Panda Security’s August 7, 2009 Report on Viruses and Intruders

Courtesy of Panda Security. Panda Security’s weekly report on viruses and intruders.

This week’s PandaLabs report looks at the Lineage.LAS worm and the SecretService fake antivirus.

The Lineage.LAS worm spreads through mapped drives. It copies itself to several folders and downloads a malicious file. It also creates a file called Autorun.inf which allows it to run every time the user opens a folder.

Additionally, it modifies the Windows registry to run on every system restart. One of the malicious actions the worm carries out on infected computers is to prevent users from viewing hidden files and folders.

SecretService is yet another example of the now widely spread fake antiviruses. This malicious code tries to trick users into believing their computer is infected. To do this, it generates numerous junk files, and offers users the possibility of buying an antivirus solution through an online transaction to remove them. This way, it steals users’ credit card details.


SecretService carries out a fake computer scan, displaying an undetermined number of problems, and offers users the possibility of installing security software.


Once installed, SecretService’s interface looks very similar to that of traditional antiviruses, even displaying the Windows Security Center page.


SecretService can also display fake warnings reporting malicious files, registry errors, etc.


These warnings are accompanied by a very characteristic sound. Other actions it carries out to make users believe they are infected include modifying the computer wallpaper.


To make the program look more authentic, it inserts an icon in the browser taskbar.


Finally, it displays a screen which requires the software to be upgraded to its paid version in order to eliminate all threats. Then, if users enter their banking details, they will be stolen.


This fake antivirus reaches computers when users access a malicious web page and agree to install the program.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on Twitter, and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Don't Get Scammed, Don't Get Hacked, Interconnectivity, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Panda Security, PandaLabs, Rogue Software, scareware, Spyware - Adware Protection, trojans, Viruses, Windows Tips and Tools, worms

4 responses to “Panda Security’s August 7, 2009 Report on Viruses and Intruders

  1. Pingback: Panda Security's August 7, 2009 Report on Viruses and Intruders …

  2. Pingback: Panda Security's August 7, 2009 Report on Viruses and Intruders … « Security

  3. Pingback: Panda Security's August 7, 2009 Report on Viruses and Intruders … « Security

  4. I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.