Weekly report on viruses and intruders

Send to friend

This week, Panda Softwares report will focus on three worms; W32.Semapi.A, W32.Codbot.AL, and W32.Mytob.GV.

W32.Codbot.AL is a worm that has been detected a significant number of times since it appeared. According to the online anti-malware solution, Panda ActiveScan, it is one of the top five most active threats this week. This malware spreads using known vulnerabilities in the SQL Server LSASS and RPC-DCOM processes. In order to install itself on the computer, it registers itself as a system process, which is run whenever the computer is started up. When it is running, it connects to various IRC servers and waits for commands. It can receive all types of commands such as commands to obtain information from the computer, enable keylogging or FTP services or even download and run other types of malware. This worm was blocked by TruPreventTM Technologies, even before the signature file was made available.

The second worm, W32.Semapi.A, spreads via email in a message with a variable subject, sender and other characteristics, included in an attachment with a variable name and extension. When it is installed on the computer, it copies several files to the hard disk and creates a series of entries in the Registry in order to ensure that it is run whenever the computer is started up. Then it looks for addresses in files with certain extensions on the affected computer and sends itself out to the addresses it finds. This worm is easy to recognize, as when it is run, it displays a dialog box informing the user that the file semapi.dll cannot be found.

The final worm in todays report is a member of the Mytob family, or to be more precise the GV variant. This worm opens a backdoor and spreads via email (sending itself to all the addresses it finds on the affected computer with a spoofed senders address) and through shared resources protected with weak passwords. Whats more, it ends certain processes on the affected computer, the majority of which belong to antivirus applications, and blocks access to the websites of IT security companies. As a result, it leaves computers vulnerable to infection from other types of malware.

To prevent these malware or any other malicious code from affecting your computer, Panda Software recommends keeping antivirus software up-to-date. Panda Software clients can already access the updates to detect and disinfect these malicious code.

About PandaLabs

On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/

Comments (0)

Add a Comment

This thread has been closed from taking new comments.