New Virus's, etc... Sept 23 2007| The LunchLoad.A and FakeGoogleBar.M Trojans are the two new strains of malware.
LunchLoad.A reaches systems under the name backup2_36. When run, it drops several files onto computers which contain the information needed
by the creator to identify the malware on connecting to the computer. To make the connection, the Trojan connects to a server from which it receives the orders about the malware to download, when to run it, etc.
It also records the MAC address of each of the computers infected.
FakeGoogleBar.M is designed to alter the Google toolbar.
When this toolbar is not installed on a PC, the file creates several other files
that allow it to operate all the same. Malicious action
begins with the editing of several Windows Registry entries to allow a DLL library to be injected in the browser, so that whenever it is used, the Trojan is run.
The Trojan also opens a port on the computer and establishes an HTTP
connection through which to send confidential information
to the creator. To obtain this data, FakeGoogleBar.M logs words entered by the
user in several search engines including Google or Yahoo.
It also copies all URLs containing key words like bank or .gov. This stolen information is then sent to the creator of the malware through a purpose-built
website.
Finally this week, Microsoft has published four security patches to fix several vulnerabilities in its products. One of these affects Microsoft Agent and has been classed as critical. This problem could allow a
remote attacker to run arbitrary code on affected systems.
The remaining vulnerabilities have been classified as
important. One of these affects Visual Studio, another Windows Services for
UNIX and the last one MSN Messenger and Windows Live Messenger.
For more information and access to the security patches go to:
http://www.microsoft.com/spain/athome/security/update/bulletins/200709.m
spx
If you think your computer might have been infected by
other malicious codes, you can scan it free at www.infectedornot.com |
Return to F.A.Q. Page
|
