Virus Alerts [Panda Security's weekly report on viruses and intruders - 02/15/08]
Madrid, February 15, 2008 - Over 28% of computers scanned over the last
week at the Infected or Not website (http://www.infectedornot.com) were
infected with malware, despite having an up-to-date security solution
"Traditional security solutions are no longer enough to fight off the
increasing number of malware samples that appear every day. These
solutions need to be complemented with online tools such as TotalScan,
capable of accessing a larger knowledge base and detecting much more
malicious code," explains Luis Corrons, Technical Director of PandaLabs.
As for the most active codes this week, the list is headed by the
spyware program Virtumonde, followed by two adware samples: NaviPromo
Most active malware:
"Adware is a type of malware designed to show users unwanted advertising
while they surf the Net," explains Luis Corrons, who also claims that:
"users must be careful, since apart from being annoying, they could have
been created to steal users' confidential data, compromising their
Of the thousands of malicious code that appeared this week, PandaLabs
focuses on the Resentment.A and Nuwar.QI worms.
The first reaches computers disguised as a Windows folder. When run, it
displays an error message and opens a Notepad file. It simultaneously
creates several copies of itself on the system and edits a key in the
Windows Registry to ensure it is run every time a session is started. It
also replaces the Internet Explorer start page for a fake error page.
When users click on "actualizar" (update) the worm sends an email via a
"The surprising thing is that the email is sent to a specific company,
indicating that two employees' should be fired. This raises suspicions
of personal quarrels between the worm distributor and the staff in
question," comments Corrons.
Nuwar.QI on the other hand, is a worm designed to send spam. To do so,
it uses users' PCs as servers, causing them to slow down.
The emails use romantic subjects - which are especially effective since they were distributed on Valentine's day - to tempt users into opening the attached file. If they do, users will view a romantic card while downloading a copy of the worm.