Courtesy of Panda Security: This week’s PandaLabs report looks at the Banker.LZK banker Trojan, the Volcano Security Suite malware program, and the Koobface.FU worm.
Banker.LZK is distributed through emails with several subjects, and a
malicious file called “Comprovante” (receipt). Once it runs on the system, it connects to a Brazilian IP address and downloads another larger file called “sistema.exe”.
This file when run, goes resident and is concealed from users. It steals users’ bank details when they access certain online banks and enter their credentials. The Trojan connects to a Web page where it stores the data from infected computers (country, network name and time of infection).
Volcano Security Suite is a fake-antivirus-type adware. Like all malware of this kind, when installed on a computer it carries out a fake scan, supposedly detecting several examples of malware.
It tries to make users believe their system is infected, offering them the possibility of solving the problem by purchasing a pay version of the fake antivirus.
Removal help for this malware program is further on in this article.
Finally, Koobface.FU is a worm designed to distribute via Facebook. The first malicious file that reaches computers deletes itself when run, and downloads the rest of the files.
It then displays a false image of the Windows Operating System, where users are asked to enter the characters included in a Captcha, warning them if they don’t, the computer will be restarted in three minutes.
However, if the information is not entered, instead of restarting the computer, the screen remains, preventing normal use of the system.
More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.
Volcano Security Suite Removal Instructions:
If you have become infected by Volcano Security Suite, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.
If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.
The following free resources can provide tools and the advice you will need to attempt removal.
Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.
411 Spyware – a site that specializes in malware removal. I highly recommend this site.
Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
What you can do to reduce the chances of infecting your system with rogue software.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.
Do not click on unsolicited invitations to download software of any kind.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
2 responses so far ↓
server monitoring freeware // November 28, 2009 at 8:16 pm |
I use this free server monitoring tool monitor.mazecore.com
Bill Mullins // November 28, 2009 at 10:53 pm |
Thanks John,
This is a a good tool for those interested in monitoring their web site.
Bill