Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Panda Security’s weekly report on viruses and intruders

April 2009 by

This week’s PandaLabs report looks at the Hiloti.A Trojan, PersonalAntivirus and IRCBot.CML worm.

When run, the Hiloti.A Trojan sets the Mandatory Integrity Control level (MIC) to low. This way, it can run any file downloaded without the user noticing. In this case, it downloads the Lop adware, designed to show advertising messages.

Additionally, Hiloti.A logs onto Internet Explorer as a BHO (Browser Helper Object), monitoring Internet browsing. If users use Firefox, the malware injects a code on the pages monitored (over a hundred) to redirect searches carried out on those domains to pages that contain more malware to be downloaded.

PersonalAntivirus is a fake antivirus. As with all such adware, PersoanlAntivirus is designed to convince users that the system is infected with malware. To do so, it performs a false scan of the affected system, during which it detects several malware samples

If users click "Remove", a form will be displayed asking users to pay for the license, and a false warning message will appear indicating the computer is at risk

Finally, IRCBot.CML is a worm that allows remote intruders to access and control the computer via IRC. This worm passes itself off as a photo to reach computers, but once run displays an error message with the text: "Picture can not be displayed".

Next, IRCBot.CML opens several ports and tries to connect to an FTP server to send the user’s data, keystroke captures, etc.

This worm spreads through MSN Messenger, trying to infect all the user’s contacts.




See previous articles

    

See next articles