Panda Security’s weekly report on viruses and intruders
December 2008 by Panda
This week’s PandaLabs report includes information about the adware Antivirus360, the Sinowal.VXR banker Trojan and the virus Salit.AN.
Antivirus360 is a fake antivirus. As with all this type of malware, this example is designed to make users believe that their computers are infected and then try to sell them a version of the fake antivirus.
If users decide to buy the product, they will see a Web page on which they can enter their payment details.
Sinowal.VXR is designed to steal bank passwords and send them to its creators, allowing them to steal money from users’ accounts. To obtain this information, Sinowal.VXR monitors users’ activity on the Internet and when they access certain bank Web pages, the Trojan redirects them to a spoof page. There they will be asked for a series of data including their user name and password, as well as other memorable information such as their favorite film, book or destination.
"The reason for collecting this extra information is that cyber-crooks can then access the user’s email accounts or similar services which often use these type of questions in the event that the user has forgotten their password", explains Luis Corrons, technical director of PandaLabs.
The information is encrypted and sent via HTTP POST to an external server which saves all the data gathered.
Salita.AN is a virus with a malicious payload that prevents the computer from functioning correctly. It stops Internet Explorer from working in offline mode, it disables access to the Windows Registry and Task Manager, and deactivates warnings from the "Windows Security Center". It also deletes Windows Registry entries related with safe mode, to prevent accessing the system in this way.
The virus spreads by copying itself to all system drives, USB devices and shared drives.