Panda Security’s weekly report on viruses and intruders
February 2009 by Marc Jacob
This week’s PandaLabs report looks at the adware Anti-Virus-1, the Pinit.B worm and the Werly.A virus. Anti-Virus-1 is adware, specifically a "fake antivirus". As with all such adware, it is designed to simulate a scan of the computer, supposedly detecting thousands of strains of (non-existent) malware. The end aim is to sell users a pay version of the fake antivirus in order to eliminate the threats.
When run, this adware warns the user that the computer is not protected. The main screen displayed is a spoof of the Window Security Center (see image: http://www.flickr.com/photos/panda_security/3313653378/)
It then pretends to scan the system for malware. If users do not immediately take the bait and buy the pay version of the fake antivirus, the malicious code will sporadically display a message reminding the user that the computer is infected.
In warning messages, and after the fake scan, a link is provided from which users can download the fake antivirus.
Additionally, when infected users visit certain Web pages with comparative reviews of antivirus products, there will be redirected to a spoof page showing a review of an ‘antivirus’, called Antivirus2010, with functions and characteristics similar to Anti-Virus-1.
"By doing this, cyber-crooks hope that users will download this adware on their own initiative. This makes it far less likely that users will suspect that they have been infected and consequently more likely that they will buy the fake antivirus", explains Luis Corrons, Technical Director of PandaLabs.
Pinit.B. is a worm that displays the following screen after infecting a computer.
This worm makes a series of changes to the Windows Explorer settings. It also allows its creator to connect to the computer through Terminal Server.
Pinit.B can spread through shared and removable drives.
Werly.A, is a virus designed to infect executable (.exe) files. It is also designed to delete files with certain extensions, including DOC, TXT, XLS and ZIP.