Home » News » Security » Nabload.COQ, Wallpaper.C Trojans and MSNWorm.BB worm - Panda's Weekly Report - 2007/11/26
The Nabload.COQ, Wallpaper.C Trojans and the MSNWorm.BB worm are the PandaLabs' this week report focus.
The Nabload.COQ Trojan spreads through mails that trick users into watching a YouTube video that parodies the confrontation between the King of Spain and the Venezuelan president, Hugo Chavez, during the latest Latin American summit. When users click the link, they introduce a copy of the malware on their computer. To fool users, the Trojan displays a YouTube video while downloading malware onto the system (the Banbra.FCK Trojan or the Banker.JSA worm).
The second malicious code captures the access credentials of specific online banks; when users try to visit the bank's legitimate site, it displays a spoof web page and sends the passwords entered by users to malware creators.
Banker.JSA can also spread through instant messaging programs. To do so, it sends a message to all the infected user's MSN Messenger contacts, with a link and text such as: "vistes las fotos que se sacaron los chicos?" and "sabes de que se trata esto?". When users click on the link, they download a copy of the worm on the system.
Banker.JSA is also designed to copy itself onto P2P program folders using names such as, "Call_Of_Duty_2_" or "The_Sims_Deluxe_" and spread through the network.
The Wallpaper.C Trojan, however, reaches computers with a Windows folder icon. It makes several copies of itself on the computer, and creates several new entries in the Windows Registry. One of the registries allows it to run with every system restart, whilst others allow it to conceal the Search option in the Start menu, the Folder options and other system applications.
Wallpaper.C replaces the system screen background for a new one with a picture of animals.
MSNWorm.BB spreads by sending a message with a link to the infected user's MSN Messenger contacts. When users click on the link, they download a copy of the worm onto their computer.
"Instant messaging has become one of the main sources of malware distribution. Cyber-crooks know that these applications are becoming increasingly popular and are therefore useful for reaching a large number of people. To avoid being infected, users are advised to type addresses directly into the browser bar instead of clicking on links," explains Luis Corrons, Technical Director of PandaLabs.
» Aiphone.A, Hairy.A, PornWorm.A - Panda's Weekly Report - 2007/07/06
» Artesimda Trojan, Rinbot.Q, Spamta.WF, SpamtaLoad.DW - Panda's Weekly Report - 2007/04/20
» Bankey.A, BankFake.A, Ketawa.A, Opticibot.A, Braban.F - Panda's Weekly Report - 2007/06/01
» Ldpinch.ZO, PhoneStealer.A, StealAll.A Trojans - Panda's Weekly Report - 2007/03/23