Panda Security’s weekly report on viruses and intruders
December 2008 by Panda
This week’s PandaLabs report looks at the Emogen backdoor Trojan, and the Autorun.AOL and Moonlight.V worms.
Emogen (named Jumper Trojan by its creators) is a backdoor Trojan which includes a tool that allows cyber-crooks to manage infections.
Through this malicious code, attackers can; manage files, capture screenshots, capture camshots, capture keystrokes (keylogger activity), steal passwords, manage installed applications, manage processes, etc. Emogen can even chat with the infected victim, and obtain statistical data of its infections through the console.
"Until recently, this malicious code was sold together with the management console for 80 euros. Now, it is distributed in different forums for free. Consequently, infections will probably rise," explains Luis Corrons, Technical Director of PandaLabs.
Autorun.AOL is a worm that exploits a Microsoft Windows vulnerability to spread (MS04-011). It tries to connect to an IRC channel, where it awaits its creator’s instructions, accessing all the system ports. Additionally, it spreads through external drives.
MoonLight.V is another worm designed to send spam to the contacts users have on their computers. This worm attaches a copy of itself to the spam messages in order to spread, and uses its own SMTP engine to send the emails.
Spam message subjects include:
• Tolong Aku..
• Registration Confirmation
• RE:HeLLO GuYs
It also spreads through P2P networks.