Weekly report on viruses and intruders

JPGTrojan.C is a program that allows JPG images to be created which exploits the Buffer Overrun in JPEG processing vulnerability (described in the Microsoft bulletin MS04-028).

The malicious JPG images generated JPGTrojan.C are distributed through different means. When one of these images is opened using a vulnerable application, the code it contains is run. The effects of opening an image created by JPGTrojan.C include the following:

- Add a new user and assign this user administrator rights.

- Specify that a port must be opened, allowing remote access to the affected computer.

- Specify a remote IP address and port and establish a connection.

- Download an executable file from the Internet and run it on the affected computer.

However, some of these actions can only be carried out if the English operating system is used or if a specific version of the Dynamic Link Library GDIPLUS.DLL is installed.

Keylogger-Pro is a hacking tool that allows keystrokes to be captured (allowing it to capture passwords, chat conversations, data entered in specific windows, etc.). It sends the information it obtains to an email address.

Keylogger-Pro can be installed on a computer without the user realizing. This program does not pose a danger in itself but can be used for malicious purposes.

For further information about these and other computer threats, visit Panda Software's Virus Encyclopedia.

Additional information
- Hacking tool: Program that can be used by a hacker to carry out actions that cause problems for the user of the affected computer (allowing the hacker to control the affected computer, steal confidential information, scan communication ports, etc.).

More definitions at Glossary.

About PandaLabs
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter