Spyware, Viruses, & Security forum

General discussion

[Panda Software's weekly report on viruses and intruders -

by Marianna Schmudlach / June 12, 2005 12:32 AM PDT

- Panda Software's weekly report on viruses and intruders -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

MADRID, June 12, 2005 - This edition of Panda Software's weekly report looks at seven examples of malware: a hacking tool, Amplusnet; two Trojans, Mytob.EN and Downloader.CZR; two worms, Mytob.EP, and Bobax.AO; a spyware program, Smitfraud; and a virus, Smitfraud.A.

Amplusnet is a tool that, although it is a legitimate and useful application, could be used by a malicious user to compromise the privacy of a remote user. It is used to monitor and log the activity of users in certain web sites, logging browsing habits and other types of confidential information and generating reports. This application can be password-protected so that it cannot be view in the Task Manager and is run whenever the system starts up. To do this, it creates key in the System Registry.

Mytob.EN and Mytob.EP are two variants of the numerous Mytob family, which is already one of the biggest organized attacks in the history of the Internet. However, they have very different characteristics: where as Mytob.EP acts in the same way as other variants of Mytob, spreading as an attachment to an email messages and receiving commands via IRC, Mytob.EN is the first variant in this family with the characteristics of a Trojan. It uses techniques associated to online banking fraud or phishing to spread. The Trojan sends out emails that, instead of inserting the malware as an attached file, includes a URL where users that have receive the email message can confirm their account details for a certain entity. This URL actually contains a copy of the Trojan that is downloaded to the computer when users access this web page. Like other variants, this specimen also has backdoor characteristics and ends the processes belonging to antivirus applications.

Bobax.AO and Downloader.CZR launched a joint attack at the end of last week, in which the Trojan Downloader.CZR, distributed manually through several different means, was downloaded to the computer infected by the Bobax.AO worm. This malicious code can be managed remotely, making it extremely versatile. The actions that it can carry out include downloading and running files, mass-mailing spam and even updating itself. This worm spreads using the following means of transmission: the Trojan described earlier, a file attached to an email messages, or by exploiting vulnerabilities in the LSASS process that attack against random IP addresses. What's more, it protects itself by blocking access to certain web pages, the majority of which are related to IT security companies.

Finally, Smitfraud and Smitfraud.A have also coordinated an attack and have managed to spread widely, especially Smitfraud.A. The first is a spyware program that installs itself on the computer without the user realizing and when it is run, it changes the Windows desktop to an image that is similar to the classic Blue Screen Of Death, which advises the user to run an antispyware solution that resolves the problem. This spyware program previously installs the solution PSGuard, which will detect the malware, but the user must register in order to disinfect it. Smitfraud.A is used by the spyware program to infect the wininet.dll file, replacing it with the oleadm32.dll when the system is restarted, among other actions. Smitfraud is another of the examples of malware downloaded by CoolWebSearch, and can infect the computer when viewing web pages with underground or adult content.

For further information about these and other computer threats, visit Panda Software's Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/

Discussion is locked
You are posting a reply to: [Panda Software's weekly report on viruses and intruders -
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: [Panda Software's weekly report on viruses and intruders -
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?