Panda Security: Virus almanac 2008 – Part two
January 2009 by Panda Security
Panda Security has compiled a list detailing some of the malicious codes which, without having caused large-scale epidemics, have stood out for one reason or other during the second half of the year.
P2PShared.U, the hamburger worm. This malicious code is distributed in an email with the subject: “McDonalds wishes you Merry Christmas!”. Inside, the message claims to offer a coupon for a free McDonald’s meal. However, the coupon is really the worm. Without a good security solution, the only thing users will get free with this message will be indigestion.
Agent.JEN, the fake messenger. Imagine a messenger calling at your door claiming to have a parcel for you, yet when you open the door, hordes of criminals invade your house. Well this is what Agent.JEN does to your computer. It arrives in an email claiming to have been sent by UPS. Anyone downloading and opening the attachment will launch the Trojan which immediately downloads other malware onto the computer.
Banbra.FXT, the court order. Under the guise of a message from the Brazilian courts, Banbra.FXT informs recipients that they are being investigated and offers them a report detailing the accusations that have been made. This report however, is just a copy of the Trojan. Once installed on a computer, it will steal bank passwords, account details, etc.
Banker.LGC, you can’t believe everything you read. Has F1 driver Fernando Alonso had a traffic accident? No! This is just a story invented by this Trojan to entice users to view an attached video. Those who download and open the video will infect their systems with yet another Trojan designed to steal bank details.
Sinowal.VTJ, a virus that complains about receiving viruses. This is perhaps one of the oddest malicious codes to have appeared in the second half of 2008. It reaches computers in an email from an anonymous person claiming that the recipient has been sending them viruses and threatening to inform the police. It attempts to trick the user into opening and printing an attachment which it claims is proof of the messages that have been sent. The attachment, however, simply contains a copy of the Sinowal VTJ Trojan.
BatGen.D, the Spanish chef. This malicious code is a specialist in preparing malware of all types. It reaches computers in a file called “personalcake.bat”. This is in fact a tool for creating malware, and when asking what name users want to give the creation, it asks: “selecciona el nombre del pastel” (choose a name for the cake).
Aidreden.A, a macabre soothsayer. As if it wasn’t strange enough a malicious code predicting users’ futures, stranger still is one telling them they’re going to die. Yet this malware does exactly that, after infecting a computer it displays the message: “you will dead (sic) next month”. The dialog box also includes the option “OK”. Although it’s difficult to imagine many users agreeing to this.
Banker.LLN, the president-elect. This Trojan reaches computers in a file called “barackobama.exe” with an icon of the US flag. Unsurprisingly, this malicious code has nothing to do with the president-elect. Just another vile Trojan designed to steal bank details.
Banbra.GDB, the Brazilian police. When the police come knocking, it’s a good idea to open. Unless it’s really a Trojan. Banbra.GDB reaches computers in an email claiming to have been sent by the Brazilian police. This email tells users that their computer is being used for illegal activities and invites them to download a report supposedly containing evidence. However, anyone who runs the attachment will find their computer infected by a banker Trojan.
Spammer.AKE, a dangerous friend. This worm is spread in emails containing a variety of messages, all related to friendship and love. But don’t be fooled. This is no friend, as it will infect your computer and use it to send spam.