Panda Security’s weekly report on viruses and intruders
November 2008 by Panda
This week’s PandaLabs report looks at the BankoLimb.BW and Spammer.AKE Trojans and the Nakhatar.A worm. BankoLimb.BW modifies the Web pages of banks in order to steal users’ passwords when they access the page.
To do this, it registers as a Browser Helper Object (BHO), so it can monitor the pages users visit on the Internet. When a user visits a certain banking Web page, the Trojan injects its HTML code into the page and captures all information entered. This is then sent to the creator of the Trojan.
As if this wasn’t dangerous enough, this Trojan allows remote execution of code permitting an external attacker to control the system.
Spammer.AKE is designed to send junk mail to email addresses from infected computers. Once it has infected a computer, it downloads a file from the Internet containing addresses to spam and the subjects to use. These include:
– Hoje vai ser especial
– Uma longa jornada
– Palavras dos maiorais
– Um seculo de sabedoria
These messages contain a link claiming to point to some photos but which actually take users to a malicious file.
Nakhatar.A. installs on computers disguised as a Windows folder. When run, it closes some security and registry monitoring tools. It also disables other options including the Windows Task Manager.