Virus Alerts, by Panda Security (http://www.pandasecurity.com)
PandaLabs' latest weekly report provides information about the
WistaAntivirus adware, and the Buzus.AL and Fractalove.A worms.
WistaAntivirus passes itself off as an antivirus to fool users. When
run, the malicious code displays a screen informing users their PC is
infected, which is untrue (image here:
http://www.flickr.com/photos/9696103@N03/2657324821/). To disinfect the
system, users are invited to download anti-spyware software. If they
don't, the system connects to a Web page and simulates an online
computer scan, once again informing users about non-existent infections.
The adware's objective is purely financial: it makes users believe they
are infected so they 'purchase' the antivirus proposed by the malicious
Buzus.AL is a worm with bot functions, designed to steal all sorts of
credentials and send them to its creator via FTP. To infect more
computers, it tries to spread through different channels (shared
folders, removable drives, etc.).
Fractalove.A is a worm that spreads through email. To fool users, it
passes itself off as a screensaver by the name of to_my_love.scr. If
users download and run the file, they will be infected. To divert users'
attention, it displays a screensaver with red fractals while it is
installed on the computer. e.g.
This worm has keylogger functions; once on the computer, it steals
confidential information and sends it to its creator. The data stolen
includes IM passwords, mailbox passwords and passwords of programs like
webmoney, etc. Fractalove.A uses the information obtained on IM programs
and via mail, to be sent through those channels and infect new users.
Further information about these threats is available on the PandaLabs