Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Panda Security’s weekly report on viruses and intruders

November 2008 by Panda Security

Two Trojans, Gimmiv.A and Aidreden.A, and theP2PShared.P worm are the subject of this week’s PandaLabs report.

Gimmiv.A allows its creator to take full control of infected systems.

Once a computer has been infected, the Trojan starts gathering the following information:

- User names and passwords entered in web pages.

- MSN Messenger passwords

- Outlook Express passwords

- System user name

- Computer name

- Patches installed

- Information about the browser

All stolen information is encrypted using the Advanced Encryption Standard (AES) and sent to a remote server.

Aidreden.A is a Trojan designed to dupe users into buying a fake antivirus. To do this, it modifies the Host file on the infected computer so that users that visit certain Web pages are taken to a fake Microsoft web page and encouraged to download an anti-spyware software (see image here: http://www.flickr.com/photos/panda_security/2989258406/).

Finally, P2PShared.P is a worm with bot features that steals password for all kinds of programs, applications, email and even banking details. All this information is then sent to cyber-crooks.

Once run, it copies itself to the system and all the P2P file sharing directories under names like:

Windows Live Password reveal.exe

Leona-Lewis-Bleeding-love.mp3.www-freemp3s.com

eMule-0-48a-VeryCD080902-Update.exe

MsnCleaner.exe




See previous articles

    

See next articles