subscribe: Daily Newsletter

 

Weekly report on viruses and intruders

0 comments

About 30% of computers with a security solution installed scanned last week at the Infected or Not website (www.infectedornot.com) with the NanoScan and TotalScan online scanners were infected with some kind of malware. In the case of computers without any kind of protection, the figure goes up to 44%.

“Malware creators are trying to put a large number of threats in circulation and install them silently to prevent security companies from detecting them and generating the necessary vaccines,” says Jeremy Matthews, who adds: “As a consequence, traditional security solutions must be complemented with other types of online solutions, like NanoScan or TotalScan, which have access to the vast knowledge-base hosted on the Panda Security servers and can detect much more malware."
As for the malicious code that has appeared this week, PandaLabs highlights the Bindo.A and Nuwar.HU worms.
Bindo.A is a worm designed to spread and infect as many computers as possible by copying itself under names like autoply.exe or MSshare.exe to the shared folders of any P2P programs that the targeted user might have installed.
It also creates a file called AUTORUN.INF in all drives it copies itself to, in order to be run every time that the drive is accessed
It is very easy to detect the presence of this worm on the system, as it increases the number of shared files in the P2P shared folders on the computer.
Finally, Bindo.A changes certain shortcuts in the desktop so that they have two execution paths; the original one and one that runs when the original program is launched.
Nuwar.HU is a new variant of the infamous “Storm Worm” which takes advantage of Halloween to spread. It ends processes of certain security tools that might be installed on the computer.
Nuwar.HU drops a rootkit called noskrnl.sys on the system and sets it as a service so that it is run automatically when the computer is started.
Nuwar.HU spreads in email messages with subjects like “Have a Happy Halloween everyone” or “Party on this Halloween” among many others. These messages include links to certain web pages that show a ‘dancing skeleton’ animation. If the user downloads and runs the animation offered on the website, the worms infects the computer and turns it into a zombie system at the service of a malicious user.