Panda Security’s weekly report on viruses and intruders
July 2008 by Panda
PandaLabs’ latest weekly report provides information about the WistaAntivirus adware, and the Buzus.AL and Fractalove.A worms.
WistaAntivirus passes itself off as an antivirus to fool users. When run, the malicious code displays a screen informing users their PC is infected, which is untrue (image here: http://www.flickr.com/photos/9696103@N03/2657324821/).
To disinfect the system, users are invited to download anti-spyware software. If they don’t, the system connects to a Web page and simulates an online computer scan, once again informing users about non-existent infections.
The adware’s objective is purely financial: it makes users believe they are infected so they ’purchase’ the antivirus proposed by the malicious code.
Buzus.AL is a worm with bot functions, designed to steal all sorts of credentials and send them to its creator via FTP. To infect more computers, it tries to spread through different channels (shared folders, removable drives, etc.).
Fractalove.A is a worm that spreads through email. To fool users, it passes itself off as a screensaver by the name of to_my_love.scr. If users download and run the file, they will be infected. To divert users’ attention, it displays a screensaver with red fractals while it is installed on the computer. e.g. http://www.flickr.com/photos/9696103@N03/2657324879/
This worm has keylogger functions; once on the computer, it steals confidential information and sends it to its creator. The data stolen includes IM passwords, mailbox passwords and passwords of programs like webmoney, etc. Fractalove.A uses the information obtained on IM programs and via mail, to be sent through those channels and infect new users.