Panda Security’s weekly report on viruses and intruders
January 2010 by Marc Jacob
This week’s PandaLabs report deals with a worm and a backdoor Trojan.
The Faketube.A worm spreads via email. The message includes a link to access an erotic video. Some of the message subjects are: "Giga Video Movie Britney Spirs and 8 Beverage Andorran" and "Stimulating Image Britney Spirs and One Manifest South Korean". If users click the link, the browser opens and a fraudulent website is displayed, which resembles YouTube. Additionally, users are asked to update their flash player version to see the video.
If they accept, the worm is downloaded.
Zapchast.EX is a backdoor Trojan that spreads using a fake Christmas card. In order to view the card, users are asked to install a special version of flash player which is really the Trojan. Once Zapchast.EX is installed on the system, it establishes connections with several IP addresses, awaiting orders and gathering user information.