Panda Security’s weekly report on viruses and intruders
July 2008 by Panda
This week’s PandaLabs report looks at the Manyasu.A, FJoiner.A and Sinowal.VNL Trojans.
Manyasu.A is an annoying Trojan that slows down all system processes, affecting the computer’s performance.
If a file containing the Trojan is run, it creates three copies of itself under the names k.exe, winllg.exe and winlng.exe. The original file and the three copies all run in resident mode, and make yet another copy, called s.exe. This last file is created and then eliminated repeatedly, creating a loop that slows down the system.
FJoiner.A is a Trojan designed to steal confidential information. This malicious code reaches computers in a file which has a typical image file icon.
In fact, if run, an image is displayed. This is just to mask the real action that the Trojan is performing. It injects code into explorer.exe and iexplore.exe files, causing them to search for confidential data (passwords, etc.) and send it to an Internet address.
Finally, Sinowal.VNL, like other variants of this prolific family of Trojans, is designed to steal passwords and bank details. It can also spoof or tamper with the Web pages of certain banks. For example, it can add a new field to online forms.