Panda Security’s weekly report on viruses and intruders
April 2009 by Panda
This week’s PandaLabs report looks at the Banker.LSJ banker Trojan, the Autorun.ITS worm and the PrivacyCenter worm.
When run, Banker.LSJ opens a spoof bank application which informs users that the program is about to update. It then displays a window requesting users’ bank details. If users provide them, the information is sent by the Trojan to its creator.
You can find images of the process here: http://www.flickr.com/photos/panda_security/tags/bankerlsj/
Autorun.ITS is a worm designed to carry out several modifications to the Windows Registry, which prevent the computer from working correctly. However, due to a programming error it only prevents the user from taking the following actions:
* Running quick and direct searches, as it disables the Find option in the Start menu.
* Restoring the system to a previous status.
This worm also modifies the desktop background, replacing it with the Windows default background. It also modifies the homepage of Internet Explorer.
PrivacyCenter is a fake antivirus. Like other adware of this type, it makes users believe they are infected, displaying a warning and carrying out a spoof system scan from the Internet to display infections that do not exist. Once the scan is complete, it offers users the possibility of downloading a version of the antivirus.
On accepting, users download a file called SCANNER.EXE. When run, this file is installed in the fake security program without the user being able to Cancel or Close the installation, as these options are disabled and the process of displaying false scans is repeated.