Panda Security’s weekly report on viruses and intruders
June 2009 by Panda Security
This week’s PandaLabs report looks at the XPDeluxeProtector adware, the Banbra.GII banker Trojan and the Snapper.C worm.
XPDeluxeProtector is a fake antivirus. Like all malicious code of this type, XPDeluxeProtector simulates a system scan and detects viruses that actually do not exist on the computer to make users believe they are infected.
Then, it offers users the option to buy a paid version of the fake antivirus to ‘get rid’ of these non-existent threats. The objective is to gain financial benefits by selling the fake antivirus.
Banbra.GII is a Trojan designed to steal passwords for certain Brazilian banking institutions. To do this, it passes itself off as a legitimate program that asks for the user’s banking details during installation. Besides, it also asks for the user’s matrix card data. All this information is then sent to the cyber-criminal by FTP.
Snapper.C is a worm designed to take snapshots of the infected computer’s screen every 9 seconds. The objective is to watch users’ every move and the passwords they might enter in online services, etc. However, this can have another harmful effect for targeted users, as all those images are stored on the user’s own computer. As the images can be rather large in size, there is the risk that the computer’s memory is soon saturated.
The worm spreads via USB drives and shared folders.
Also, this week PandaLabs has reported how cyber-crooks keep using Twitter, one of the most popular Web 2.0 services, to infect users.
Finally, Panda Security has launched a page for users to relate their experiences with malware (whether they have fallen victim to money or data theft, etc.). Users who send their comments will receive a free download of Panda Internet Security 2009 with two months’ services.