Virus Alerts, by Panda Security (http://www.pandasecurity.com)
Madrid, December 28, 2007 - According to data gathered at the Infected
or Not website (http://www.infectedornot.com) this week, 10.25% of
computers scanned were infected with some type of malicious code.
"Unlike latent malware, which just lies dormant on the system, active
malware is taking malicious actions, so it is far more dangerous to
users. For that reason, and even though it is advisable to keep
computers free of all malicious code, it is fundamental to make sure
that there are no active threats on the computer before taking any
actions that might compromise the safety of confidential data, such as
accessing online banking services", says Luis Corrons, Technical
Director of PandaLabs.
As for the most harmful malware strains this week, the list is headed by
the Virtumonde spyware and the NaviPromo and VideoAddon adware.
As for the new samples that appeared this week, today's PandaLabs report
looks at the MsnChristmas.A worm, and the Yahmail.A and Banbra.FEM
The MsnChristmas.A worm spreads to Messenger contacts in messages like
"Christmas photo! :D", "vengo de fi este foto" or "Hey i que hace el"
which contain an infected attachment called "img2007-12.JPEG.scr". If
the recipient of the message runs the file, the worm will install on the
Yahmail.A is a Trojan that can either be dropped on the system by other
malware or sent in a spam message. This malicious code is designed to
steal user names and passwords for the Yahoo! instant messaging
application and send them to a certain Internet address.
Once installed on the target computer, Yahmail.A creates several copies
of itself on the system and inserts a series of entries in the Windows
registry. This way, it ensures it is run every time the system is
Finally, Banbra.FEM is a banker Trojan, designed to steal login data for
certain online banking services and Internet payment platforms.