This weeks’ PandaLabs report looks at Nukulus.A, a Trojan designed to steal users’ data, and the Winko.A and Addon.A worms. Also, this week Microsoft has published six security patches to fix several vulnerabilities in the company’s products.
Nukulus.A is a dangerous Trojan capable of stealing all types of confidential information: banking data, information entered in Web forms, local certificates, etc. It can also redirect certain Web addresses to malicious web pages designed to perform online fraud. This way, the Trojan tries to obtain users’ confidential data.
“This is an attempt to combine the Trojan’s capability to steal passwords with a phishing attack. By doing this, cyber-crooks try to increase the probability of success”, explains Luis Corrons, Technical Director of PandaLabs. The Trojan is also designed to download updates of itself from the Internet, as well as other malicious files. Plus, it creates several Windows registry entries, one of which makes sure it is run on every restart.
Winko.A is a worm designed to download other malicious codes onto the affected computer, including dangerous password stealing Trojans like QQRob and Lineage. It also downloads adware, like Alexa, onto infected computers. The worm creates several copies of itself on the system and tries to spread by copying itself to all drives available (hard disks, USB, etc.)
Addon.A is a worm that spreads in a file called Foto_celular.zip. When run, it installs another malicious file and a vulnerable version of the ntoskrnl.exe file, which replaces the one on the system. This vulnerability could be exploited by an attacker to take control of the infected computer with administrator rights. Addon.A runs whenever the computer is restarted.
As with every second Tuesday of the month, Microsoft has published a series of security patches. This time, the company has released six bulletins (MS07-036 to MS07-041): three ‘critical’, two ‘important’ and one ‘moderate’. The fixes apply to such widely used services as Microsoft Excel or the Windows Vista firewall.