Twelve percent of computers with antivirus solutions have active malware and 35% have latent malware – that's malware that is inactive while the scan is carried out, but that could activate at any time and start taking malicious action.
This worldwide data has been obtained from computers scanned with NanoScan and TotalScan at http://www.infectedornot.com <http://www.infectedornot.com/> . This website also informs about infections per country.
The most important malware samples analyzed by PandaLabs this week are the MSNHorn.A and Nugache.M worms, and the Legmir.ASG Trojan.
MSNHorn.A spreads through MSN Messenger by sending a message with an attached file to the infected user’s contacts. When the file is opened, the recipient is infected and the process begins again.
The messages are sent in different languages (English, French, German, Spanish and others). Some examples include: “hihi look at my horny pictures :$” or ”oh my god look at this picture 😮 wowwww“. Cyber-crooks use these messages to tempt users into opening the attached files and infecting their systems. ‘Photo’ and ‘secretimages’ are just a couple of the names of the files.
MSNHorn.A’s downloader functions allow it to download numerous malware samples on to computers, including the Inject.K and Torpig.DX Trojans, designed to steal confidential information.
“The use of instant messaging as a means of spreading worms has significantly increased over recent months. Cyber-crooks have taken advantage of this method to distribute other malicious code: Trojans and spyware,” explains Luis Corrons, Technical Director at PandaLabs.
Nugache.M is a worm that spreads in email messages with variable subjects such as; ‘hey!’, ‘OK’ and ‘here’. With names including, ‘self nude.scr’ and ‘my pic.sc’, the attached file contains a copy of the worm, which when opened, infects users.
This malicious code can also spread by instant messaging and IRC.
The Nugache.M worm starts carrying out malicious actions when it infects computers. It can capture keystrokes and store user credentials. It also connects to an IRC server and awaits its creator’s instructions which include; denial of service attacks, using the infected computer as a Web server or connecting to an FTP server.
Legmir.ASG is a Trojan that can reach computers in emails or in files downloaded from the Internet. This malicious code is designed to disable certain antiviruses, allowing it to carry out malicious actions more efficiently. Actions include, creating new entries for the Windows registry and creating a file that allows it to delete itself.