contents | software | |||||||
| Panda Software's Weekly Report on Viruses and Intruders This week's report looks at the Nabload.TH and Banker.FFX Trojans, the Spamta.LZ worm and the Radoppan.A virus. Nabload.TH is a Trojan designed to connect to certain web pages from which it downloads the Banker.FFX Trojan. While it is downloading the Trojan, Nabload.TH distracts users' attention by showing a video clip. As with most Trojans, Nabload.FH is not able to spread by itself, and therefore needs the intervention of a malicious user. Banker.FFX is a Trojan that monitors Internet traffic generated when users access the web pages of certain banks including the Banco do Brasil or Bradesco. When users access these web pages, the Trojan displays an imitation login screen. It therefore manages to capture confidential data from users which can then be used fraudulently. This data is then sent to an email address set by the creator of the Trojan. Spamta.LZ is an email worm aimed at spreading a Trojan called SpamtaLoad.BE. It does this by sending email messages with attachments that contain the Trojan. These messages have variable subject fields and text, and the name of the file containing SpamtaLoad.BE is also variable. This Trojan downloads also Spamta.LZ onto the system, so that the cycle is repeated with every infected computer. Finally, Radoppan.A is a virus that also has worm characteristics. It is designed to infect all executables it finds on the infected computer. It also installs the rootkit Krpan.D to hide its processes and files, as well as its entries in the Windows Registry. In order to spread, it copies itself to shared resources and uses its own SMTP engine to distribute itself via email. write your comments about the article :: © 2006 Computing News :: home page |