Panda Security's weekly report on viruses and intruders
 

Panda Security's weekly report on viruses and intruders

[Sinowal.WRN is a Trojan that collects all possible information from
computers. By making a series of registry entries it goes resident on
the system, gathering and sending all the data it finds.

It reaches users in an email claiming that there is an H1N1 virus
vaccination program and that everyone should register their personal
details for monitoring purposes.

The email includes a link to download the electronic document needed to
create the personal vaccine profile. You can see an example of the
message at: http://www.flickr.com/photos/panda_s...y/4154977193/]

[Banbra.GLS is a banker Trojan designed to steal bank details of users
that access certain Brazilian bank websites. It arrives in a file which,
when run, displays a browser window with a spoof image of a PayPal
invoice. This image is available at:
http://www.flickr.com/photos/panda_s...y/4155738210/]

[TDSS.CZ is a Trojan which can reach users as an attachment to an email.
This file is called flashupdate, and it has a typical installer icon.
This is designed to trick users into installing the supposed update.

When the file is run, the only thing that users will notice is that the
file disappears. Yet it hasn't really disappeared, it has just been
hidden (as it has rootkit characteristics). The process is still running
however, transparently to users and to the system.
The file then takes a series of actions to modify the system. Whenever
the user opens a Web page, before it loads, the following page appears:
http://www.flickr.com/photos/panda_s...y/4155776202/]

Virus Alerts, by Panda Security (http://www.pandasecurity.com)