Virus Alerts [Panda Security's weekly report on viruses and intruders - 12/12/08]
This week's PandaLabs report looks at the BankerFox banker Trojan, the
Azero.B virus and the P2PShared.U worm, distributed through a fake
McDonald's email message.
Banker.LAX is designed to steal bank details. To do this, it drops a
library on targeted computers passing itself off as a legitimate Firefox
plug-in. Then, if the user accesses the website of their bank, the
malicious code will capture all the information entered. The malware
creator will then use this information to empty the users' accounts.
This malware can steal passwords from more than one hundred banking
institutions.
"Oddly enough, this Trojan affects Firefox only, whereas cyber-criminals
usually exploit Internet Explorer", says Luis Corrons, technical
director of PandaLabs. "The reason for this is the increasing number of
people who are using this Internet browser. As always, cyber-crooks
target the most popular tools to affect as many users as possible. It
is very likely that we will see more attacks like this in the future."
Azero.B is a virus designed to infect executable files by inserting
malicious code at the beginning of their code. Also, it replaces the
computer wallpaper with an image with the following text: ""Hello
Administrator! If you have seen me you are same as a Fool guy" .
See an image of this wallpaper here:
http://www.flickr.com/photos/panda_security/3101557477/
Also this week PandaLabs has discovered a fake email message that
pretends to be a special Christmas promotion from McDonald's but really
is a bait to spread the P2PShared.U worm.
The message subject is "Mcdonalds wishes you Merry Christmas!" and the
text body reads as follows:
"McDonald's is proud to present our latest discount menu. Simply print
the coupon from this Email and head to your local McDonald's for FREE
giveaways and AWESOME savings."
For more information about this malicious code, go to
http://www.pandasecurity.com/homeusers/media/press-releases/viewnews?not
icia=9476
Finally, PandaLabs has reported a new variant of the Boface worm,
Boface.J, which uses Facebook to spread. More information in the
PandaLabs blog:
http://pandalabs.pandasecurity.com/archive/My-friend-was-a-worm.aspx