New Virus's, etc... Sept 10 2007VIRUS ALERTS!
Compliments of my friends at Traffic Hereos
http://trafficheroes.com/splash5.php?referer=leroya2424a
Of the thousands of new malicious code that appeared this week,
this report looks at the Lina.D Trojan, the Kimo.A worm and the Gnome.D virus.
Lina.D reaches computers with the icon of a Word document.
However, when the document is opened, the Trojan is
executed,
displaying a document with HTML text.
This Trojan creates copies of itself in several directories.
It also releases a series of files on the system.
One of these is detected by PandaLabs as the Leword.A Trojan,
while the other runs a copy of the Trojan every day at a specific time.
Lina.D creates a key in the Windows registry to ensure it
is run
every time the system is started up.
The Kimo.A worm is highly annoying to users,
as it causes computers to shut down every so often,
closing sessions a few seconds after restarts and causing the system to slow down.
The worm creates an Autorun.inf file in each mapped drives of the computer.
This allows it to run every time a user
double clicks on the drive.
In addition, if the user clicks on
any of the right-click menu options, the worm will run.
Kimo.A makes several modifications to the Windows registry,
restricting access to Internet Explorer options,
preventing use of the “Folder options” and allowing the worm to run
on every system restart.
Gnome.D is a virus with worm characteristics. The file is
distributed
with the Windows default icon for executable files, with the name:
“cool_screen_saver”.
If users run this
file, they will really be executing the virus.
This malicious code copies itself to the system with names like Winexegn.exe
and Winscrgn.exe. It also drops several files on the infected computer.
if mIRC is installed on the
computer, the virus will make a copy of itself
and create two new files in the directory containing this program.
All files created and dropped on the computer are aimed at
helping Gnome.D to spread.
Those created in the mIRC
directory aim to spread the worm through this channel.
Every time the user connects to a IRC server,
the virus sends a
message with the user’s nick and a random text.
Examples
include: “see this screen saver so i send you” or “ i just get new
$chan screen saver“. The message includes the infected
file.
Gnome.D also spreads via email.
It sends a message with the infected file attached and the following text:
“Hi dear
friend, I want to show you what I has found in the Internet!
L check the att ached file for more info. V I have incluyed a program
which illustrates hm y opinion a bout things you wrot e me a few days ago.
check this nice. bye. ; - )”
Also, when an application is opened,
the virus injects
itself into the code and modifies the entry point
so that when
it is run, the virus will be activated as well.
If you think your computer might have been infected by
other malicious codes,
you can scan it free at
www.infectedornot.com
|
Return to F.A.Q. Page
|
