PUPs (Potentially Unwanted Programs) are becoming an increasing threat according to data compiled from the Infected or Not website (http://www.infectedornot.com). This week, the five malicious codes most frequently detected by NanoScan and TotalScan were PUPs. PUPs are programs installed without the user’s consent and, due to their characteristics, can affect the user’s control over their privacy, confidentiality and computer resource usage.
The top 10 threats were: PUP MyWebSearch; PUP FunWeb; PUP Processor; PUP HideWindow.S; PUP KillApp.B; Worm Bagle.HX.worm; Hacking tool KillProcWin.A; PUP Winfixer2005; Adware AntivirGear; and Adware VideoActiveXObject.
Of the malicious codes that appeared this week, PandaLabs’ weekly report looks at the AttachMsngr.G and MakeSnake.A Trojans and the Brocat.B worm.
AttachMsngr.G is a Trojan designed to steal Messenger passwords and communications. It does this by capturing keystrokes and mouse actions. It also creates a key in the Windows registry to ensure it is run every time the system is started up. When it is activated, it displays an error message with the MSN Messenger header.
The MakeSnake.A Trojan takes a series of annoying actions. It displays a screen with the text: “WE NEED A DRINK!! PLEASE, HELP US, UGLY FACE”. Then a new text (“Aza l vina io souris io e!”) follows the mouse pointer like a snake all over the screen.
This Trojan creates and modifies several Windows registry entries, allowing it, for example, to run every time the system is restarted and hide the search option in the Start menu.
Brocat.B is a worm that reaches computers with a heart-shaped icon called Love is Cinta, the title of an Indonesian movie. When run, it sporadically shows the dialog box that typically appears on closing a session.
To spread, this worm makes copies of itself in several places on the computer and in such a way that it can affect all system users. It also creates a file called autorun.inf on all the computer’s drives, so the worm runs whenever users access any drive.