In this weeks report on viruses and intruders we will be looking at three worms, Tobecho.A, Mytob.E; and Elitper.D.
Tobecho.A is a worm with some backdoor Trojan characteristics, as it listens for remote instructions through a TCP/IP port. These can be instructions to restart the system, download files, steal information from the compromised computer, etc. When it runs, it displays a false run-time error message.
Tobecho.A spreads via email, in a message that simulates a mail delivery error message and through the MSN Messenger program.
This worm also prevents users and the applications running on the computer from accessing the websites of certain antivirus and security companies. It also terminates certain processes including those belonging to variants of Netsky, Bagle and Blaster. Finally, Tobecho.A alters the settings of the affected computer and prevents users from accessing the Windows Registry Editor, as well as disabling remote administration of the computers passwords.
The second worm in this report is Mytob.E, which spreads via email. The message received by users try to trick them into thinking that they contain an interesting application (images, etc.). When users run the attachment, the computer will be infected.
To send itself to other users, Mytob.E looks for email addresses in files with extensions like HTM, HTML, TXT, etc.
The last interesting malicious code in this report is Elitper.D. It uses P2P file sharing programs, getting users to voluntarily download one of the files created by Elitper.D, thinking that it is some kind of interesting file, films , images, etc., when really they are downloading a copy of the worm onto their computer.
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users. For more information: http://www.pandasoftware.com/virus_info/