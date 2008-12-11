Virus Alerts [Panda Security's weekly report on viruses and intruders - 12/12/08]



This week's PandaLabs report looks at the BankerFox banker Trojan, the

Azero.B virus and the P2PShared.U worm, distributed through a fake

McDonald's email message.



Banker.LAX is designed to steal bank details. To do this, it drops a

library on targeted computers passing itself off as a legitimate Firefox

plug-in. Then, if the user accesses the website of their bank, the

malicious code will capture all the information entered. The malware

creator will then use this information to empty the users' accounts.

This malware can steal passwords from more than one hundred banking

institutions.



"Oddly enough, this Trojan affects Firefox only, whereas cyber-criminals

usually exploit Internet Explorer", says Luis Corrons, technical

director of PandaLabs. "The reason for this is the increasing number of

people who are using this Internet browser. As always, cyber-crooks

target the most popular tools to affect as many users as possible. It

is very likely that we will see more attacks like this in the future."



Azero.B is a virus designed to infect executable files by inserting

malicious code at the beginning of their code. Also, it replaces the

computer wallpaper with an image with the following text: ""Hello

Administrator! If you have seen me you are same as a Fool guy" .



See an image of this wallpaper here:

http://www.flickr.com/photos/panda_security/3101557477/



Also this week PandaLabs has discovered a fake email message that

pretends to be a special Christmas promotion from McDonald's but really

is a bait to spread the P2PShared.U worm.



The message subject is "Mcdonalds wishes you Merry Christmas!" and the

text body reads as follows:



"McDonald's is proud to present our latest discount menu. Simply print

the coupon from this Email and head to your local McDonald's for FREE

giveaways and AWESOME savings."



For more information about this malicious code, go to

http://www.pandasecurity.com/homeusers/media/press-releases/viewnews?not

icia=9476



Finally, PandaLabs has reported a new variant of the Boface worm,

Boface.J, which uses Facebook to spread. More information in the

PandaLabs blog:

http://pandalabs.pandasecurity.com/archive/My-friend-was-a-worm.aspx