- Panda Security's weekly report on viruses and intruders -
Virus Alerts, by Panda Security (http://www.pandasecurity.com)
This week's PandaLabs report looks at the Boface.A worm, and the
Nabload.*** TR and Exchanger.T Trojans.
Boface.A spreads through social networks (MySpace and Facebook) by
publishing comments that seem to refer to YouTube videos, but actually
take users to web pages where they will get infected.
To do this, the worm inserts a link in comments posted on both networks
to take users to a fake web page that resembles the actual YouTube site.
When the user tries to watch the video they are encouraged to install
the latest Flash Player version. However, if they do so, they will be
actually letting a copy of the worm into their computers.
Nabload.*** tries to trick users by playing a video of the playboy girl
Kelly Key, while it downloads banker malware in the background in order
to run and install it on the infected system. Once installed on the
computer, the process.exe and orkut.exe files run silently waiting to
collect the user's banking data.
Nabload.*** uses the following link to avoid raising suspicion while the
infection takes place: http://www.youtube.com/watch?v=4CSu1b9IJJ0
Exchanger.T is a Trojan that reaches systems via email in messages like
these: "Madonna admits to extra marital affair", "Dog killed by stray
golf ball", "McCain goes out on negative campaign against Obama", etc.
These messages include a link to an URL that supposedly takes victims to
the news story. However, on accessing it, users are advised to download
an Adobe Flash Player update to watch it. However, the user will
actually install Trj/Exchanger.T, a Trojan designed to download the
Application/AntivirusXP2008 malware to the infected computer. This
malware is a fake antivirus ("Antivirus XP 2008" ) which sends out spam
messages to spread the infection.