NEW VIRUS/SPYWARE !
Once the information is obtained, the malicious code connects to a server to send it to its creator. Autorun.ADF also copies itself to all the computer's drives.
The KeyLogger.E Trojan is designed to capture keystrokes and mouse movements when users access specific web pages, obtaining passwords and the confidential data entered on the pages. In addition, it creates a file on the system that stores the stolen information to send to its creator through a connection to an FTP server.
The aim of the Exchanger.AH Trojan however, is to download other malware samples to the system, e.g. the RogueAntimalware2008 adware.
This malicious code is distributed through spam mails with the subject: "Britney Spears and Lindsay Lohan comment on Paris Hilton's Childish Behavior". The message body contains a photo of Paris Hilton and what looks like a link to a video. If users click the link, they will actually be downloading a copy of the Exchanger.AH Trojan onto their computers.
YTFakeCreator is a program that allows cyber-crooks to create spoof YouTube videos aimed at infecting users with malware. Potential victims receive an email promoting a video supposedly containing sensational content (erotic images of celebrities, death of famous people, etc.) and invite users to click a link to the video. This technique is known as social engineering.
If they take the bait, users will be directed to a spoof YouTube page (image at: http://flickr.com/photos/panda_security/2840011688/), and will see an error message explaining that the video cannot be loaded until a certain component is downloaded (a codec, an Adobe Flash update, etc.). They will be prompted to download it. However if they do this, they will actually be downloading some type of malware onto their computers.
YTFakeCreator makes it easy to create these spoof YouTube pages; customizing the error message text and the time it takes to appear. It also allows cyber-crooks to insert the link to the malware to be downloaded onto users' computers, and even to create a false YouTube profile to enhance the realism of the page. And all of this can be done with just a single program (image: http://flickr.com/photos/panda_security/2839993538/).
The malicious code distributed through these spoof pages can be chosen by the person creating the page: Viruses, worms, adware, Trojans...
Trj/PHilto.A is an executable file that displays a video with adult content. It has an icon with an image of Paris Hilton, which when clicked displays a screen prompting users to download and view the video.
If users choose the option to view the video, two new windows appear on the screen and the system connects to a web page to download the components needed (codecs) to view the video.
A randomly-named, 303104-byte executable is downloaded, detected as Adware/NaviPromo.
The W32/MSNBot.D.worm is a Messenger bot designed to steal data (usernames, passwords, addresses...) which could then be used fraudulently.
The file has an MSN Messenger icon in order to confuse users. When the file is run the process goes resident on the system, and the MSN Messenger process is continually injected in the system's services, with the obvious intention of waiting to capture data from the computer and then distribute it.
The file makes a copy of itself in C:\Windows and adds a registry entry in order to run on every system startup and to continue stealing data from the computer.
This malware is normally distributed via email to contacts it captures in Messenger.
Finally, it creates a .txt in C:\Windows to compile and save the stolen data.
Stay safe!
Also consider the idea of owning your own Spam-Busting customer support helpdesk, read more... here.
Greg.
Check out my own HelpDesk
here.
Visit here for: Online Income, Advertising, Marketing and Traffic Generation Resources
Keywords: Virus+Alerts, Advertising+Marketing, Online+Income
Traffic+Generation, Free+Advertising,
0 comments:
Post a Comment