This week’s PandaLabs report looks at two very dangerous worms: Dotex.A and SpreadBanker.A, as well as the six security patches published by Microsoft to fix up to fifteen vulnerabilities in many of the company’s applications.
Once run on a computer, Dotex.A connects to a web page from which it downloads two malware strains: the QQPass.AFD worm and the QQRob.OI Trojan which, in turn, connect to another web page and download several variants of the Lineage family onto the infected computer.
Dotex.A copies itself as a hidden file to several directories and mapped drives on the infected system. The worm deletes several entries in the Windows registry and modifies others. One of these changes aims at preventing hidden files from being displayed, thus making the worm’s copies invisible to users.
The second worm is SpreadBanker.A, which uses a YouTube video to conceal its activity. The worm is made up of two components. When the user runs the first one, it connects to the YouTube site and shows a video. At the same time, it connects to another website and downloads the second component, which performs a series of malicious actions.
This worm is designed to steal login details for several online banks and passwords for online games such as Age Of Mythology, GTA, Unreal Tournament, WarCraft or Final Fantasy.
"Theft of passwords for online games is becoming increasingly popular. The difficulty of getting points, add-ons and other ‘premium content’ for these games make some people willing to pay for them. This is used by cyber-criminals to profit by selling passwords from registered users with high scores,” explains Luis Corrons, Technical Director of PandaLabs.
Finally, this week, Microsoft has published six security patches to fix fifteen vulnerabilities in their applications. Four of these patches are classified as ‘critical’. The first one resolves a security flaw in Windows Schannel, whereas the other is a cumulative patch that fixes past vulnerabilities in Internet Explorer plus six new flaws that could allow remote code execution on affected computers.
The third patch, also rated as critical, is a cumulative patch that fixes known vulnerabilities in Outlook Express and Windows Mail and resolves four new security flaws in these programs, which could allow remote attackers to take control of affected computers. The fourth critical patch fixes a vulnerability in the Win32 API that could allow remote code execution.
As for the rest of patches, one has been classified as ‘important’ and affects Microsoft Visio 2002 and 2003, and the other has been classified as ‘moderate’ and resolves a vulnerability in Windows Vista that could allow users without privileges to access data stored by local users.