Panda Security’s weekly report on viruses and intruders
July 2008 by Panda
This week’s PandaLabs report provides information about the Sinowal.VPB and Spammer.AIT Trojans and the Antivirus2008Pro adware.
Sinowal.VPB uses the Windows API to intercept network communications carried out by users. It is also designed to monitor users’ access to online banks and capture the data entered (credit card numbers, passwords, etc.). Additionally, Sinowal.VPB creates a copy of itself on the system.
The Antivirus2008Pro adware tries to pass itself off as an antivirus to fool users. To do so, once run it displays a screen informing users they are infected. Soon after, it starts to scan the system and reports fake infections (see photo here: http://www.flickr.com/photos/9696103@N03/2678703471/).
In this case, hackers are after the money obtained by selling a pay-version of a false antivirus (see photo here: http://www.flickr.com/photos/9696103@N03/2679524216/)
The Spammer_AIT Trojan is designed to steal all email addresses stored on the system and save them to a file. Then, it opens a port on the computer and adds itself to the list of authorized applications in the Windows Firewall so that cyber-crooks can access the stolen data.
The information stolen from the infected computers is then stored on a web page. This Trojan’s aim is to allow cyber-crooks to store a large number of email addresses for spamming purposes.