Panda Security’s weekly report on viruses and intruders
November 2008 by Panda Security
The PCDefender2008 adware, the Downloader.UYC malicious script and the MSNWorm.FH worm are the subject of this week’s PandaLabs report.
PCDefender2008 is a "fake antivirus" adware that reaches computers with the name pcdefender2008Install.exe. Once installed, it simulates a computer scan to make users believe they are infected by dozens of malware samples (image here: ). Its aim is for users to purchase the fake antivirus promoted by this adware. Once the fake scan is over, users are offered the option of neutralizing the supposed infections, and if they accept, a screen is displayed (image here: ) in which users are given two options: to buy the antivirus or remain infected.
On purchasing the product, users are redirected to the Web page of the fake product, created by cyber-crooks. If they do not purchase it, the adware will constantly display reminder messages to infected users, which is extremely annoying.
"As incredible as it may seem, numerous users continue to fall victim to these traps. It is therefore advisable to remember a few basic rules such as not opening emails from unknown senders, and not running files or clicking links in one of those emails, as that is how these fake antiviruses enter computers," explains Luis Corrons, technical director of PandaLabs.
Downloader.UYC is a malicious script designed to download the Downloader.UYD Trojan, which in turn is used to infect computers with other malware. To fool users and conceal its malicious actions, once run on the computer, this script displays a Windows Internet Explorer window.
The Trojan downloaded by Downloader.UYC is also designed to prevent the firewall from blocking the downloading of malware.
MSNPhoto.A is a worm that spreads through MSN Messenger. To do so, it sends a message with an infected file to all the affected users’ contacts so they accept it and become infected.
It also creates a key in the Windows Registry to ensure it is run every time the session is started. Similarly, it disables several functions including the system console and the computer recovery feature, and modifies the host file, preventing access to several Web pages, most of which are IT security-related, so users find it more difficult to remove this worm from their computer.
In addition, PandaLabs has warned about the sending of malicious emails that are using the name of the US president-elect, Barack Obama, as bait to distribute malware.