The RegisteredLetter.A worm and the ZLFake.A backdoor are the focus of this week’s PandaLabs report, which also covers the latest security patches released by Microsoft. RegisteredLetter.A is designed to make a series of changes on infected computers: it changes Internet Explorer’s home page and modifies the browser’s list of trusted sites, adding new pages to it.
In addition, it makes changes to the Windows registry. For example, if the user tries to access the “My Pictures” folder, they are redirected to a web page that looks the same as the folder. RegisteredLetter.A has its own SMTP and dialer engine. This allows it to send out emails with a link that takes victims to a page that downloads a copy of the worm. This email is sent to all the contacts in the infected computer’s Microsoft Outlook address book.
ZLFake.A is a backdoor. On reaching computers, it connects to a certain web page in order to inform its creator that it has infected a system. This malicious code is not memory resident, which would make it easier to detect, but runs every hour, staying active for just one minute.
Finally, Microsoft has published nine security patches last week to fix vulnerabilities in several of its products. Six of these patches have been rated “critical”, whereas the other three have been classified as “important”.