Panda Security’s weekly report on viruses and intruders
June 2009 by Panda
This week’s PandaLabs report looks at the Terminator2009 adware, the KillRDLL.A Trojan and the Rimecud.E worm. Terminator2009 is a fake antivirus (a type of adware). When it runs, it simulates a scan (although this is started when users click the scanner button). It then claims to have detected malware. If users follow the program’s recommendations, they are redirected to a page where they can purchase a Premium version of the fake antivirus. If not, the adware starts displaying warnings to users claiming that the computer is infected and suggesting they purchase the pay version to eliminate these (non-existent) threats.
The overall objective for the creators of this malicious code is to profit from the sale of pay versions of the fake antivirus.
KillRDLL.A is a Trojan that creates copies of itself every time users access a directory. This file has a Windows folder icon with a hidden extension to make users believe it is a folder. It also creates a copy of itself when users access a subdirectory.
Fake folders use names including:
· Angelina Jolie
· Clips
· Documents
· Favorites
· Flash Games
· Games
· My Documents
· My Folder
· Picture
· Video
· WallPapers
When run, it opens the Web page of a search engine that dislplays false results.
Finally, the Rimecud.E worm downloads malware from certain Web pages. It is designed to send spam messages while it downloads more malware. Being infected by this worm could result in the user suffering an avalanche of malicious programs.
In order to spread, this worm copies itself to folders of P2P applications such as Bearshare and eMule. It also spreads through MSN Messenger. To do so, it sends a copy of the worm to the contacts of the affected user (if connected).
It also copies itself to the USB devices connected to the computer and creates an autorun.inf file to be run whenever the infected device is connected to a computer.
Finally, Panda Security has launched a page for users to relate their experiences with malware (whether they have fallen victim to money or data theft, etc.). Users who send their comments will receive a free download of Panda Internet Security 2009 with two months’ services.