Virus Alerts – Panda Security’s June 26, 2009 Report on Viruses and Intruders

Courtesy of Panda Security.

This week’s PandaLabs report looks at the Terminator2009 adware, the KillRDLL.A Trojan and the Rimecud.E worm.

Terminator2009 is a fake antivirus (a type of adware). When it runs, it
simulates a scan (although this is started when users click the scanner
button).

It then claims to have detected malware. If users follow the
program’s recommendations, they are redirected to a page where they can
purchase a Premium version of the fake antivirus.

If not, the adware starts displaying warnings to users claiming that the computer is infected and suggesting they purchase the pay version to eliminate these
(non-existent) threats.

The overall objective for the creators of this malicious code is to
profit from the sale of pay versions of the fake antivirus.

image

KillRDLL.A is a Trojan that creates copies of itself every time users
access a directory. This file has a Windows folder icon with a hidden
extension to make users believe it is a folder. It also creates a copy
of itself when users access a subdirectory.

Fake folders use names including:
Angelina Jolie
Clips
Documents
Favorites
Flash Games
Games
My Documents
My Folder
Picture
Video
WallPapers

When run, it opens the Web page of a search engine that dislplays false
results.

image

Finally, the Rimecud.E worm downloads malware from certain Web pages. It
is designed to send spam messages while it downloads more malware. Being
infected by this worm could result in the user suffering an avalanche of
malicious programs.

In order to spread, this worm copies itself to folders of P2P
applications such as Bearshare and eMule. It also spreads through MSN
Messenger. To do so, it sends a copy of the worm to the contacts of the
affected user (if connected).

It also copies itself to the USB devices connected to the computer and
creates an autorun.inf file to be run whenever the infected device is
connected to a computer.

More information about these and other malicious codes is available in
the Panda Security Encyclopedia.

Panda Security has launched a page for users to relate their
experiences with malware (whether they have fallen victim to money or
data theft, etc.). Users who send their comments will receive a free
download of Panda Internet Security 2009 with two months’ services.
Check it out here.

About these ads

4 Comments

Filed under Don't Get Hacked, Interconnectivity, Internet Safety, Malware Advisories, Panda Security, PandaLabs, Rogue Software, System Security, Windows Tips and Tools