm also modifies the hosts file to block access to several web pages related with security products.

"Malware is becoming increasingly sophisticated. In this case it combines the propagation features of worms with the ability of Trojans to steal passwords. This way, cyber-crooks hope to squeeze the maximum profit out of each infection", explains Luis Corrons, technical director of PandaLabs.

write your comments about the article :: 2007 Computing News :: home page