Panda Security’s weekly report on viruses and intruders
November 2008 by Panda
Two Trojans, Gimmiv.A and Aidreden.A, and theP2PShared.P worm are the subject of this week’s PandaLabs report.
Gimmiv.A allows its creator to take full control of infected systems.
Once a computer has been infected, the Trojan starts gathering the following information:
– User names and passwords entered in web pages.
– MSN Messenger passwords
– Outlook Express passwords
– System user name
– Computer name
– Patches installed
– Information about the browser
All stolen information is encrypted using the Advanced Encryption Standard (AES) and sent to a remote server.
Aidreden.A is a Trojan designed to dupe users into buying a fake antivirus. To do this, it modifies the Host file on the infected computer so that users that visit certain Web pages are taken to a fake Microsoft web page and encouraged to download an anti-spyware software (see image here: http://www.flickr.com/photos/panda_security/2989258406/).
Finally, P2PShared.P is a worm with bot features that steals password for all kinds of programs, applications, email and even banking details. All this information is then sent to cyber-crooks.
Once run, it copies itself to the system and all the P2P file sharing directories under names like:
Windows Live Password reveal.exe
Leona-Lewis-Bleeding-love.mp3.www-freemp3s.com
eMule-0-48a-VeryCD080902-Update.exe
MsnCleaner.exe