This week's report will focus on Cabir, the first worm capable of spreading through mobile phones, two Trojans -StartPage.FH and Downloader.HC- and a joke called Argen.
Cabir starts a new era in IT security, as it is the first worm capable of spreading through mobile phones. It affects devices running under the Symbian operating system used in many phones manufactured by companies like Nokia, Siemens and Sony Ericsson.
Cabir spreads in a file called Caribe.sis, which is automatically installed on the system when the user accepts the transfer. When it is launched, it displays the following message on screen: Caribe. Then it starts a constant search for other phones that are also connected using Bluetooth technology. This process significantly reduces the phone's battery operating time.
The two Trojans in today's report are StartPage.FH and Downloader.HC. In order to reach the affected computer, they need the attacker's intervention. They can spread through many different means of transmission (floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.).
StartPage.FH changes the home page of Internet Explorer. It also shows false messages on screen warning the user that the computer is infected by different spyware and adware programs. It does this to trick the user into accessing certain web pages. When these pages are accessed, messages are displayed on screen asking for permission to install other malware or programs like eAcceleration and eAnthology. As long as the computer is affected by StartPage.FH, the original home page cannot be restored.
Downloader.HC downloads the adware detected by Panda Software as Lop on the affected computer, which adds a tool bar to Internet Explorer. Downloader.HC also modifies the home page and several search options of Internet Explorer and adds several links to the Favorites folder. Occasionally, when the user closes the browser window, it displays advertisements.
We are going to finish this week's report with Argen, a joke that displays several windows on screen as it opens the CD-ROM drive. When the user clicks on the 'OK' button, the CD-ROM drive closes. Once Argen is run, the user will not be able to use the computer until its actions have finished.
For further information about these and other computer threats, visitPanda Software's Virus Encyclopedia.
- Joke: a program that displays false messages on screen warning the user that destructive actions will be carried out on the computer, pretend to carry out these actions or modify the settings of the screen, mouse, etc.
- Spyware: program that is automatically installed with another, (usually without the user's permission and even without the user realizing), which collects personal data (data on Internet access, action carried out while browsing, pages visited, programs installed on the computer, etc.).
More definitions clickhere.
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.