Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 888

Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 1913

Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 1985
MSNHorn.A, Nugache.M, Legmir.ASG Trojan - Panda's Weekly Report - 2007/08/24 - DownloadForge
 
Home » News » Security » MSNHorn.A, Nugache.M, Legmir.ASG Trojan - Panda's Weekly Report - 2007/08/24


MSNHorn.A, Nugache.M, Legmir.ASG Trojan - Panda's Weekly Report - 2007/08/24

Security News | 28-Aug-2007
Views 1525 | Rating 
 | Rate it! 

Twelve percent of computers with antivirus solutions have active malware and 35 percent have latent malware, i.e. malware that is inactive while the scan is carried out, but that could activate at any time and start taking malicious action.

This data has been obtained from computers scanned with NanoScan at http://www.infectedornot.com. This website also informs about infections
per country.


Country Infected PCs stats*
France 25.10%
Spain 17.68%
USA 18.07%
Germany 16.67%


The most important malware samples analyzed by PandaLabs this week are the MSNHorn.A and Nugache.M worms, and the Legmir.ASG Trojan.

MSNHorn.A spreads through MSN Messenger by sending a message with an attached file to the infected user's contacts. When the file is opened,
the recipient is infected and the process begins again.

The messages are sent in different languages (English, French, German, Spanish...). Some examples include: "hihi look at my horny pictures :$"
or "oh my god look at this picture :o wowwww". Cyber-crooks use these messages to tempt users into opening the attached files and infecting
their systems. 'Photo' and 'secretimages' are just a couple of the names of the files.

MSNHorn.A's downloader functions allow it to download numerous malware samples onto computers, including the Inject.K and Torpig.DX Trojans,
designed to steal confidential information.

"The use of instant messaging as a means of spreading worms has significantly increased over recent months. Cyber-crooks have taken
advantage of this method to distribute other malicious code: Trojans, spyware, etc.," explains Luis Corrons, Technical Director at PandaLabs.

Nurech.Z is a worm that spreads in email messages with variable subjects such as; 'hey!', 'OK' and 'here'. With names including, 'self nude.scr'
and 'my pic.sc', the attached file contains a copy of the worm, which when opened, infects users.

This malicious code can also spread by instant messaging and IRC.

The Nugache.M worm starts carrying out malicious actions when it infects computers. It can capture keystrokes and store user credentials. It also
connects to an IRC server and awaits its creator's instructions which include; denial of service attacks, using the infected computer as a Web
server or connecting to an FTP server.

Legmir.ASG is a Trojan that can reach computers in emails or in files downloaded from the Internet. This malicious code is designed to disable
certain antiviruses, allowing it to carry out malicious actions more efficiently. Actions include, creating new entries for the Windows
registry and creating a file that allows it to delete itself.

For more information about these and other computer threats, visit Panda Security's Encyclopedia.
 


Todays's Headlines
Related news:
 
 
 
Copyright @2005-2011 InsideMedia SRL. All rights reserved.
Copyright informations | Terms of use | Privacy policy | Contact us | Help center | Gazduire web