Virus Alerts, by Panda Security (http://www.pandasecurity.com)
This week's PandaLabs report provides information about the Banbra.FXT,
Pushdo.C and Agent.JEN Trojans, as well as a series of emails that
inform about a false accident suffered by the F1 racer Fernando Alonso
to spread the Banker.LGC Trojan.
Banbra.FXT reaches computers by email and passes itself off as a warning
from Brazil's Federal Ministry (see photo here:
information about a supposed investigation, the email encourages users
to open an attached .Zip file.
However, if the user downloads and runs the file, they will be
introducing a Trojan into their computer. The Trojan loads several
services to the system in order to monitor users' access to the web
pages of some Brazilian banks and steal the confidential data they enter
(passwords, account numbers, etc.).
The Pushdo.C Trojan is designed to steal confidential data and send it
to different servers to make it available to its creator. The data sent
includes the infected computer's IP address, whether the infected user
has administrator permissions or not, the hard disk serial number, the
hard disk file system, etc.
The danger to the infected computer increases as the malicious code is
also designed to download other malware strains from the same servers it
sends information to.
The Agent.JEN Trojan spreads in emails that inform users about UPS'
inability to deliver a package. These emails use subjects such as "UPS
packet N3621583925". The message body informs the recipient that it was
impossible to deliver a postal package sent by them and encourages them
to print out a copy of the attached invoice copy.
The invoice is included in an attached ".zip" file that contains an
executable file disguised as a Microsoft Word document with names like
"UPS_invoice". However, if the targeted user runs the file, they will
be saving a copy of the Trojan to their computer.
This malicious code copies itself to the system, replacing the
Userinit.exe file in the Windows operating system. This file runs the
Internet Explorer browser, the system interface and other essential
processes. For the computer to continue working properly and to avoid
raising suspicion of the infection, the Trojan copies the actual system
file to another location under the name userini.exe.
Finally, Agent.JEN connects to a Russian domain (already used by other
banker Trojans) and uses it to send a request to a German domain to
download a rootkit and an adware detected by PandaLabs as Agent.JEP and
More information here:
PandaLabs has also reported a series of emails that informed about a
false car crash suffered by the F1 racer Fernando Alonso in order to
spread the Banker.LGC Trojan. More information here: