Panda Security’s weekly report on viruses and intruders
August 2008 by Panda
PandaLabs’ report this week includes information about the Banker.LGC Trojan, the GetCode.A worm and the Sality.AG file infector.
Banker.LGC is distributed through an email falsely reporting an accident suffered by the F1 racer, Fernando Alonso. According to the fake email, the Spanish driver had an accident in Bilbao (Spain) and was severely injured. The article has been designed to appear as if it were extracted from a leading national newspaper.
The message includes a link inviting readers to download the video which supposedly contains statements made by witnesses and investigators about the accident. If users click the link, they will download a copy of the Banker.LGC Trojan onto their computer.
This Trojan connects to an IRC channel and awaits instructions from its creator. This malicious code is designed to steal banking data (account numbers, passwords, etc.) from users of a major bank.
GetCode.A is a worm designed to infect files with the following extensions: Mp3, .Wmv, .Wma and .Mp2. It also downloads other malware samples onto the system by connecting to a Web page.
Sality.AG is a highly complex, encrypted and polymorphic file infector. When run, it drops another executable file detected by PandaLabs as Sality.AG.drp onto the computer. It is designed to install a Windows driver which will act as a rootkit. .
The main objective of this virus is to support subsequent infections (probably from Trojans), making their detection more difficult due its polymorphic engine.
"These combined attacks which use more than one type of malware are highly dangerous, since the samples use the features of other samples to go unnoticed and cause damage," explains Luis Corrons, Technical Director of PandaLabs.