This week's PandaLabs report provides information about a rogue antivirus, a backdoor Trojan and a program for creating Trojans.
Personal Guard 2009 (see image in Flickr:
http://www.flickr.com/photos/panda_security/3929413970/) is a new sample of the infamous rogue antivirus programs. On reaching computers, it runs a spoof hard disk scan. These malicious codes typically display fake infections when running the scan, but Personal Guard 2009 does not show any infections during the first scan. Instead, the file goes hard disk resident and later on displays pop-ups in the toolbar warning about possible malicious items. During the second scan it shows fake viruses.
From then on it follows the standard procedure; tempting users into buying a fake security program in order to profit directly as well as stealing any data entered by the user.
WinVNC.A is a backdoor Trojan distributed via email. It uses the subject of swine flu as a lure, and talks about a potential conspiracy of pharmaceutical laboratories, tricking users into opening a PowerPoint presentation ("POS.exe") where "the big secret" is revealed. On running the attached file, the Trojan is downloaded to the computer without the user's knowledge, while the presentation is displayed (see video in
Flickr: http://www.flickr.com/photos/panda_security/3929394652/). This malicious code is especially designed to steal confidential information from the user and send it to its creator.
Finally, PassThief.A is a program designed to create password-stealing Trojans (see image in Flickr:
http://www.flickr.com/photos/panda_security/3929414056/). The information stolen by the Trojan is sent to an email account specified by the program user. The directory where the Trojan will be installed can be selected, and whether it should run during the first or fourth operating system restart. The Trojan will have the same icon as the task manager and will function on WIN9x/WINME, as it steals the passwords of the pwl files in the operating systems. These pwl files contain passwords for accessing protected resources, session start, phone access to networks, etc.
More information about these and other malicious codes is available in the Panda Security Encyclopedia http://www.pandasecurity.com/homeusers/security-info/about-malware/encyc
You can also follow Panda Security's online activity on its Twitter http://twitter.com/Panda_Security and PandaLabs blog (www.pandalabs.com)