Home » News » Security » MSNHorn.A, Nugache.M, Legmir.ASG Trojan - Panda's Weekly Report - 2007/08/24
Twelve percent of computers with antivirus solutions have active malware and 35 percent have latent malware, i.e. malware that is inactive while the scan is carried out, but that could activate at any time and start taking malicious action.
This data has been obtained from computers scanned with NanoScan at http://www.infectedornot.com. This website also informs about infections
Country Infected PCs stats*
The most important malware samples analyzed by PandaLabs this week are the MSNHorn.A and Nugache.M worms, and the Legmir.ASG Trojan.
MSNHorn.A spreads through MSN Messenger by sending a message with an attached file to the infected user's contacts. When the file is opened,
the recipient is infected and the process begins again.
The messages are sent in different languages (English, French, German, Spanish...). Some examples include: "hihi look at my horny pictures :$"
or "oh my god look at this picture :o wowwww". Cyber-crooks use these messages to tempt users into opening the attached files and infecting
their systems. 'Photo' and 'secretimages' are just a couple of the names of the files.
MSNHorn.A's downloader functions allow it to download numerous malware samples onto computers, including the Inject.K and Torpig.DX Trojans,
designed to steal confidential information.
"The use of instant messaging as a means of spreading worms has significantly increased over recent months. Cyber-crooks have taken
advantage of this method to distribute other malicious code: Trojans, spyware, etc.," explains Luis Corrons, Technical Director at PandaLabs.
Nurech.Z is a worm that spreads in email messages with variable subjects such as; 'hey!', 'OK' and 'here'. With names including, 'self nude.scr'
and 'my pic.sc', the attached file contains a copy of the worm, which when opened, infects users.
This malicious code can also spread by instant messaging and IRC.
The Nugache.M worm starts carrying out malicious actions when it infects computers. It can capture keystrokes and store user credentials. It also
connects to an IRC server and awaits its creator's instructions which include; denial of service attacks, using the infected computer as a Web
server or connecting to an FTP server.
Legmir.ASG is a Trojan that can reach computers in emails or in files downloaded from the Internet. This malicious code is designed to disable
certain antiviruses, allowing it to carry out malicious actions more efficiently. Actions include, creating new entries for the Windows
registry and creating a file that allows it to delete itself.
For more information about these and other computer threats, visit Panda Security's Encyclopedia.