subscribe: Daily Newsletter

 

Weekly report on viruses and intruders

0 comments

Almost 32% of users with a security solution installed who have scanned their PC on the Infected or Not website (www.infectedornot.com) this week, were infected by some kind of malicious code. In the case of unprotected users, 44.71% of computers were infected.

“This data proves that even though users feel they are secure, many computers are infected even if they have protection installed. Traditional security solutions are no longer enough to combat the increasing number of new samples, and must therefore be complemented with more powerful online solutions such as, NanoScan and TotalScan,” explains Jeremy Matthews, CE of Panda Security (South Africa).
From the new malware samples that appeared this week, PandaLabs has focused on the UzaScreener.A, Winko.G and Destructor.A worms.
UzaScreener.A reaches the computer as the My_Personal_Data Windows folder. If users try to open it, they will run the worm.
This malicious code is designed to restart the computer each time it runs. Once the computer has restarted ten times, it replaces the system screen background for a new one that says: “U.Z.A. Operating system”. It also modifies the image displayed when the computer is turned on and carries out other malicious actions to disable the task manager.
UzaScreener.A also displays the following message in the code: “U.Z.A O/S is a virus made by ANJ which is dedicated to his very sweet and lovely wife, AAZ…With lots of love”.
The Winko.G worm spreads by copying itself on as many system drives as possible, including removable devices. It also creates an AUTORUN.INF file, which is run every time these units are accessed.
This worm downloads malware of the Lineage and Gamania Trojan families which is designed to steal online game passwords, from various sites. It also creates several new entries on the Windows registry and deletes the entries of the error report which display the system error messages.
Destructor.A, on the other hand, copies itself on all the infected system drives, so the worm is run when accessed by users. This malicious code runs several processes simultaneously, slowing the system down. It also replaces the background screen for one that says: “Destructor”.
This worm creates several entries on the Windows registry, allowing it to run every time the system is restarted and change the start page of Internet Explorer.