Virus Alerts, by Panda Security (http://www.pandasecurity.com)
27.19% of computers with a security solution
installed scanned last week were infected. In the case of computers with no protection, this figure rises up to 39.17%.
According to data gathered by PandaLabs, NaviPromo was the most active
malicious code this week followed by the Virtumonde spyware and the
TotalScan Top 10
Of all the new malicious codes appeared this week, PandaLabs looks at
the Banker.KWA Trojan and the Nuwar.ST worm.
Banker.KWA acts a memory-resident backdoor and spreads through several
Internet services. To trick users, it reaches computers with the icon of a .PDF document. Once run, it gives users the option to download a PDF file dealing with a complaint against a mobile phone company.
However, what the Trojan actually does is steal confidential data like
passwords, certifications, etc. from the computer and send it to web
pages it changes at random.
Also, the Trojan disables certain security services that may be running on the computer. To perform all these actions, Banker.KWA downloads a series of files to the system and creates various entries in the Windows registry.
Nuwar.ST is a new variant of the prolific Nuwar family of worms. Like
its predecessors, Nuwar.ST uses infected computers to send out spam. As a result, it seriously slow downs the computer's Internet connection.
This new Nuwar worm spreads by using YouTube videos as bait. To watch
the video, target users are prompted to download a codec which actually contains the worm.
Also, Nuwar.ST uses a rootkit to hide its presence on the computer.
"It seems that this worm's creators have chosen the perfect bait to make it appear in blogs or forums, as these usually include YouTube videos.
Funny enough, this worm's authors have called the fake codec StormCodec.
This is quite meaningful, as the Nuwar family of worms is also known as Storm", explains Luis Corrons, Technical Director of PandaLabs.