Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Panda Security’s weekly report on viruses and intruders

June 2008 by Panda Security

Two dangerous Trojans, Banker.LAX and Peregar.C and the Autocrat.A worm are the subjects of this week’s PandaLabs report.

Banker.LAX is designed to steal bank details. To do so, it downloads a file with numerous bank addresses onto a system and spies on users’ Internet movements. The malicious code then compares the addresses entered in the browser bar with the entries of the file downloaded; if it coincides at least partially, the Trojan’s fraud mechanism is activated.

This mechanism consists of redirecting users to a spoof Internet page, instead of the bank’s original page. Meanwhile, the Trojan gains control of the browser bar and changes the spoof page for the legitimate one, so users don’t suspect anything.

On the spoof page, users are asked to enter their details for accessing the Internet. When they do, an error screen is displayed. Then, the data stolen is sent to the server.

This dangerous malicious code also steals victims’ files and service accounts (MSN Messenger or Outlook).

The Peregar.C Trojan on the other hand, is designed to fool users into installing a false antivirus. The procedure is as follows: when run, the malicious code opens an Internet Explorer window with a search in Youtube to distract users. Meanwhile, it modifies the system so that when users try to open a Windows Explorer or Internet Explorer window, an error screen with the following message is displayed:

"your system is infected with dangerous virus! Note: Strongly recommend to install antispyware program to clean your system and avoid total crash of your computer! Click OK to download the antispyware. . . . .

If users agree to download the anti-spyware, they will actually be downloading the IEAntiVirus adware onto their computer. Additionally, Peregar.C displays false infection pop-ups so users pay to disinfect their system.

The Autocrat.A worm copies itself on every system drive, including flash memories and external drives. The malicious actions it carries out include hiding files, blocking the task manager, etc. In short, it slows the PC down.

See previous articles


See next articles