Virus Alerts, by Panda Security (http://www.pandasecurity.com)
This week's PandaLabs report discusses the SaveSoldier fake antivirus and the Ramson.G worm.
The first malware we're looking at this week is another example of malicious programs that pass themselves off as legitimate software applications in order to steal users' money by tricking them into believing that they will eliminate (non-existent) threats. For more information about this type of malicious program, read "The Business of Rogueware" a report on fake antiviruses written by Luis Corrons and Sean-Paul Corell, PandaLabs researchers. This report is available at:
http://www.pandasecurity.com/img/enc/The%20Business%20of%20Rogueware.pdf
This fake antivirus is designed to collect personal and bank details provided by users when they buy it. This malware scans the system searching for infected software (see image in:
http://www.flickr.com/photos/panda_security/3861789296/) and displays an interface which resembles the interface of a typical antivirus program (see image in: http://www.flickr.com/photos/panda_security/3861006503/).
It then asks users to buy and install certain software to resolve problems caused by the malicious software supposedly detected on the computer.
When the fake antivirus 'detects' infected files, it prompts the user to enter a code they will receive when they buy the antivirus pack (see image in: http://www.flickr.com/photos/panda_security/3861006531/). To do so, users are redirected to a page where they can purchase the software using a credit card (see image in:
http://www.flickr.com/photos/panda_security/3861006571/). It also displays several warnings informing about malware problems, registry errors, etc.
The second example of malware in this report is the Ramson.G worm, which appears on screen with the icon of an executable file and constantly launches the Windows taskkill utility to eliminate processes, passing a series of commands. When the computer is restarted, a message in Russian is displayed (see image in:
http://www.flickr.com/photos/panda_security/3861789428/) and a code to access the system is requested. Once the code is entered, it displays another message and restarts the system (see:
http://www.flickr.com/photos/panda_security/3861789446/).
It spreads through mapped, shared and removable drives. It uses its autorun.inf configuration file for malware to self execute through these drives.
More information about these and other malicious codes is available in the Panda Security Encyclopedia http://www.pandasecurity.com/homeusers/security-info/about-malware/encyc
lopedia/.
You can also follow Panda Security's online activity on its Twitter http://twitter.com/Panda_Security and PandaLabs blog (www.pandalabs.com)
This week's PandaLabs report discusses the SaveSoldier fake antivirus and the Ramson.G worm.
The first malware we're looking at this week is another example of malicious programs that pass themselves off as legitimate software applications in order to steal users' money by tricking them into believing that they will eliminate (non-existent) threats. For more information about this type of malicious program, read "The Business of Rogueware" a report on fake antiviruses written by Luis Corrons and Sean-Paul Corell, PandaLabs researchers. This report is available at:
http://www.pandasecurity.com/img/enc/The%20Business%20of%20Rogueware.pdf
This fake antivirus is designed to collect personal and bank details provided by users when they buy it. This malware scans the system searching for infected software (see image in:
http://www.flickr.com/photos/panda_security/3861789296/) and displays an interface which resembles the interface of a typical antivirus program (see image in: http://www.flickr.com/photos/panda_security/3861006503/).
It then asks users to buy and install certain software to resolve problems caused by the malicious software supposedly detected on the computer.
When the fake antivirus 'detects' infected files, it prompts the user to enter a code they will receive when they buy the antivirus pack (see image in: http://www.flickr.com/photos/panda_security/3861006531/). To do so, users are redirected to a page where they can purchase the software using a credit card (see image in:
http://www.flickr.com/photos/panda_security/3861006571/). It also displays several warnings informing about malware problems, registry errors, etc.
The second example of malware in this report is the Ramson.G worm, which appears on screen with the icon of an executable file and constantly launches the Windows taskkill utility to eliminate processes, passing a series of commands. When the computer is restarted, a message in Russian is displayed (see image in:
http://www.flickr.com/photos/panda_security/3861789428/) and a code to access the system is requested. Once the code is entered, it displays another message and restarts the system (see:
http://www.flickr.com/photos/panda_security/3861789446/).
It spreads through mapped, shared and removable drives. It uses its autorun.inf configuration file for malware to self execute through these drives.
More information about these and other malicious codes is available in the Panda Security Encyclopedia http://www.pandasecurity.com/homeusers/security-info/about-malware/encyc
lopedia/.
You can also follow Panda Security's online activity on its Twitter http://twitter.com/Panda_Security and PandaLabs blog (www.pandalabs.com)
Sáb 13 Fev 2010 - 1:08 por Admin
» Ponto G em rato de computador
Sáb 13 Fev 2010 - 1:08 por Admin
» Panda Security's weekly report on viruses and intruders
Sex 22 Jan 2010 - 15:11 por Admin
» Estatísticas - Top 5 Browsers em Portugal
Qua 13 Jan 2010 - 17:36 por Admin
» Informe semanal de Panda Security sobre virus e intrusos
Qui 31 Dez 2009 - 16:15 por Admin
» Proteja o computador de prendas indesejadas
Dom 20 Dez 2009 - 2:54 por Admin
» Upgrades a duas máquinas de 32 e 64 bits
Sáb 28 Nov 2009 - 2:16 por Admin
» Actualize o seu PC para Windows 7
Qua 18 Nov 2009 - 17:33 por Admin
» Firefox faz 5 anos
Seg 9 Nov 2009 - 17:31 por Admin