Courtesy of Panda Security.
This week’s PandaLabs report looks at the Terminator2009 adware, the KillRDLL.A Trojan and the Rimecud.E worm.
Terminator2009 is a fake antivirus (a type of adware). When it runs, it
simulates a scan (although this is started when users click the scanner
It then claims to have detected malware. If users follow the
program’s recommendations, they are redirected to a page where they can
purchase a Premium version of the fake antivirus.
If not, the adware starts displaying warnings to users claiming that the computer is infected and suggesting they purchase the pay version to eliminate these
The overall objective for the creators of this malicious code is to
profit from the sale of pay versions of the fake antivirus.
KillRDLL.A is a Trojan that creates copies of itself every time users
access a directory. This file has a Windows folder icon with a hidden
extension to make users believe it is a folder. It also creates a copy
of itself when users access a subdirectory.
Fake folders use names including:
When run, it opens the Web page of a search engine that dislplays false
Finally, the Rimecud.E worm downloads malware from certain Web pages. It
is designed to send spam messages while it downloads more malware. Being
infected by this worm could result in the user suffering an avalanche of
In order to spread, this worm copies itself to folders of P2P
applications such as Bearshare and eMule. It also spreads through MSN
Messenger. To do so, it sends a copy of the worm to the contacts of the
affected user (if connected).
It also copies itself to the USB devices connected to the computer and
creates an autorun.inf file to be run whenever the infected device is
connected to a computer.
More information about these and other malicious codes is available in
the Panda Security Encyclopedia.
Panda Security has launched a page for users to relate their
experiences with malware (whether they have fallen victim to money or
data theft, etc.). Users who send their comments will receive a free
download of Panda Internet Security 2009 with two months’ services.
Check it out here.