Virus Alerts, by Panda Security (http://www.pandasecurity.com)
This week's PandaLabs report looks at the Lydra.AO Trojan, the Redvoz.A
backdoor Trojan and the Autorun.AHS worm.
Lydra.AO records users' activity on the infected computer and sends it
to the malware author. To do so, it remains active in the Windows memory
and starts capturing keystrokes and mouse movements. It also collects
email addresses found in files with certain extensions.
It stores the information gathered, together with the PC hardware and
software data, and sends it to the malware author via email. To do so,
it uses its own SMTP or MAPI engine.
Redvoz.A is a backdoor Trojan that connects to a remote server, which
allows the creator to run arbitrary commands on the infected computer
and take control of the system.
This new malicious code creates a system service for managing network
policies displayed by default by system services and third-party
applications. This service is run continuously and cannot be stopped,
making it difficult to remove. As the service is in a loop, the threat
is recreated if it is deleted.
Autorun.AHS is a worm designed to spread through the floppy disk drive.
When run on the computer, it modifies specific Registry entries to make
it seem as though the Task Manager, Windows Registry, Folder options and
Explorer files have been enabled. What it really does though, is replace
the Internet Explorer start page for a malicious page. It also modifies
the Windows Registry to run on every system startup.
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic