Panda Security’s weekly report on viruses and intruders
April 2009 by Panda
This week’s PandaLabs report looks at SMSlock.A, AVAntispyware and Waledac.AX.
The SMSlock.A Trojan blocks users’ computers and asks for a ransom payment. To do so, once blocked it displays a screen in Russian requesting users to send an SMS with a specific text, which randomly changes, to a phone number
"It is not the first time this type of blackmailer Trojans appear, however, the way in which payment is requested (SMS) is new," explains Luis Corrons, technical director of PandaLabs.
AVAAntiSpyware, on the other hand, is an adware aimed at selling users a fake antivirus. This adware, like all of its kind, simulates a system scan, detecting several malware variants which are really not on the computer.
It then displays a window in which users can purchase a "Premium" version of a product to delete the supposed malware, or continue unprotected. If users decide to continue unprotected, the malicious code starts displaying warnings and windows informing users they are infected, so they purchase the Premium version.
However, if users decide to purchase the pay version, they will be asked to pay a "reasonable" sum. The only difference on activating the pay product is that false detection warnings will disappear in subsequent scans.
Finally, Waledac.AX is a worm that is distributed through the SMTP mail protocol. It sends two types of mails, one to infect victims and another by the way of advertising messages or spam. Below are some of the subjects used:
· Can your health problems be solved
· Give you lover new intimate feeling.
· Which one of enlarhing products really work?
Additionally, it is distributed through different Web pages, one of which offers an application that supposedly allows users to read third-party SMSs. On downloading the application, users actually download the worm onto their computer.
This worm is also designed to steal passwords and email addresses, which it encrypts and sends to different IP addresses.