Virus Alerts – Panda Security’s July 17, 2009 Report on Viruses and Intruders

Courtesy of Panda Security. Panda Security’s weekly report on viruses and intruders.

This week’s PandaLabs report looks at the MyDoom.HN and Sohanat.IM worms, and the PCSecurity2009 fake antivirus.

MyDoom.HN is a worm designed to launch Distributed Denial of Service attacks (DDos) to American and South Korean websites. Additionally, if the system date is later than July 10 it damages the affected computer’s hard disk, rendering it unusable. To do so, it overwrites the initial sectors of the hard disk with junk bytes. It also deletes the MBR (Master Boot Record).

This malicious code reaches users’ computers through emails with subjects related to July 4, Independence Day (United States).

PCSecurity2009 is a fake antivirus type of adware. When installed on the computer, this adware, like all of its kind, simulates a system scan, detecting dozens of malware samples which are really not on the computer. In this case, it also modifies the Windows Security Center so it indicates that the antivirus protection is disabled.

Once the scan is complete, it encourages users into registering the antivirus and purchasing a complete pay version to eliminate the non-existent threats. Its objective is to profit financially from those sales.

Finally, the Sohanat.IM worm spreads through external devices. Once it has infected a computer, this malicious code adds a copy of itself in several paths and removable drives.

Additionally, in order to run every time a session is started, it creates several entries in the Windows Registry.

More information about these and other malicious codes is available in the Panda Security Encyclopedia.

You can follow Panda Security’s activity online on Twitter, and the PandaLabs blog.

If you enjoyed this article, why not subscribe to this blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.